Need help identifying the cause for this Cisco IPS 4542 Pls.

Unanswered Question
May 6th, 2008

Hi,

Our IPS has started to actup all the sudden with the error that is listed below. it says its about not having a valid license but they tell me here that they have a valid license!

I am very new here! i ithink its licensing issue too but they keep telling me that they have the correct valid license.!!!

when we try to load the IDM we get this error message and when we login to the sensor using Putty and type:

show statisctics virtual-sensor, we also get the sam eerror:

^

% Invalid input detected at '^' marker

sensor2#

sensor2# ***LICENSE NOTICE***

sensor2# The license key on the IPS-4240 has expired.

sensor2# The system will continue to operate with the currently installed

sensor2# signature set. A valid license must be obtained in order to apply

sensor2# signature updates. Please go to http://www.cisco.com/go/license

sensor2# to obtain a new license or install a license.

sensor2# interfaces Display statistics and information about system

sensor2# interfaces

sensor2# inventory Display PEP information.

sensor2# os-identification Display Passive OS Fingerprinting OS Identification.

sensor2# privilege Display current user access role.

sensor2# ssh Display Secure Shell information.

sensor2# statistics Display application statistics.

sensor2# tech-support Generate report of current system status.

sensor2# users Show all users currently logged into the system.

^

% Invalid input detected at '^' marker

sensor2# version Display product version information.

^

% Invalid input detected at '^' marker

sensor2# sensor2# sh users

^

% Invalid input detected at '^' marker

sensor2# CLI ID User Privilege

sensor2# 20049 admin administrator

sensor2# * 20185 admin administrator

sensor2# sensor2# show statistics

sensor2# % Incomplete command

sensor2# sensor2# show statistics ?

sensor2# sensor2# show statistics

sensor2# analysis-engine Display analysis engine statistics.

sensor2# anomaly-detection Display anomaly detection statistics.

sensor2# authentication Display authentication statistics

sensor2# denied-attackers Display denied attacker statistics.

sensor2# event-server Display event server statistics.

sensor2# event-store Display event store statistics

sensor2# external-product-interface Display statistics for the interfaces to external

sensor2# products

sensor2# host Display host statistics.

sensor2# logger Display logger statistics

sensor2# network-access Display network access controller statistics.

sensor2# notification Display notification statistics.

sensor2# os-identification Display OS identification statistics.

sensor2# sdee-server Display SDEE server statistics.

sensor2# transaction-server Display transaction server statistics.

sensor2# virtual-sensor Display virtual sensor statistics.

sensor2# web-server Display web werver statistics.

sensor2# sensor2# show statistics virtua-

sensor2#

sensor2# sensor2# show statistics virtual-sensor

sensor2# Error: getVirtualSensorStatistics : ct-sensorApp.371 not responding, please check system processes - The connect to the specified Io::ClientPipe failed.

sensor2# sensor2# Error: getVirtualSensorStatistics : ct-sensorApp.371 not responding, please check system processes - The connect to the specified Io::ClientPipe failed.

Please advise if you have seen error or if you can help us fix this.

Regards,

Masood

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
marcabal Tue, 05/06/2008 - 08:44

You have 2 different issues.

1) It looks like you do have an expired license. Execute "show version" and see what date your license expired. You might try pulling a new license from cisco.com. If your contract has been renewed, you might just need to pull a new license for your renewed contract.

If yout contract has expired, then the contract will need to be renewed before you are able to get a new license.

2) A completely separate issue is that the sensorApp process has terminated. When sensorApp is not running you will get the error message "ct-sensorApp.371 not responding, please check system processes - The connect to the specified Io::ClientPipe failed".

You can again run "show version" and look for the status for Analysis Engine. If the status says Not Running, then sensorApp has terminated.

(NOTE Analysis Engine is the service name that is within the SensorApp process)

You will need to reboot the sensor to get sensorApp restarted.

If this continues to happen ensure that you are running the latest IPS version (to ensure you have the latest code fixes), and if you are on the latest IPS version already then contact the TAC for assistance in determining what sensorApp bug you may be hitting (either known with hopefully a fix being developed, or a new issue which development may need to analyze).

mabooali Tue, 05/06/2008 - 09:46

Hi and thanks much for getting back to us.

I beleive we have purchased new license from CDW for this IPs but I need help on how to apply the license from the CLI given that the IDM doesn't load due to the error message.

can you please help me on how to apply the license through sensores CLI?

Regards,

Masood

marcabal Tue, 05/06/2008 - 09:53

Place your license file on an ftp server.

Then use the copy command in the CLI:

copy ftp://@// license-key

Example:

copy ftp://john@10.1.1.1/downloads/sensorlicense license-key

Keep in mind though that your sensorApp issue is independant of your expired license.

The sensorApp termination likely happened because of some specific traffic being monitored rather than the state of your license.

So I would suggest rebooting the sensor.

Wait a few minutes to let everything initialize on the sensor.

Then login and run "show version" to see if Analysis Engine is "Running".

If it is then IDM should now be able to connect and you can just push the new license through IDM.

m-abooali Tue, 05/06/2008 - 11:48

Thanks very much. very useful information. the last time i worked extensively with IPS was 4 years ago and now i have forgotten a lot about it.

currently, it write dynamic ACLS into two routers using username and telnet. I need to add two more routers to this so it start writting the dynaic ACLs into the new router's WAN interfaces as well.

can you please help me with this? how can i do that usig the CLI in case I couldn't get the PDM working?

in the routers, there are only one username defined for the IPS to login to and the rest of the configuration must be on the IPS itself.

we have purchased smartnet for these equipment but only yesterday and it will not kick in until the next few days so I can't call the TAC fo rhelp.

Please advise,

Regards,

Masood

Actions

This Discussion