I have about 30 IPS/IDS/IPSM/IDSM's that have been stable for a long time but for some reason the last few months I've seen a lot of analysys engines stopping. This sometimes happens around the time I am updating signature pushes, but it also appears to be random. Is anyone else seeing a rash of analysys engine's going down, sometimes to the point that the device needs a reboot?
I believe this may be a known bug (or couple of bugs), I have a customer who have suffered the same issue. See: CSCsv66660 and CSCsw14574. I am informed a fix is due very soon in a new image.
Thanks paul. We had already found that bug and thought it may be the culprit. It's a shame there is no workaround in place for this. Daily I have to go around checking engines and restarting at least 2 of them.
I am informed by TAC that an image should be available this week. You can restart the analysis engine via the service account by stopping and then starting the cids app, this avoids having to reboot the sensors.
I'm having similar problems, especially when I do auto update of sigs, I faced the problem 4 times and solved it by restarting the sensor.
If we restart the main app, does the traffic go unaffected, do u have a tentative date for the new image?
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
