Health Status for Failed Applications ---> Red

Unanswered Question
Aug 30th, 2010

Hello experts,

Im actually facing some issues with a 4260.

Health Status for Failed Applications                   Red

Health Status for Signature Updates                     Green

Health Status for License Key Expiration                Green

Health Status for Running in Bypass Mode                Red

Health Status for Interfaces Being Down                 Green

Health Status for the Inspection Load                   Green

Health Status for the Time Since Last Event Retrieval   Green

Health Status for the Number of Missed Packets          Green

Health Status for the Memory Usage                      Green

Health Status for Global Correlation                    Green

Health Status for Network Participation                 Not Enabled

It is in bypass mode as you can see.

I cannot get statistics neither.

IPS1# sh statistics virtual-sensor

Error: getVirtualSensorStatistics : Control transaction cannot be completed at this time

IPS# sh statistics analysis-engine
Error: getAnalysisEngineStatistics : Control transaction cannot be completed at this time
I have beeing  looking in the internet for a solution or a reason why this is happening. It seems that this is something not documented.
Can someone please help me. I can restart the IPS right now. Would it be helpful if I restart the MainApp with a service account?
Thanks
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jia Liu Mon, 08/30/2010 - 14:14

It looks like the IPS may have crashed.  Can you try rebooting the sensor?

Diego Armando C... Tue, 08/31/2010 - 09:35

Hello,

Blayne I always follow the podcast with White and Magnus.

Thank you for all the information and help.

Christopher Dreier Tue, 08/31/2010 - 12:19

Awesome! Thanks for following us. We have also begun work on an IPS specific podcast, the "TAC IPS Media Series."

https://supportforums.cisco.com/docs/DOC-12759

Your 4260 has an incredibly high number of Tuned/Enabled signatures, which is causing sensorApp to run at 99% CPU. Many sequentially numbered signatures are tuned. Did this issue correlate to the enabling of a large amount of signatures?

I suggest reviewing your current configuration and noting those signature tunings that you truly require. Then default your signature configuration and only apply those signature tunings that are needed.

Your sensor also encountered CSCta96144, which is fixed in IPS 7.0(4). You can review the bug w/ the CCO Bug Toolkit: http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs

Thank you,
Blayne Dreier
Cisco TAC IDS Team

**Please check out our Podcast**
TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast

Diego Armando C... Tue, 08/31/2010 - 12:35

Hello,

Thank you very much for the help. Im actually working with a company that bought 2 4260 and a 4270 They need to tunned the signatures based on their needs that's why there are so many tunned signatures.. In many signatures I only modified the action which change the sig to a tunned signature. I will try to do the upgrade next week to avoid hitting the bug.

Thank you again for the help Blayne.

Actions

This Discussion