Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Bronze

CSA: 5.2 agent reports but doesn't poll?

So I'm running into an issue with a 5.2 agent install (r245). The agent install and registers to the MC without an issue. The issue is that the agent is not polling every 10 minutes like it is supposed to. I placed the same policy on my workstation and I can poll without a problem. The system will still report back to the MC if necessary (if an event logs), and once it does the host shows as active again. But then goes inactive as the polling is failing. I'm looking for details on how the agent should be polling (I think it's UDP, but what port?) and if there's any debugs I can do on the client side to find the issue. We've removed the XP SP2 firewall so it should not be blocked on the workstation. Thanks in advance!

-Mike

http://cs-mars.blogspot.com

1 REPLY
Blue

Re: CSA: 5.2 agent reports but doesn't poll?

Hi Mike, a couple of questions (pardon me if they sound dumb):

Is this just a single host and is the 10 minute polling interval listed under host settings?

Is it in multiple groups? Groups are what set polling intervals.

You can run diags locally on the host using "C:\Program Files\Cisco Systems\CSAgent\bin\diag.exe collect"

Also look at C:\Program Files\Cisco Systems\CSAgent\log\csalog.txt for polling errors.

You can also run diags from the MC.

It talks to the MC on 5401. It uses 443 if 5401 fails.

Tom

137
Views
0
Helpful
1
Replies
CreatePlease to create content