IDS 4215 sensing interface enabling problem

paneer.r · ‎11-09-2003

Hi,

I have one new IDS 4215 . When I try to enable 'interface group 0' it is showing processing config ......./ and even after waiting for longer time it still going on and not getting the interface enabled. Due to the same reason I am unable to enable sensing interface int0.

Please let me know how I can enable the sensing interface .

Regards,

lwierenga · ‎11-11-2003

Look here:

http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_installation_and_configuration_guide_chapter09186a00801a0c95.html#320

Specifically look at:

Installing Optional PCI Cards

Assigning and Enabling the Sensing Interface

If this answers your question. please clase and rate. Thanks.

paneer.r · ‎11-12-2003

Hi,

I have already tried enabling the 'interface group 0' by going through the same document. But I am facing problem when I use no shutdown commnad. Instead of immediate prompt I am getting 'processing config.....' message and it never gets through.

I am unable to enable both group & sensing interfaces due to the above reson.

Please let me know how I can solve this problem.

Regards,

j.lolley · ‎02-09-2004

Was this issue ever resolved? I'm running into the exact same issues with a 4235.

-interface group 0 is disabled

-when I attempt to enable it with 'no shutdown' I'm in a holding pattern with "processing config"

Any help would be appreciated. Thanks.

mkodali · ‎02-09-2004

Which Software version are you using? You should get back the prompt fairly quickly from the "Processing config...." message. Another way of enabling the sensing interfaces is while in the interface group "exclude and re-include that particular interface in the group".

Say for example you want to enable int2, you can do the following :

-conf t

-int g 0

-no sen int2

-sen int2

-ex

Hope this helps.

j.lolley · ‎02-09-2004

Thanks, but I'm still having issues:

-restarted the sensor

-logged in admin account (cisco)

-conf t

-int g 0

-no sen int0

-the "processing config" just hangs the machine....

When I ssl to the sensor via the IDM, I'm told I can't bring the sniffing interface up until the Group is enabled. When I try to enable the group:

-conf t

-interface group 0

-no shutdown

-again, "processing config" just hangs....

-as well, the connection hangs if I attempt this via the IDM..

A "show version" reports the following:

* IDS-sig-4.1-3-S67

IDS-sig-4.1-3-S68.rpm.pkg

Recovery Partition Version 1.1 - 4.0(1)S37

Thanks.

j.lolley · ‎02-09-2004

Thanks, but I'm still having issues:

-restarted the sensor

-logged in admin account (cisco)

-conf t

-int g 0

-no sen int0

-the "processing config" just hangs the machine....

When I ssl to the sensor via the IDM, I'm told I can't bring the sniffing interface up until the Group is enabled. When I try to enable the group:

-conf t

-interface group 0

-no shutdown

-again, "processing config" just hangs....

-as well, the connection hangs if I attempt this via the IDM..

A "show version" reports the following:

* IDS-sig-4.1-3-S67

IDS-sig-4.1-3-S68.rpm.pkg

Recovery Partition Version 1.1 - 4.0(1)S37

Thanks.

mkodali · ‎02-09-2004

Can you please post the entire "sh version"? I suspect the Analysis Engine is either not running or in bad state. And also how are you restarting the sensor?

Thanks

j.lolley · ‎02-09-2004

Thanks.

As displayed by "System Information":

Cisco Systems Intrusion Detection System, Version 4.1(3)S68

MainApp 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500Running

AnalysisEngine 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500Running

Authentication 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500Running

Logger 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500Running

NetworkAccess 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500Running

TransactionSource 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500Running

WebServer 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500Running

Thanks again.

j.lolley · ‎02-09-2004

Thanks.

As displayed by "System Information":

Cisco Systems Intrusion Detection System, Version 4.1(3)S68

MainApp 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500Running

AnalysisEngine 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500Running

Authentication 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500Running

Logger 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500Running

NetworkAccess 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500Running

TransactionSource 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500Running

WebServer 2003_Oct_10_11.16 (Release) 2003-10-10T11:01:13-0500Running

Thanks again.

j.lolley · ‎02-09-2004

For what its worth....

After attempting to enable Group 0 from the IDM interface, a 'show version' on the sensor does report the analysis_engine as 'not running.'

Thanks.

mkodali · ‎02-09-2004

I tried the same operations on a 4250 here in lab with the same software version and see no problems. Can you please provide via the CLI:

1. Output for "sh ver" and "sh int" before and after the attempt to enable the interface group. (want to check for analysisEngine state). You can wait for around 10 minutes for the output after you enable the interface. AnalysisEngine takes a while to stabilize.

And also via the service account :

1. do a "ps -e fw" to check for any defunct process

2. Check for any core file under "usr/cids/idsRoot/core/sensorApp".

3. Check for messages at the end of the log file main.log under "usr/cids/idsRoot/log"

The above 3 steps have to be done again before and after the attempt to the enable the group.

j.lolley · ‎02-09-2004

For what its worth....

After attempting to enable Group 0 from the IDM interface, a 'show version' on the sensor does report the analysis_engine as 'not running.'

Thanks.

j.lolley · ‎02-09-2004

For what its worth....

After attempting to enable Group 0 from the IDM interface, a 'show version' on the sensor does report the analysis_engine as 'not running.'

Thanks.