Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco Security Agent 5.1

I have a erro message which i get constantly from my Desktop when applying policeis through Cisco Security Agent 5.1

error

1: Rues for kit:Test_mode_Desktop_v5.1.0.69 have complexity 7551 which exceeds maximum 7500

his error is constantly showing up in the Management center running through microsoft explorer web browser

14 REPLIES
Blue

Re: Cisco Security Agent 5.1

You have too many items in your installation and need to delete some to get below the 7500 item limit.

Have you applied any hotfixes? If so, you could delete the older items not being used.

You can also delete items associated with OSs that you aren't using to reduce the number.

Tom

New Member

Re: Cisco Security Agent 5.1

Hi Tom

Thanks, what do you mean i have to many items in my installations. No hotfixes applied as of yet.

What are these errors associated with ?

Blue

Re: Cisco Security Agent 5.1

Hi Peter

It means you have too many groups, rules, app classes, variables, etc..

You need to reduce the number of individual items registered in the database in order to process the rules.

Try to consolidate and/or delete unused items.

If you don't have any Solaris or Linux hosts, that would be a good place to start.

Once you fall below this limit, it will allow you to generate the rules.

Tom

New Member

Re: Cisco Security Agent 5.1

Ok thanks very much for the information, i will keep you posted.

Peter

New Member

Re: Cisco Security Agent 5.1

HOw do i remove the linux groups, can i remove the test_mode_desktop for windows as well, were do i remove the app classes and variables from.

I initially went into alert kits and removed the Solaris but i still receive the same error. However it seems to be only for the Test_mode_Desktop for the windows rule. I'm some what confused how to proceed.

No fixes applied and i am not running R2 on my windows 2003 server.

Blue

Re: Cisco Security Agent 5.1

I'm talking about deleting rules, variables, policies, etc, not agent kits.

DO NOT remove the test_mode_desktop kit.

If you are confused about how to proceed, you should probably either attend a two day HIPS class or get one of the Cisco Press or other good books available.

If you decide to proceed, make sure you have a good full system and database backup before you start.

Good Luck,

Tom

New Member

Re: Cisco Security Agent 5.1

I understand, however in your firat email you said that i had to many things in my installation, and that i should remove things that are associated the the OS's.

This not what you are saying in your last post, you are now saying cleanup my Rules, variables and policies. These are not all the same thing.

So please clarify.

regards

Peter

Blue

Re: Cisco Security Agent 5.1

When I refer to 'items', I'm referring to rules, variables, policies, groups, hosts, etc...

Go to the search page and search for It will tell you the number of results and that is the number of 'items' you have.

Some are applicable only to a certain OS (Solaris, Linux or Windows) and you can modify your search to find just those.

I was suggesting deleting items for OSs you do not have.

That's what you need to work on getting below 7500 in order to generate your rules.

The test_mode_desktop agent kit for Windows (and Linux) are the default agent deployment kits that're created when you install the MC.

If you deploy agents with it and then delete it, any agents that re-register with the MC won't know which groups they belong to so will belong to none.

Tom

Silver

Re: Cisco Security Agent 5.1

Tom,

You are spot-on. Thanks for the explanation. I rate it a "5" for clarity.

Paul

Blue

Re: Cisco Security Agent 5.1

Thanks Paul

Tom

Silver

Re: Cisco Security Agent 5.1

These are the two books which Tom is suggesting you peruse:

“Cisco Security Agent” by Chad Sullivan. Publisher: Cisco Press, 2005

“Advanced Host Intrusion Prevention With CSA” by Chad Sullivan. Publisher: Cisco Press, 2006.

They have helped me on numerous occasions.

Hope this helps.

New Member

Re: Cisco Security Agent 5.1

Thanks i will check them out.

I know this may be a stupid quesrtions however what is the puspose of the test_mode_desktop Kit anyway.

Peter

Silver

Re: Cisco Security Agent 5.1

Peter,

It's a good question so no worries.

The Test Mode Desktop Agent is an economizing device for rolling out CSA. It allows you to see how policies will effect your end users without negatively impacting them. Remember that in Test Mode the agent actively inspects but does not enforce rules.

You can easily begin a deployment with the Test Mode Agent and be fairly certain you are not going to have any issues. This is why I call it an economizing device as it saves you time and usually a lot of headaches.

Hope this helps.

Paul

New Member

Re: Cisco Security Agent 5.1

Thanks Paul

Have a good one.

Peter

141
Views
5
Helpful
14
Replies
CreatePlease to create content