Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

What does this IPS message indicate?

evError: eventId=1229364010346777529 vendor=Cisco severity=warning

originator:

hostId: IPS

appName: cidwebserver

appInstanceId: 22081

time: Dec 18, 2008 19:30:56 UTC offset=0 timeZone=-8

errorMessage: received fatal alert: certificate_unknown

Messages, like this one, in the category - receipt of TLS fatal alert message - were logged 1795 times in the last 3601 seconds. name=errWarning

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: What does this IPS message indicate?

Soemthing is try to connect to your sensor using an incorrect TLS certificate.

This error is very common in situations where your sensor now has a newer TLS certificate (usually becuase of re-imaging the sensor, or creating a new TLS certificate because the older one expired).

Go to all of your management station boxes and ensure that they have been updated with the sensor's new TLS certificate.

If you are not sure which management boxes may not have been updated, then run the packet display command on the sensor's management interface and look to see which IPs are attempting to connect to your sensor's web server.

3 REPLIES
Cisco Employee

Re: What does this IPS message indicate?

Soemthing is try to connect to your sensor using an incorrect TLS certificate.

This error is very common in situations where your sensor now has a newer TLS certificate (usually becuase of re-imaging the sensor, or creating a new TLS certificate because the older one expired).

Go to all of your management station boxes and ensure that they have been updated with the sensor's new TLS certificate.

If you are not sure which management boxes may not have been updated, then run the packet display command on the sensor's management interface and look to see which IPs are attempting to connect to your sensor's web server.

New Member

Re: What does this IPS message indicate?

What is the command to run "the packet display command on the sensor's management interface and look to see which IPs are attempting to connect to your sensor's web server."

Anonymous
N/A

Re: What does this IPS message indicate?

In its simplest form, the command is:

packet display

although there are additional parameters that you can specify. Use ? to see the options.

365
Views
0
Helpful
3
Replies