Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2973
Views
0
Helpful
10
Replies

Event Retrieval Functionality Not Working

craig bache
Level 1
Level 1

‎10-31-2011 05:06 AM - edited ‎03-10-2019 05:31 AM

Hi All

I was hoping some assistance with the following please,

Output from show health
Overall Health Status                                   Red          
Health Status for Failed Applications                   Not Enabled  
Health Status for Signature Updates                     Green        
Health Status for License Key Expiration                Green        
Health Status for Running in Bypass Mode                Green        
Health Status for Interfaces Being Down                 Green        
Health Status for the Inspection Load                   Green        
Health Status for the Time Since Last Event Retrieval   Red        <-- this is the issue, but unsure why.  
Health Status for the Number of Missed Packets          Green        
Health Status for the Memory Usage                      Not Enabled 
Health Status for Global Correlation                    Not Enabled  
Health Status for Network Participation                 Not Enabled

IPS:7.0(5a)E4

IME:7.1.1

Sig:S602 <never installed S601>

Are there any outputs that could help with this?

Regards Craig

1 person had this problem
Labels:
0 Helpful
10 Replies 10

craig bache
Level 1
Level 1

‎11-01-2011 03:06 PM

Hi All

I have been checking and it seems as if this is a java issue, I have attached the IME log file.

Does anyone know how to fix this issue??

Regards Craig

116528-IME-log.txt.zip
0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to craig bache

‎11-02-2011 04:51 PM

Hi,

What version of IDM are you using? Can you try to install it on another machine ?

Mike

Mike
0 Helpful

alexpara72
Level 1
Level 1
In response to Maykol Rojas

‎12-12-2011 03:52 AM

Hi.

I have the same problem as Craig. I have IME (not IDM) 7.1.1, just as Craig and IPS version

7.0(5a)E4. It's an AIP-SSM-20 module on an ASA 5540 appliance.

I have this problem since friday, but before it all was functioning good. I have the same problem also on an AIP-SSM-10 module on an ASA 5510 appliance. All happened at the same time.

Please, what could be the solution.

Regards.

0 Helpful

craig bache
Level 1
Level 1
In response to alexpara72

‎12-12-2011 04:17 AM

HI Alessio

Sorry was ment to add this to the thread.

Resolution Summary:  Found that the time on IME and IPS was different, reloaded the IPS to get the current time and the issue is fixed now.


Regards Craig

0 Helpful

alexpara72
Level 1
Level 1
In response to craig bache

‎12-12-2011 04:35 AM

Hi Craig.

Thanks for the quick answer.

I have just resolved in another way (less invasive for the production environment): just stopped and restarted the IME and MySQL server via the services on Windows :O)

The only annoying thing was that I had to replace the gadgets on IME.

Anyway, I don't consider this a "solution" but only a workaround.

Remembering well, this already happened to me the last summer and I used the same IME version. So probably the problem could be inside this version.

Regards.

Alessio

0 Helpful

craig bache
Level 1
Level 1
In response to alexpara72

‎12-12-2011 04:53 AM

Hi Alessio

Yeah that sounds a much better way of recovery....

Regards Craig

0 Helpful

andrey.dugin
Level 1
Level 1
In response to craig bache

‎12-12-2011 06:35 AM

Hi all.

Both workarounds are useful.

For time sync you may setup your PC and IPS for use NTP. As I have investigated, when time offset between local sensor time and network time is less than 5 minutes sensor doesn't require reboot.

You may monitor your services Cisco IPS manager Express and MySQL-IME on monitoring server by some system as nagios or zabbix which may inform you when one of these services or both are stopped.

You also may setup it for automatic restart of stopped service by binding some script to nagios or you may setup task scheduler on Windows monitoring server to automatically restart services Cisco IPS Manager Express and MySQL-IME every some hours.

So you will not need to manually check and restart services and events will be retrieved.

0 Helpful

alexpara72
Level 1
Level 1
In response to andrey.dugin

‎12-12-2011 08:09 AM

Hi Andrey.

I do use ntp on my network and the pc running IME and IPS modules are syncronized with the same ntp server.

So, in my case probably it was a different problem.

Anyway, so far so good to know :O)

Regards.

Alessio.

0 Helpful

andrey.dugin
Level 1
Level 1
In response to alexpara72

‎12-14-2011 04:58 AM

I understood that main problem is not in NTP but in services stop on monitoring server. My recommendations were typed for you too.

0 Helpful

thompsondj
Level 1
Level 1

‎10-17-2016 10:40 AM

I know this is an old thread, but I just had this issue and none of the suggestions worked for an SSM-20 running 7.1(11) in a 5510 running 9.1, IME version 7.2.7.

  My fix and it's been suggested elsewhere and I've done it before is to remove and reload the IME software.  I just wrote down the different gadgets so that I could repopulate the Dashboard the way I wanted it to look.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card