Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

IDSM-2 & V6.1

I recently upgraded my IDSM-2 to 6.1. It resides in a 7609 running 12.2(18)SXF8. Mode is just as a sensor (promiscous) and does not block. All the VLANs in the 7609 are spanned to the sensor port.

Since upgrading to 6.1 and monitoring with the IME it has been hanging on a daily basis. Even while trying to access it via CLI, it's hung. Only way to restore communications is to reboot the IDSM (HW Command in the 7609).

Before I open a TAC case on it, has anyone else out there had similar experiences?



Re: IDSM-2 & V6.1

Traffic is captured for promiscuous analysis on IDSM-2 through SPAN or VACL capture.You can configure both monitoring ports to be either SPAN destination ports or VACL capture ports. If you configure both ports as monitoring ports, make sure that they are configured to monitor different traffic.

New Member

Re: IDSM-2 & V6.1

I ended up opening a TAC case. I has logging enabled on Risk Rating 45 - 100 and was running out of file descriptors. I changed the risk rating and the problem has subsided.


Re: IDSM-2 & V6.1

Is there a way of showing the level of utilization of file descriptors?

I would be intrested in hearing the troubleshooting setps used to discover excessive signature logging was your problem.

New Member

Re: IDSM-2 & V6.1

The only way I was able to see it is in a Sho Tech. There does not appear to be an actual command that gives you the error log. It appears the log is part of the LINUX Kernel running as the blade OS. This is what the error output looks like:

20May2008 10:48:51.900 0.024 sensorApp[812] sensorApp/W errWarn IpLogProcessor::addIpLog: Ran out of file descriptors

There were literally hundreds of these errors. TAC was the one making the decision this was the issue. They only appeared after the 6.0 to 6.1 upgrade.



CreatePlease to create content