Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IDS not generating events

IDS is not generating events.

Following message shows up in the event log.

evError: eventId=1230128220192233058 vendor=Cisco severity=error

originator:

hostId: SI-IDS01

appName: mainApp

appInstanceId: 397

time: Feb 10, 2009 04:51:02 UTC offset=-300 timeZone=GMT-05:00

errorMessage: sentinel getLicenseInfo not successful: 0X12 name=errUnclassified

6 REPLIES
Gold

Re: IDS not generating events

I'm not familiar with that error message, but a licensing error should not prevent the sensor from processing events, only signature updates.

Was this sensor working correctly and then stopped? Is this a new sensor?

I usualy forget to assign an interface to virtualsensor0 (vs0) that can cause this problem.

New Member

Re: IDS not generating events

Sensor was working correctly till last week.

all interfaces have assigned virtual sensor.

Gold

Re: IDS not generating events

Is your sensor in promiscious or in line mode? If it's promiscious, are you getting traffic? (show interface) and is the virtual sensor getting traffic? (show stat analysis)

Have you installed any upgrades or new sig packs around the time this problem started?

I hope you've tried rebooting the sensor.

New Member

Re: IDS not generating events

it is in promiscious mode.

IDS is seeing traffic, have tried rebooting no effect.

I did install new sig updates, but that shouldn't cause any issues.

New Member

Re: IDS not generating events

another error message that IDS is now reporting

evError: eventId=1230128220192228569 vendor=Cisco severity=error

originator:

hostId: SI-IDS01

appName: mainApp

appInstanceId: 397

time: Feb 07, 2009 13:35:04 UTC offset=-300 timeZone=GMT-05:00

errorMessage: IPS software attempted to write invalid XML data for (token). Invalid XML character(s) were replaced with '*' name=errWarning

Gold

Re: IDS not generating events

Signature updates sometime hide engine updates and certainly have taken out our sensors in the past. Assuming that isn't the case here (I think the 4240's have been more stable than most models), you can try to reimage your sensor software from the restore partition.

315
Views
0
Helpful
6
Replies
CreatePlease to create content