Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Following S52 Update-IDSM2's 'paused' in Security Monitor

Hi, my customer applied S52 update to 3 x IDSM2's all running identical 4.1.1 version. Following update it seems all 3 sensors successfully applied update but no longer seem to be able to communicate with VMS Server running Security Monitor. Two of the three show connection status as 'paused', other shows 'connected TLS' but is still not sending /communicating. Tried resetting 2 paused sesnsors from CLI which failed, had to reset modules from cat6k CLI. Even then Security Monitor still showed status as paused. Anyone else seen this?

Thanks

Peter

1 REPLY
New Member

Re: Following S52 Update-IDSM2's 'paused' in Security Monitor

More Info + pause question:

Paused status seems to be due to volume of events from the 3 sensors. Main source is use of sig 2004 (ICMP echo req) tuned to provide info on Nachi infected hosts/pc's (excessive ping activity). Original tuning was 100 pings in 5 mins, volume still v. high, now sig disabled on all 3 sensors.

Q: How long will Security Monitor keep connection 'Paused'- This does not appear to be 'configurable' or manually 'resettable'?

107
Views
0
Helpful
1
Replies
CreatePlease login to create content