CSA registeration with CSA MC help

Unanswered Question
May 30th, 2007
User Badges:

Hi,

Actually , i installed CSA MC on a server (its name CSAMC.NMEG.Loacl), and i tried to install the CSA on a group of servers .

The CSA MC and these servers are in the same domain. One of these servers (its name EG-NMEG-BACKUP.NMEG.LOCAL)

is registered with the CSA MC but there is an event regarding to this server in the event log.

Also there are some events regarding to DNS server (10.192.64.2) and DHCP server(10.192.64.3)


what does these events mean????


Please find the attached file for the event log.


best regards

Mohamed



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
pmccubbin Wed, 05/30/2007 - 14:41
User Badges:
  • Silver, 250 points or more

You might want to begin by putting your servers with the CSA agent in Test Mode. It's easier to test and tune the CSA Rules this way and it won't interfere with your normal business functions.


You might also try reading a couple of books by Chad Sullivan regarding CSA that are available from the Cisco Press.


If the Events you uploaded to CCO are ones that you want to allow then you can simply run the wizard and follow the defaults to allow them. When you become more proficient with tuning CSA there are more precise methods for configuring rules.


Hope this helps.

mohamed_makled Wed, 05/30/2007 - 21:44
User Badges:

Thank you for your reply.

Actually , i want to know what does the events in the event log mean???

you can see them in the attached file.


regards

tsteger1 Thu, 05/31/2007 - 08:32
User Badges:
  • Red, 2250 points or more

The CSAMC is subject to very restrictive rules. To see what the events mean, look at the rules that trigger them.


A good way to do this is look at the event, hover the mouse over the rule and click on "Explain Rules".


The events also explain what happened to a degree.


The HP System management home page service wasn't allowed to access a Cisco resource


You host was not able to connect to a time server (UDP 123).


It was not able to connect as a client to your DNS server on NetBIOS port 139 (not sure why it would want to).


Tom

Actions

This Discussion