I have seven ASA5510 with the SSM-10 modules running v5.1(1). On a regular basis the VMS will report that the analysis engine is not running on any of the seven. I then will go to the sensor and reset it and it will work for a while.Is anyone else having this problem?
This is a known issue in 5.1(1). Download and install the p1 patch from here:
and you should be good to go. You can see from the readme that there's a few bugs where AnalysisEngine/sensorapp will stop.
I have the same problem, but with 4.1(5) and "IDS-K9-patch-4.1-5b.rpm.pkg" installed.
How do I solve this problem?
IDS# show version
Cisco Systems Intrusion Detection Sensor, Version 4.1(5)S222
OS Version 2.4.26-IDS-smp-bigphys
Sensor up-time is 2:23.
Using 275107840 out of 460161024 bytes of available memory (59% usage)
Using 4.6G out of 17G bytes of available disk space (29% usage)
MainApp 2006_Feb_09_21.48 (Eng415b) 2006-02-09T20:52:02-0600 Running
AnalysisEngine 2006_Feb_09_21.48 (Eng415b) 2006-02-09T20:52:02-0600 NotRunning
Authentication 2006_Feb_09_21.48 (Eng415b) 2006-02-09T20:52:02-0600 Running
Logger 2006_Feb_09_21.48 (Eng415b) 2006-02-09T20:52:02-0600 Running
NetworkAccess 2006_Feb_09_21.48 (Eng415b) 2006-02-09T20:52:02-0600 Running
TransactionSource 2006_Feb_09_21.48 (Eng415b) 2006-02-09T20:52:02-0600 Running
WebServer 2006_Feb_09_21.48 (Eng415b) 2006-02-09T20:52:02-0600 Running
CLI 2005_Aug_02_10.53 (Release) 2005-08-02T10:25:35-0500
* IDS-sig-4.1-5-S222 15:11:06 UTC Thu Mar 30 2006
IDS-K9-patch-4.1-5b.rpm.pkg 19:30:25 UTC Fri Apr 07 2006
Recovery Partition Version 4.1(1)S47
I opened a TAC case also and they had me reimage to 5.02 code then upgraded to 5.1(1d), and then installed the patch. It has been over a week with no problems. They said I didnt upgrade in the proper order.
Imaging 5.0(2) can be done with a cd (not sure if it is still available) and you can also download the image for 4215/40/55 sensors here
But if the goal is to end up with 5.1(1d), you can also get there from any 5.0(x) version; doesn't have to be 5.0(2)
Went thru the same procedures on our two IDSM-2 modules. They now run fine for a few days before the Analysis Engine dies, as opposed to dying after 15 minutes. Progress, I guess.
I have the same problem and i am using 5.1d and p1
MainApp 2005_Nov_15_13.47 (Release) 2005-11-15T14:27:20-0600 Running
AnalysisEngine 2006_Apr_20_21.05 (Release) 2006-04-20T21:50:27-0500 NotRunning
CLI 2005_Nov_15_13.47 (Release) 2005-11-15T14:27:20-0600
You should recover the sensor as described by "ibanezm - CISCO SYSTEMS - Apr 11, 2006, 5:56am PST" in this discussion. It works remote but the configurations and passwords are lost except the ip-address. After the update with the latest signature it is possible to import the sensor in VMS.
The following bug CSCsd20430 describes that the sensorApp fails to shutdown during sig update.
It goes to describe that when installing a signature update on a 5.x sensor the customer may notice that the "AnalysisEngine" is in the "Stopping" state and the sig update does not complete.
The workaround says to reboot the sensor and try the signature update again.
I appreciate that Cisco have provided an informal work around on this forum however could someone point me an area that officially documents the workaround given in this thread. I have followed the instructions and the steps in the order given above (re-image to 5.0(x) code then upgraded to 5.1(1d), and then installed the patch) but there are still several sensors in the network that suffer from this bug.
Thanks in advance