08-30-2010 01:45 PM - edited 03-10-2019 05:06 AM
Hello experts,
Im actually facing some issues with a 4260.
Health Status for Failed Applications Red
Health Status for Signature Updates Green
Health Status for License Key Expiration Green
Health Status for Running in Bypass Mode Red
Health Status for Interfaces Being Down Green
Health Status for the Inspection Load Green
Health Status for the Time Since Last Event Retrieval Green
Health Status for the Number of Missed Packets Green
Health Status for the Memory Usage Green
Health Status for Global Correlation Green
Health Status for Network Participation Not Enabled
It is in bypass mode as you can see.
I cannot get statistics neither.
IPS1# sh statistics virtual-sensor
Error: getVirtualSensorStatistics : Control transaction cannot be completed at this time
08-30-2010 02:14 PM
It looks like the IPS may have crashed. Can you try rebooting the sensor?
08-30-2010 02:16 PM
I'm going to try to reboot the sensor tomorrow. I will let you know if it worked.
08-30-2010 02:37 PM
Hello,
Can you please attempt to gather a "show tech" from the device? If you have already rebooted the device, the output of a "show tech" will still be useful. You are welcome to email it directly to me.
Thank you,
Blayne Dreier
blayne@cisco.com
Cisco TAC IDS Team
**Please check out our Podcast**
TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast
08-31-2010 09:35 AM
Hello,
Blayne I always follow the podcast with White and Magnus.
Thank you for all the information and help.
08-31-2010 12:19 PM
Awesome! Thanks for following us. We have also begun work on an IPS specific podcast, the "TAC IPS Media Series."
https://supportforums.cisco.com/docs/DOC-12759
Your 4260 has an incredibly high number of Tuned/Enabled signatures, which is causing sensorApp to run at 99% CPU. Many sequentially numbered signatures are tuned. Did this issue correlate to the enabling of a large amount of signatures?
I suggest reviewing your current configuration and noting those signature tunings that you truly require. Then default your signature configuration and only apply those signature tunings that are needed.
Your sensor also encountered CSCta96144, which is fixed in IPS 7.0(4). You can review the bug w/ the
Thank you,
Blayne Dreier
Cisco TAC IDS Team
**Please check out our Podcast**
TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast
08-31-2010 12:35 PM
Hello,
Thank you very much for the help. Im actually working with a company that bought 2 4260 and a 4270 They need to tunned the signatures based on their needs that's why there are so many tunned signatures.. In many signatures I only modified the action which change the sig to a tunned signature. I will try to do the upgrade next week to avoid hitting the bug.
Thank you again for the help Blayne.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide