Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
678
Views
0
Helpful
5
Replies

Analysis Engine not running often 5.0(5) Sig 218

Go to solution
mkirbyii
Level 1
Level 1

‎03-12-2006 10:28 AM - edited ‎03-10-2019 01:55 AM

Hi

We have 27 4215's running 5.0(5) sig 218 and are finding via "health and Welfare messages" that the analysis engine is not running on some of our sensors. I cannot pin down a pattern and it is random. Each time we see this we restart the CIDS daemon. It will run OK and then stop again. We cannot determine anything from the logs.

Anybody else seeing this, or know what else we could look for to find clues?

Thank you in advance

M

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ibanezm
Level 1
Level 1

‎03-13-2006 07:21 AM

5.0(6)S220 should be installed. This sp addresses sensorapp problems among other bugs.

-Mario

View solution in original post

0 Helpful
5 Replies 5

Go to solution
ibanezm
Level 1
Level 1

‎03-13-2006 07:21 AM

5.0(6)S220 should be installed. This sp addresses sensorapp problems among other bugs.

-Mario

0 Helpful

Go to solution
jware
Level 1
Level 1
In response to ibanezm

‎03-16-2006 07:22 PM

Where can I find the release notes for 5.0(6) to find what was actually fixed? Having a ahrd time tracking it down, and the Readme.txt file doesn't say what is specifically fixed. We are also having that problem running 5.0(5) as well as sensors randomly stopping, that seems to be when updates are pushed out. We either get the same error as above, the analysis engine stops running, or the sensor will just stop responding or crash altogether.

0 Helpful

Go to solution
jware
Level 1
Level 1
In response to jware

‎03-16-2006 08:33 PM

Please ignore this message. I found what I was looking for in the bugtraq

0 Helpful

Go to solution
mkirbyii
Level 1
Level 1
In response to ibanezm

‎03-24-2006 09:01 AM

I have installed service pack 6 along with sig 222 and the analysis engine has stabilized.

Thank you

M

0 Helpful

Go to solution
yvasanthk
Level 1
Level 1
In response to mkirbyii

‎03-25-2006 10:29 AM

I have similar problems running IPS5.1(1d)S220.0 on an IDSM-2 module. I need to reset the sensor atleast once everyday because it does not show any events using "show events". I am sure my network has atleast ICMP events showing up.

Sometimes, the IPS DM launches for a while and then throws an error saying "There was an error, IDM will exit, press Yes" or something like that. Immediately after this, if I try to get access to the IDSM-2 CLI (by sess sl proc 1), no prompt is thrown.

Everything is OK after I reboot the module.

Pls help on how to proceed.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card