It appears that the IDS services on my CSPM 2.3.3i(Windows NT) machine is no longer running. I have not been able to discover why these services won't start. I was wondering if anyone has experienced this type of problem before and could offer any suggestions?
Thanks for this information, which I will used. However, when I check the service to see if it is running, it shows that it is running. In this case using the "net start" to start the service didn't seem to make a difference. Perhaps I'm not understanding the error that I'm getting correctly. When I to open the database by going to "Tools" then "View Sensor Events" then "Database" I receive the following error:
Let me try proving a little more information. When I checked the service Cisco Controlled Host Component to see if it is running, it shows that it is running. I also used the "net start" command to start this service just to make sure, which didn't seem to make any difference. Perhaps I do not understand the error that I'm getting. When I go to open the Event Browser by going to "Tools" then "View Sensor Events" then "Database" I receive the following error:
Services Not Running!
Your local machines IDS services do not appear to be running.
Your Connection Status Panel will not be operational and you will not be able to view Live Event Feeds.
If you want to use the Connection Status Panel or Live Event Feeds, then it is recommended that you shut down the Event Browser, start the services, then restart the Event Browser.
I am also receiving this Warning.
The Window Event Viewer Database Events CSIDS Alarms reached the Maximum number of events as specified in the Preferences Panel.
Consider increasing the appropriate value in the Preferences Panel.
I have rebooted the NT machine, stopped and started the Cisco Controlled Host Component, but nothing I do seems to change or correct this problem.
Also, I have not been able to find the Preferences Panel that is referred to in the warning message.
Thank you for your response, I have CSPM installed in a raid environment with 45 GBs available and Ive only used 1 GB so far. However, there maybe some thresholds set somewhere that Im not aware of. I did a shutdown of the database services and tried to run fmcompact.exe. This ran for a minute or so until it reached Create frames for type EventStreams it then stops and I get message stating that an application error has occurred.
I was directing the disk space answer (9GBs) towards the IDS itself - not the CSPM NT server. If you telnet or ssh to the IDS as netrangr - cd bin - run nrstatus - does it show your services are running there? If not, cd to the /usr/nr/var directory & look at the directories under there and see if you have alot of log files. If you do - delete some or all - do a su to switch to being the root id - issue a reboot & see after the ids reboots if you can talk to it from your CSPM NT server.
If not - then I would back my CSPM database and profiles up - reinstall CSPM ...
I have the same problem, on the ids there is enought disc space and also on the nt server. the Cisco Controlled Host Component seems to be running but i get the same messages that the IDS SERVICE is not running.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...