IDSM-2 & V6.1

jphilope · ‎05-19-2008

I recently upgraded my IDSM-2 to 6.1. It resides in a 7609 running 12.2(18)SXF8. Mode is just as a sensor (promiscous) and does not block. All the VLANs in the 7609 are spanned to the sensor port.

Since upgrading to 6.1 and monitoring with the IME it has been hanging on a daily basis. Even while trying to access it via CLI, it's hung. Only way to restore communications is to reboot the IDSM (HW Command in the 7609).

Before I open a TAC case on it, has anyone else out there had similar experiences?

Thanks

owillins · ‎05-23-2008

Traffic is captured for promiscuous analysis on IDSM-2 through SPAN or VACL capture.You can configure both monitoring ports to be either SPAN destination ports or VACL capture ports. If you configure both ports as monitoring ports, make sure that they are configured to monitor different traffic.

jphilope · ‎05-23-2008

I ended up opening a TAC case. I has logging enabled on Risk Rating 45 - 100 and was running out of file descriptors. I changed the risk rating and the problem has subsided.

rhermes · ‎05-23-2008

Is there a way of showing the level of utilization of file descriptors?

I would be intrested in hearing the troubleshooting setps used to discover excessive signature logging was your problem.

jphilope · ‎05-23-2008

The only way I was able to see it is in a Sho Tech. There does not appear to be an actual command that gives you the error log. It appears the log is part of the LINUX Kernel running as the blade OS. This is what the error output looks like:

20May2008 10:48:51.900 0.024 sensorApp[812] sensorApp/W errWarn IpLogProcessor::addIpLog: Ran out of file descriptors

There were literally hundreds of these errors. TAC was the one making the decision this was the issue. They only appeared after the 6.0 to 6.1 upgrade.

HTH

Jim