Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IDS CSPM signautre update

I am experiencing problem, after the sensor and CSPM signature update

to 3.1(3)S36, I received over 300 CSIDS Alarms " No traffic flowing for past 90 seconds on fastethernet interface" per day.

1 REPLY
New Member

Re: IDS CSPM signautre update

This is an inbuilt signature that fires when the sensor doesn't see any traffic on its sniffing interface for 90 seconds. Verify that whatever the sniffing port on the sensor is attached to is actually spanning traffic to that port.

Since you just upgraded the signature, it may be that you have a database corruption and the alerts are being sent to CSPM but they're just not being written into the database. To restore your database, open up CSPM and go to File - Export and save your current configuration off to a .cpm file somewhere NOT under the CSPM directory structure. Close down CSPM. Now go to Start - Programs - Cisco Systems - CSPM - Troubleshooting Toolkit, under the Restore Policy Database tab hit the Restore button and wait for the 4 checkboxes to check themselves off. Now open up CSPM again and it'll come up with a blank database. Go to File - Import and import the .cpm file you just exported back in. Do a Save/Update. then re-apply the 36 signature update just as you did before.

72
Views
0
Helpful
1
Replies
CreatePlease login to create content