Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
752
Views
0
Helpful
6
Replies

IDS not generating events

vagarwal81
Level 1
Level 1

‎02-10-2009 06:30 AM - edited ‎03-10-2019 04:29 AM

IDS is not generating events.

Following message shows up in the event log.

evError: eventId=1230128220192233058 vendor=Cisco severity=error

originator:

hostId: SI-IDS01

appName: mainApp

appInstanceId: 397

time: Feb 10, 2009 04:51:02 UTC offset=-300 timeZone=GMT-05:00

errorMessage: sentinel getLicenseInfo not successful: 0X12 name=errUnclassified

Labels:
0 Helpful
6 Replies 6

rhermes
Level 7
Level 7

‎02-11-2009 10:44 AM

I'm not familiar with that error message, but a licensing error should not prevent the sensor from processing events, only signature updates.

Was this sensor working correctly and then stopped? Is this a new sensor?

I usualy forget to assign an interface to virtualsensor0 (vs0) that can cause this problem.

0 Helpful

vagarwal81
Level 1
Level 1
In response to rhermes

‎02-11-2009 10:51 AM

Sensor was working correctly till last week.

all interfaces have assigned virtual sensor.

0 Helpful

rhermes
Level 7
Level 7
In response to vagarwal81

‎02-11-2009 11:46 AM

Is your sensor in promiscious or in line mode? If it's promiscious, are you getting traffic? (show interface) and is the virtual sensor getting traffic? (show stat analysis)

Have you installed any upgrades or new sig packs around the time this problem started?

I hope you've tried rebooting the sensor.

0 Helpful

vagarwal81
Level 1
Level 1
In response to rhermes

‎02-11-2009 12:08 PM

it is in promiscious mode.

IDS is seeing traffic, have tried rebooting no effect.

I did install new sig updates, but that shouldn't cause any issues.

0 Helpful

vagarwal81
Level 1
Level 1
In response to vagarwal81

‎02-12-2009 07:24 AM

another error message that IDS is now reporting

evError: eventId=1230128220192228569 vendor=Cisco severity=error

originator:

hostId: SI-IDS01

appName: mainApp

appInstanceId: 397

time: Feb 07, 2009 13:35:04 UTC offset=-300 timeZone=GMT-05:00

errorMessage: IPS software attempted to write invalid XML data for (token). Invalid XML character(s) were replaced with '*' name=errWarning

0 Helpful

rhermes
Level 7
Level 7
In response to vagarwal81

‎02-12-2009 09:11 AM

Signature updates sometime hide engine updates and certainly have taken out our sensors in the past. Assuming that isn't the case here (I think the 4240's have been more stable than most models), you can try to reimage your sensor software from the restore partition.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card