Problems with IPS MC 2.2 and 4.1(5) sensors

r.stahlbrand · ‎12-29-2005

The latest version of IPS MC, v2.2 does not seem to store the last event position when restarting the CW processes. The result is that CW retreives the complete list of events on all the sensors event-store, no matter of the alarms have already been retreive before the restart of CW processes.

Has anyone else had the same problems with IPS MC 2.2? (It worked fine before upgrading to IPS MC 2.2).

Can anyone from Cisco tell where Receiver.exe is supposed to store the last event position?

mkirbyii · ‎12-31-2005

I am having a similar issue. In fact I have a TAC case opened up on it. Your post is referenced in my case. I am having strange issue since I updated to 2.2. After you restart CW and launch SECMON event viewer I see all the events since I upgraded to 2.2, some dated days ago. I know that we resolved these errors. Another issue Im having and my main issue is that I cannot update sesnors with new sigs. I get an "exception error" in the progress viewer. It also shows on the main page at the bottom under "Latest signature version 5.x" it says no updates. However I know that sig 210 is there because I can configure sig 5693/1. When I try to deploy sig 211 it fails. If you look in the directory on the VMS server all the sig update .zip files are there??. Not sure whats going on here, TAC is sending it to the dev team.

I will keep you posted as to our progress. I seem to have traded one set of issues for another going from 2.1 to 2.2.

M

mkirbyii · ‎01-13-2006

I have some info on this issue. I worked with TAC and as a result a bug was filed. Bug ID is CSCsd00428. The TAC engineer sent me a new reciever.exe file to replace the old one. However, I have downgraded to 2.1 because of another issue.

M

r.stahlbrand · ‎01-14-2006

Thanks Michael,

let's see how long it will take for Cisco to release a service pack for this issue..

Any chance you could send me the updated receiver.exe? Maybe attach it here?