sessionization bug in CSMARS 4.2.2

Unanswered Question
Oct 26th, 2006
User Badges:
  • Blue, 1500 points or more

FYI, the latest version of CSMARS appears to have a pretty significant bug in the way IPS events are sessionized (whatever that means). The bottom line is that incidents/sessions containing IPS alarms are occassionally a garbled up mess in CSMARS (unrelated alarms get "sessionized" and combined together, even though ip/port combinations are different). If you haven't upgraded yet and you have multiple IPS sensors, you might want to wait until this gets fixed.


I take issue with Cisco calling the issue "rare"...we've had 23 incidents in the last 24 hours with IPS alarms, and 5 of them exhibit this bug.


http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsg49227

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion