Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Default nrdirmap (Unix Director) not updating with new alerts

Anyone know why my default nrdirmap is not updating with new alerts?

I also have problems at times deleting what little alerts I have. I have run the nrDeleteOVwD script probably a hundred times already as well as stopped and restarted the HP OV processes and NR processess.

  • Other Security Subjects
1 REPLY
New Member

Re: Default nrdirmap (Unix Director) not updating with new alert

According to a Cisco Engineer, this can be caused by creating a Custom Signature via the SigWizMenu, nrConfigure, or IDM on the sensor in the String.TCP engine which has a blank SigStringInfo field. When that signature fires an alarm, nrdirmap expects that field to be "NON-NULL". In my case it was, and as such the nrdirmap would die severing connection to smid and eventd. In this case the signature which I created was the one posted on this forum for the SPIDA Worm (default sa account access).

I've changed my description and all seems to be working properly at this time.

85
Views
0
Helpful
1
Replies
This widget could not be displayed.