Re: Error when I active nr.managed daemon on the IDS sensor
How are you trying to launch managed with nrexec or nrset?
Managed is started by using the management tool to include managed in the etc/daemons file.
Postoffice will then start it automatically like all of the other daemons.
To start managed using nrConfigure go the system files configuration area and open the daemons configuration. Here you can select managed to be included in the daemons file.
In CSPM the managed daemon is added to the daemons file automatically when you configure a router for blocking.
To see if managed is running, type nrstatus on the sensor.
If managed is not running then see if it is in the etc/daemons file.
If not, then follow the instructions above. It if it is in the daemons file, but is not running then try typing nrstop and nrstart to get it started.
If it won't stay running then chekc the errors file for managed.
If managed is running but not responding to nrexec and nrget queries then either managed is overloaded with too many automatic shun requests so it doesn't have time to respond, or your query is incorrect, or you've found a bug and need to contact the TAC.
Or you might try upgrading to 3.0 before contacting the TAC, there were several managed bug fixes in the 3.0 code base.
This is a new command which is only available with Pix 6.0 or higher.
Managed uses this command, so you must be running Pix 6.0 or higher to manage the Pix.
NOTE: The "Success" that you receive is acknowledgement that managed has received and accepted your request. It is not meant to say that the change of the router or pix configuration was a success. The actuall changing of the router or pix configuration could take a little while depending on how many shuns are being done and how many different devices are being managed. So if managed waited to respond to your shun request until after all the devices had been updated, then it is possible that you command would timeout.
So to verify if managed is functioning properly, you should check the managed error files. If managed comes across an error in configuration then it will place that error in it's error file.
If there is no error file, and you still don't see any shuns on the Pix, then you can try the following:
NOTE: You will need to open one telnet window to the sensor as user netrangr, and a second telnet window as user root.
As netrangr: nrstop
As root: snoop -d iprb0 -o /tmp/packets.snoop
(If using IDS-4210 change iprb0 to iprb1)
As netrangr: nrstart
Now execute a shun request
Wait a minute
As root: Use Ctrl-C to stop the snoop command
As root: Use different snoop options to analyze the packets that are being sent to the Pix and the responses from the Pix. This will let you know of any errors being generated.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :