Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

IDSM error message

anyone have any idea of what the following error message indicates when running a SHOW IP TRAFFIC cmd on an IDSM? (Im logged in as ciscoids and at IDSMk9-sig 3.0-5-S33)

"idsm2# show ip traff

Monitor Interface Statistics:

Error: Insufficient privileges for command"

It then gives me all the C/C stats.....

Thanks in advance....

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: IDSM error message

It sounds like your authorization file on your IDSM has been corrupted.

The authorization file on the IDSM should list the hostname of the IDSM itself

as having GET authorization which is needed for the show ip traffic command.

If you are using Unix Director then you can select the IDSM within nrConfigure and look under the system folder. There should be a configuration for the authorizations. Ensure that the IDSM itself is listed and has all authorizations.

If you are using CSPM then it creates the authorizations file itself. So just try pushing a new configuration from CSPM.

In a worst case scenario, try running setup on the module to re-intialize all of the configuration files (NOTE: This will remove all of your previous edits so do this only as a last resort). Then try show ip traffic and see if it is working.

If it is wokring then try pushing the last good config from CSPM or Unix Director. Try show ip traffic again. If it keeps working then you are good to go, but if it stops working then there is something wrong in the configuration being pushed from CSPM/Unix Director.

NOTE: If you've changed hostid, orgid, hostname, or orgname for the sensor through CSPM or Unix Director then that could be the cause for a corrupted authorization file if it was not properly sync'd with the new names.

2 REPLIES
Cisco Employee

Re: IDSM error message

It sounds like your authorization file on your IDSM has been corrupted.

The authorization file on the IDSM should list the hostname of the IDSM itself

as having GET authorization which is needed for the show ip traffic command.

If you are using Unix Director then you can select the IDSM within nrConfigure and look under the system folder. There should be a configuration for the authorizations. Ensure that the IDSM itself is listed and has all authorizations.

If you are using CSPM then it creates the authorizations file itself. So just try pushing a new configuration from CSPM.

In a worst case scenario, try running setup on the module to re-intialize all of the configuration files (NOTE: This will remove all of your previous edits so do this only as a last resort). Then try show ip traffic and see if it is working.

If it is wokring then try pushing the last good config from CSPM or Unix Director. Try show ip traffic again. If it keeps working then you are good to go, but if it stops working then there is something wrong in the configuration being pushed from CSPM/Unix Director.

NOTE: If you've changed hostid, orgid, hostname, or orgname for the sensor through CSPM or Unix Director then that could be the cause for a corrupted authorization file if it was not properly sync'd with the new names.

New Member

Re: IDSM error message

thanks,

that was exactly it...

i had recently changed the HostID and HostName via a Unix Director.........

95
Views
0
Helpful
2
Replies
CreatePlease to create content