Re: IDS 4.1 hangs regularly

essam75 · ‎03-28-2004

Dear All,

I have IDS sensor 4230, I lately upgraded from 3.1 to 4.1 , and since the upgrade I faced a problem that every few days the sensor hangs. It doesn't respond to telnet,https, or even console login through console or monitor, and all I can do is reset it. This never happened with the 3.1 version. Here is the output of the show version command on the sensor :

------------------------------------------

sensor# sh ver

Application Partition:

Cisco Systems Intrusion Detection Sensor, Version 4.1(3)S76

OS Version 2.4.18-5smpbigphys

Platform: IDS-4230

Sensor up-time is 20 min.

Using 483483648 out of 492691456 bytes of available memory (98% usage)

Using 3.7G out of 12G bytes of available disk space (33% usage)

MainApp 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500 Running

AnalysisEngine 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500 Running

Authentication 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500 Running

Logger 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500 Running

NetworkAccess 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500 Running

TransactionSource 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500 Running

WebServer 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500 Running

CLI 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500

Upgrade History:

* IDS-K9-sp-4.1-3-S61 09:27:10 UTC Thu Mar 11 2004

IDS-sig-4.1-3-S76.rpm.pkg 09:43:02 UTC Thu Mar 11 2004

Recovery Partition Version 1.1 - 4.0(1)S37

sensor#

------------------------------------------

can anybody tell me what to do or how can I debug what is the problem when this happens again ?

Thanks for your help

mkodali · ‎03-28-2004

I think what you are seeing is known problem documented as CSCed54146 bug. In brief here is the detail :

Problem: sensor command and control unresponsive except for ping.

Symptom: cannot ssh, telnet, connect using IDM or other management tool.

sensor needs to be rebooted to regain access.

Workaround: Install latest patches: 4.1(3e).

As root: issue the command: swapoff -a.

This will need to be done each time the sensor reboots.

There will be a new 4.1(5) release to address this issue, but it will be at least May 2004 before this is ready.

For more details you can access the bug on cisco.com via bug toolkit.

essam75 · ‎03-28-2004

Thanks for your help sir, I guess this is the problem but I have two questions:

1- Where to download the 4.1(3e) patch? I dont see it in the IDS upgrade page.

2- How to login as root? does it have a default password?

marcabal · ‎03-29-2004

You need to contact the TAC to get access to the 4.1(3e) patch.

They will also instruct you on how to use the service account to get root access and make the additional modifications.

twpua · ‎04-06-2004

Hi,

i got the error message :

IDS-K9-patch-4.1-3e.rpm.pkg: read manifest failed: Success

so after installing the patch, i am still require to run "swapoff -a" after every reboot ?

lbhoang · ‎05-06-2004

What's the status of 4.1(5) release? Will it be released on time?

We were forced to upgrade our IDS-4230 from 3.1 to 4.1 in order to get new signature updates. Now, we're experiencing this lockup condition that we did not experience with the SunOS 3.1 software. We're also experiencing this issue with our IDS-4215.