Re: cspm and ids

hussamchawa · ‎06-21-2001

i recently installed cspm 2.3i and ids 4230 for demo purposes. The problems i'm facing are the following:

1. in the 'view sensor events database' i got a message that says the managed is down and not startable (managed dead). What's the effect of that and how can i restart it.

2. in the 'view notifications' i'm getting no entries at all and all my reports are empty although i've done all the configuration (configure notification, defining report...)

3. when i try 'view reports' in Tools menu, i'm asked for a username and password but when i give the administrator's username and password it's rejected. So to view the reports i go to root/data/reports folder.

Any help on these issues.

Thankx.

Hussam

System Engineer.

jsirrian · ‎06-21-2001

1. in the 'view sensor events database' i got a message that says the managed is down and not startable (managed dead). What's the effect of that and how can i restart it.

Managed is the process that does shunning/blocking. If it isn't running, then shunning/blocking won't work. Telnet to the sensor and take a look at the errors.managed file in /usr/nr/var to see if it gives you a hint as to what happened. If not, do an nrstop/nrstart to try and restart the process.

2. in the 'view notifications' i'm getting no entries at all and all my reports are empty although i've done all the configuration (configure notification, defining report...)

Take a look at the posting in this forum entitled "Notification Message with CSPM" dated 10 May.

3. when i try 'view reports' in Tools menu, i'm asked for a username and password but when i give the administrator's username and password it's rejected. So to view the reports i go to root/data/reports folder.

Let's try this a different way. Open Internet Explorer and enter the following URL:

http://localhost:8080/Reports

Select one of the IDS reports and you will be prompted to log in. Enter a valid CSPM userid/password (not an NT account, but a CSPM account).