×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

IPS signature update

Answered Question
Nov 17th, 2010
User Badges:

Hello,


auto update problem with IPS..


I noticed that the IPS isnt updating anymore and I found this :


Auto Update Statistics
   lastDirectoryReadAttempt = 13:20:35 UTC Wed Nov 17 2010
    =   Read directory: https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl
    =   Error: AutoUpdate exception: Receive HTTP response failed [3,212]
   lastDownloadAttempt = 00:01:37 UTC Thu Oct 28 2010
   lastInstallAttempt = 00:02:32 UTC Thu Oct 28 2010
   nextAttempt = 00:00:00 UTC Thu Nov 18 2010



What does that error means ? It was working before.


Thank you

Correct Answer by praprama about 6 years 9 months ago

Hi,


Please refer this discussion.


https://supportforums.cisco.com/message/3227833#3227833


Could be related to this. What does "show statistics host" output look like from the IPS? Could you also post the output of "show version"?


Cheers,

Prapanch

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Rodrigo Gurriti Wed, 11/17/2010 - 08:07
User Badges:

I'd love to know what this erro mean Receive HTTP response failed [3,212]


Here it is:


sh statistics host


General Statistics
   Last Change To Host Config (UTC) = 17-Nov-2010 15:32:17
   Command Control Port Device = Management0/0
Network Statistics
    = ma0_0     Link encap:Ethernet  HWaddr 00:04:23:E3:1A:C1
    =           inet addr:10.161.0.79  Bcast:10.161.0.255  Mask:255.255.255.0
    =           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
    =           RX packets:21763193 errors:0 dropped:0 overruns:0 frame:0
    =           TX packets:13870087 errors:0 dropped:0 overruns:0 carrier:0
    =           collisions:0 txqueuelen:1000
    =           RX bytes:2406636591 (2.2 GiB)  TX bytes:3012815414 (2.8 GiB)
    =           Base address:0xbc80 Memory:fcce0000-fcd00000
NTP Statistics
    =      remote           refid      st t when poll reach   delay   offset  jitter
    = *roma.coe.ufrj.b 200.132.0.132    2 u  102 1024  377   31.960   -1.809   0.287
    =  LOCAL(0)        73.78.73.84      5 l   22   64  377    0.000    0.000   0.001
    = ind assID status  conf reach auth condition  last_event cnt
    =   1 17764  b674   yes   yes  none  sys.peer   reachable  7
    =   2 17765  9034   yes   yes  none    reject   reachable  3
   status = Synchronized
Memory Usage
   usedBytes = 1906143232
   freeBytes = 2194202624
   totalBytes = 4100345856
Summertime Statistics
   start = 02:00:00 UTC Sun Oct 17 2010
   end = 02:00:00 UTC Sun Feb 20 2011
CPU Statistics
   Usage over last 5 seconds = 88
   Usage over last minute = 88
   Usage over last 5 minutes = 88
   Usage over last 5 seconds = 48
   Usage over last minute = 46
   Usage over last 5 minutes = 46
Memory Statistics
   Memory usage (bytes) = 1906143232
   Memory free (bytes) = 2194202624
Auto Update Statistics
   lastDirectoryReadAttempt = 15:33:35 UTC Wed Nov 17 2010
    =   Read directory: http://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl
    =   Error: AutoUpdate exception: Receive HTTP response failed [3,212]

   lastDownloadAttempt = 00:01:37 UTC Thu Oct 28 2010
   lastInstallAttempt = 00:02:32 UTC Thu Oct 28 2010
   nextAttempt = 16:33:00 UTC Wed Nov 17 2010
Auxilliary Processors Installed





sh version 
Application Partition:


Cisco Intrusion Prevention System, Version 7.0(4)E4


Host:                                                        
    Realm Keys          key1.0                               
Signature Definition:                                        
    Signature Update    S524.0                   2010-10-26  
OS Version:             2.4.30-IDS-smp-bigphys               
Platform:               IPS-4260-K9                          
Serial Number:          XXXXXXXX                        
Licensed, expires:      16-Nov-2011 UTC                      
Sensor up-time is 22 days.
Using 1906151424 out of 4100345856 bytes of available memory (46% usage)
system is using 17.4M out of 38.5M bytes of available disk space (45% usage)
application-data is using 46.9M out of 166.8M bytes of available disk space (30% usage)
boot is using 41.6M out of 69.5M bytes of available disk space (63% usage)
application-log is using 494.0M out of 513.0M bytes of available disk space (96% usage)



MainApp            B-BEAU_704_2010_JUL_21_15_57_7_0_3_29   (Ipsbuild)   2010-07-21T15:59:36-0500   Running  
AnalysisEngine     B-BEAU_704_2010_JUL_21_15_57_7_0_3_29   (Ipsbuild)   2010-07-21T15:59:36-0500   Running  
CollaborationApp   B-BEAU_704_2010_JUL_21_15_57_7_0_3_29   (Ipsbuild)   2010-07-21T15:59:36-0500   Running  
CLI                B-BEAU_704_2010_JUL_21_15_57_7_0_3_29   (Ipsbuild)   2010-07-21T15:59:36-0500         


Upgrade History:


* IPS-sig-S523-req-E4       05:31:28 UTC Tue Oct 26 2010  
  IPS-sig-S524-req-E4.pkg   22:01:39 UTC Wed Oct 27 2010


Recovery Partition Version 1.1 - 7.0(4)E4


Host Certificate Valid from: 28-Sep-2010 to 28-Sep-2012



PS.

licence expires on Nov 11 2011

The CCO is working fine, it can download signatures.

The update worked fine  as you can tell the Oct 27 was auto update.

The update was scheduled for every day at 2AM but i've chenged to every 1 hour to see if is cisco.com that is flooded and rejects the conection.

praprama Wed, 11/17/2010 - 08:50
User Badges:
  • Cisco Employee,

Seems related to what Scott posted in the other thread.


Regards,

Prapanch

Christopher Dreier Thu, 11/18/2010 - 20:50
User Badges:
  • Silver, 250 points or more


Hello all,


This issue has been resolved. Please set your sensors' Auto Update URL to the default and allow the update to run again. Let us know if you continue to experience issues.



Thank you,

Blayne Dreier

Cisco TAC Escalation Team


**Please check out our Podcasts**

TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast

TAC IPS Media Series: https://supportforums.cisco.com/community/netpro/security/intrusion-prevention?view=tags&tags=tac_ips_media_series


Actions

This Discussion

Related Content