03-28-2004 12:29 AM - edited 03-09-2019 06:54 AM
Dear All,
I have IDS sensor 4230, I lately upgraded from 3.1 to 4.1 , and since the upgrade I faced a problem that every few days the sensor hangs. It doesn't respond to telnet,https, or even console login through console or monitor, and all I can do is reset it. This never happened with the 3.1 version. Here is the output of the show version command on the sensor :
------------------------------------------
sensor# sh ver
Application Partition:
Cisco Systems Intrusion Detection Sensor, Version 4.1(3)S76
OS Version 2.4.18-5smpbigphys
Platform: IDS-4230
Sensor up-time is 20 min.
Using 483483648 out of 492691456 bytes of available memory (98% usage)
Using 3.7G out of 12G bytes of available disk space (33% usage)
MainApp 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500 Running
AnalysisEngine 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500 Running
Authentication 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500 Running
Logger 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500 Running
NetworkAccess 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500 Running
TransactionSource 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500 Running
WebServer 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500 Running
CLI 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500
Upgrade History:
* IDS-K9-sp-4.1-3-S61 09:27:10 UTC Thu Mar 11 2004
IDS-sig-4.1-3-S76.rpm.pkg 09:43:02 UTC Thu Mar 11 2004
Recovery Partition Version 1.1 - 4.0(1)S37
sensor#
------------------------------------------
can anybody tell me what to do or how can I debug what is the problem when this happens again ?
Thanks for your help
03-28-2004 02:12 PM
I think what you are seeing is known problem documented as CSCed54146 bug. In brief here is the detail :
Problem: sensor command and control unresponsive except for ping.
Symptom: cannot ssh, telnet, connect using IDM or other management tool.
sensor needs to be rebooted to regain access.
Workaround: Install latest patches: 4.1(3e).
As root: issue the command: swapoff -a.
This will need to be done each time the sensor reboots.
There will be a new 4.1(5) release to address this issue, but it will be at least May 2004 before this is ready.
For more details you can access the bug on cisco.com via bug toolkit.
03-28-2004 10:52 PM
Thanks for your help sir, I guess this is the problem but I have two questions:
1- Where to download the 4.1(3e) patch? I dont see it in the IDS upgrade page.
2- How to login as root? does it have a default password?
03-29-2004 09:10 AM
You need to contact the TAC to get access to the 4.1(3e) patch.
They will also instruct you on how to use the service account to get root access and make the additional modifications.
04-06-2004 01:08 AM
Hi,
i got the error message :
IDS-K9-patch-4.1-3e.rpm.pkg: read manifest failed: Success
so after installing the patch, i am still require to run "swapoff -a" after every reboot ?
05-06-2004 02:54 PM
What's the status of 4.1(5) release? Will it be released on time?
We were forced to upgrade our IDS-4230 from 3.1 to 4.1 in order to get new signature updates. Now, we're experiencing this lockup condition that we did not experience with the SunOS 3.1 software. We're also experiencing this issue with our IDS-4215.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide