×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

IDSM2 - Connection status indeterminant

Unanswered Question
Oct 15th, 2003
User Badges:

We have then IDSM2 with version 4.1 and CiscoWorks with VMS 1.2.


When I add this host in CiscoWorks Security Monitor, the connection status is "indeterminant".


I see the events on the blade but the connection with ciscoworks doesn't work.

All services of CiscoWorks are started ( IDS_Receiver ).


Thanks for help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
emusican Wed, 10/15/2003 - 04:21
User Badges:

I have found that if port 443 (https) is not available for the sensor to management station, you get an indeterminate state.


Try this:


-Delete sensor from IDS MC. Re-add the sensor using "discover settings". I can almost guarantee that if the discover settings works, you wont be indeterminate.


-Try to connect to your sensor using https. You can access the sensor by going to https://(sensor-ip-address)/cgi-bin/idm. Use cisco as the login name and whatever your password is for cisco.


Eric

ddugailliez Wed, 10/15/2003 - 04:48
User Badges:

I've deleted the sensor from Security Monitor and MC. Then I have add it in the MC with the "discover settings" : no problem.


In the Security Monitor, I've try to had the sensor with :

- "Add" command : Ok,

- "Import from the MC" : Ok.

I can add the sensor but the connection is always in the status "indeterminant". I can't see the events on CiscoWorks.


For the management with https://sensor, it's ok.


Dimitri

emusican Wed, 10/15/2003 - 07:52
User Badges:

Take a look at your analysis statistics in the security monitor. Is the link up and is it full? Do you see Rx bytes? Do you see any alarms when you run the event store statistic?

ddugailliez Thu, 10/16/2003 - 00:13
User Badges:

The link of the interface ( int7, int8 ) is up and I see Rx bytes.


In the event store, I have alarms ( informational, low, medium, high )



bygregory Thu, 10/16/2003 - 11:13
User Badges:

"Indeterminant" status indicates that the receiver process is either not running or is hung.


RDEP device connection status (and CSA MC connection status) is stored in a table in the database. The receiver process updates the device record whenever the connection status for that device changes. "Indeterminant" means that the record for that device has not been added to the database and that can only occur when the receiver is stopped (or hung somehow).


You can restart the Ids_Receiver process (Server Configuration->Administration->Process Management, start/stop process) and the problem should go away.


If you are unsure what caused the receiver to stop, check the Ids_Receiver.log for error messages. You may also want to run an audit log report for the receiver process. This report will show receiver related messages that may help you understand what caused the problem.

ddugailliez Mon, 10/20/2003 - 03:33
User Badges:

The problem is resolved.


I have restarted the service IDS_receiver and the status is now Connected TLS.


Thanks.

shawn.posthumus Tue, 10/21/2003 - 05:38
User Badges:

I also had this problem yesterday afternoon, and stop/start the ids_receiver fixed it.

Actions

This Discussion