Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
349
Views
0
Helpful
2
Replies

IDSM error message

Go to solution
seth.leone
Level 1
Level 1

‎12-23-2002 11:30 AM - edited ‎03-09-2019 01:29 AM

anyone have any idea of what the following error message indicates when running a SHOW IP TRAFFIC cmd on an IDSM? (Im logged in as ciscoids and at IDSMk9-sig 3.0-5-S33)

"idsm2# show ip traff

Monitor Interface Statistics:

Error: Insufficient privileges for command"

It then gives me all the C/C stats.....

Thanks in advance....

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marcabal
Cisco Employee
Cisco Employee

‎12-23-2002 01:02 PM

It sounds like your authorization file on your IDSM has been corrupted.

The authorization file on the IDSM should list the hostname of the IDSM itself

as having GET authorization which is needed for the show ip traffic command.

If you are using Unix Director then you can select the IDSM within nrConfigure and look under the system folder. There should be a configuration for the authorizations. Ensure that the IDSM itself is listed and has all authorizations.

If you are using CSPM then it creates the authorizations file itself. So just try pushing a new configuration from CSPM.

In a worst case scenario, try running setup on the module to re-intialize all of the configuration files (NOTE: This will remove all of your previous edits so do this only as a last resort). Then try show ip traffic and see if it is working.

If it is wokring then try pushing the last good config from CSPM or Unix Director. Try show ip traffic again. If it keeps working then you are good to go, but if it stops working then there is something wrong in the configuration being pushed from CSPM/Unix Director.

NOTE: If you've changed hostid, orgid, hostname, or orgname for the sensor through CSPM or Unix Director then that could be the cause for a corrupted authorization file if it was not properly sync'd with the new names.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
marcabal
Cisco Employee
Cisco Employee

‎12-23-2002 01:02 PM

It sounds like your authorization file on your IDSM has been corrupted.

The authorization file on the IDSM should list the hostname of the IDSM itself

as having GET authorization which is needed for the show ip traffic command.

If you are using Unix Director then you can select the IDSM within nrConfigure and look under the system folder. There should be a configuration for the authorizations. Ensure that the IDSM itself is listed and has all authorizations.

If you are using CSPM then it creates the authorizations file itself. So just try pushing a new configuration from CSPM.

In a worst case scenario, try running setup on the module to re-intialize all of the configuration files (NOTE: This will remove all of your previous edits so do this only as a last resort). Then try show ip traffic and see if it is working.

If it is wokring then try pushing the last good config from CSPM or Unix Director. Try show ip traffic again. If it keeps working then you are good to go, but if it stops working then there is something wrong in the configuration being pushed from CSPM/Unix Director.

NOTE: If you've changed hostid, orgid, hostname, or orgname for the sensor through CSPM or Unix Director then that could be the cause for a corrupted authorization file if it was not properly sync'd with the new names.

0 Helpful

Go to solution
seth.leone
Level 1
Level 1
In response to marcabal

‎12-24-2002 09:45 AM

thanks,

that was exactly it...

i had recently changed the HostID and HostName via a Unix Director.........

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents