Did this help?

I have exactly the same problem.

regards,

ralph

Hello,

I have the same problem, but with 4.1(5) and "IDS-K9-patch-4.1-5b.rpm.pkg" installed.

How do I solve this problem?

Thanks.

SHOW VERSION

IDS# show version

Application Partition:

Cisco Systems Intrusion Detection Sensor, Version 4.1(5)S222

OS Version 2.4.26-IDS-smp-bigphys

Platform: IDS-4215

Sensor up-time is 2:23.

Using 275107840 out of 460161024 bytes of available memory (59% usage)

Using 4.6G out of 17G bytes of available disk space (29% usage)

MainApp 2006_Feb_09_21.48 (Eng415b) 2006-02-09T20:52:02-0600 Running

AnalysisEngine 2006_Feb_09_21.48 (Eng415b) 2006-02-09T20:52:02-0600 NotRunning

Authentication 2006_Feb_09_21.48 (Eng415b) 2006-02-09T20:52:02-0600 Running

Logger 2006_Feb_09_21.48 (Eng415b) 2006-02-09T20:52:02-0600 Running

NetworkAccess 2006_Feb_09_21.48 (Eng415b) 2006-02-09T20:52:02-0600 Running

TransactionSource 2006_Feb_09_21.48 (Eng415b) 2006-02-09T20:52:02-0600 Running

WebServer 2006_Feb_09_21.48 (Eng415b) 2006-02-09T20:52:02-0600 Running

CLI 2005_Aug_02_10.53 (Release) 2005-08-02T10:25:35-0500

Upgrade History:

* IDS-sig-4.1-5-S222 15:11:06 UTC Thu Mar 30 2006

IDS-K9-patch-4.1-5b.rpm.pkg 19:30:25 UTC Fri Apr 07 2006

Recovery Partition Version 4.1(1)S47

I opened a TAC case also and they had me reimage to 5.02 code then upgraded to 5.1(1d), and then installed the patch. It has been over a week with no problems. They said I didnt upgrade in the proper order.

How did you reimage to 5.02 code?

Imaging 5.0(2) can be done with a cd (not sure if it is still available) and you can also download the image for 4215/40/55 sensors here

http://www.cisco.com/cgi-bin/tablebuild.pl/ips5-system

But if the goal is to end up with 5.1(1d), you can also get there from any 5.0(x) version; doesn't have to be 5.0(2)

Hi,

I had the same problem with IDS 4235. And the recover-procedure works fine up to 5.1(1d)

Went thru the same procedures on our two IDSM-2 modules. They now run fine for a few days before the Analysis Engine dies, as opposed to dying after 15 minutes. Progress, I guess.

I have the same problem and i am using 5.1d and p1

MainApp 2005_Nov_15_13.47 (Release) 2005-11-15T14:27:20-0600 Running

AnalysisEngine 2006_Apr_20_21.05 (Release) 2006-04-20T21:50:27-0500 NotRunning

CLI 2005_Nov_15_13.47 (Release) 2005-11-15T14:27:20-0600

You should recover the sensor as described by "ibanezm - CISCO SYSTEMS - Apr 11, 2006, 5:56am PST" in this discussion. It works remote but the configurations and passwords are lost except the ip-address. After the update with the latest signature it is possible to import the sensor in VMS.

The following bug CSCsd20430 describes that the “sensorApp fails to shutdown during sig update”.

It goes to describe that when installing a signature update on a 5.x sensor the customer may notice that the "AnalysisEngine" is in the "Stopping" state and the sig update does not complete.

The workaround says to reboot the sensor and try the signature update again.

I appreciate that Cisco have provided an informal work around on this forum however could someone point me an area that officially documents the workaround given in this thread. I have followed the instructions and the steps in the order given above (re-image to 5.0(x) code then upgraded to 5.1(1d), and then installed the patch) but there are still several sensors in the network that suffer from this bug.

Thanks in advance