There is no single IME which is giving issue , it is happening with our 2 /3 customers having IPS . Some of them are having

1) IPS - 4240 , Version 5.1(5)E1

2) ASA IPS 6.0(2)E1 ASA-SSM-10

Please help me in this regard

In the Devices >> Device List >> Sensor Name

Under "Event Status", do you see "Connected" or "Not Connected"?

Did you try to right click on the Sensor(s) and do:

Starts >> Events Connection

Please note health monitoring and most other features are only supported for Version 6.1.x and not the versions you mentioned.

Hi

I have verified and the status for all the IME is connected . The Start -> Event conenction is not highlighted and is blurred . Please tell me how to proceed

Ankur

Btw, I faced a similar issue with Four IDSM-2 of one of our customers, they were not showing any events yesterday. Today I came and opened IME and the events started coming. I changed nothing for sure.

You may have a look at Tools >> IME Console Window and see if you are getting any specific errors

hi happs

i have seen and observed that events come on the IME and suddenly one day it will stop coming and are stopped till next few days , and again it starts coming .When the events donto come those days i have observed that the events do come on the sensor itself

This kind of trend clearly says that it may happen due to database issue .Please let me know till what time the database will store events .Is there any probability that the events coming on the sensor do not reach the IME Machine (conside 443 port is opened and the sensor is showing as connected)

Ankur

Had a similar issue. Took a look at the client-log file in the Program Files\Cisco Systems\Cisco IPS Manager Express\log folder. The last entries had an error about a crashed table. Repaired the mysql table from the command line amd restarted IME. I can now see events in IME.

What is the command to do this, for future refence(sorry I am not a DB guy)

Regards

Farrukh

Quick way to do this.

Open up a command prompt on Windows

Change directory to the Cisco IME folder. (in my case, this was C:\Program Files\Cisco Systems\Cisco IPS Manager Express>)

Type the following commands:

more my.ini (look for the port value, in my case it was 47007)

cd MYSQL\bin (takes you to the directory containing the mysql executable)

mysqlcheck.exe -P 47007 --auto-repair alarmDB

You can change 47007 to whatever value you came up with in the my.ini file. The alarmDB dtabase is where Cisco IME stores it's data. The last command will run a check on all the tables in the database. If you know the particular table that's having issues, you can use :

mysqlcheck.exe -P 47007 --auto-repair alarmDB tablename

eg

mysqlcheck.exe -P 47007 --auto-repair alarmDB event_table_1

HTH

Hi Adeleke,

Thanks for posting a great response. I rate it a "5" for all of us who might have to troubleshoot this in the future. It's always nice to know what to look for instead of simply making an educated guess.

Best,

Paul

I am also getting the same error while troubleshooting the events issue.

Is this an error related to SQL?