Cisco Support Community
Community Member

IDS 4.0 Lockups

Anyone having problems with the 4210 locking up when attempting to modify multiple signatures in a given period of time. Never had this problem in 3. When the system locks I actually need to console or unplug the unit to get it back. I am at 4.0.2 and sig 44.


Cisco Employee

Re: IDS 4.0 Lockups

Modifying multiple sigs should not be aa problem. What exactly does it mean by "in a given period"

Also, how much time is this lock-up experienced after the signature change deployment?

Does this behavior alter if you were to carry out a single signature change?



Community Member

Re: IDS 4.0 Lockups

We're having the same problem. On heavy loaded sensors (4230) IDM will not open or "Apply changes" will never end... "Reset" from command line is the only workaround.

Cisco Employee

Re: IDS 4.0 Lockups

When a new signature is added that requires the addition of a new Regular Expression the sensor may take quite some time to come back on-line if it is under heavy load. The sensor must recompile it's regular expression tables and this is a CPU intensive process.

If you experience this problem you have two choices. First is to wait, the sensor should eventually return. The second is to restart the sensor. When the sensor reboots it will complie the regular expression table before it begins to accept packets for processing and it should come up quicker.

This is an issue that we have documented and a solution is actively being pursued. The 4.1(1) release this summer should show a significant improvement in the return time on the sensor during reconfig.


CreatePlease to create content