cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
547
Views
0
Helpful
5
Replies

IDSM Service pack problem

alaa.musa
Level 1
Level 1

I install IDSM service pack "IDSM-sp-3.0-4-S20" and i make also upgrade for CSPM after install the service pack my ids stop sending event to cspm and no event appear at data base could some one help please

5 Replies 5

ciscomoderator
Community Manager
Community Manager

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

carlmoore
Level 1
Level 1

I installed IDSM service pack "IDSM-sp-3.0-4-S20" and I also upgraded the CSPM. After installing the service pack my ids stopped sending events to the cspm and no events appeared on the data base.

I get the following information when I do a connection status, service version, and service status:

The connection status of host "lafayette-sensor" is:

PEC-05255-CSPM.pec Connection 1: 55.195.251.100 45000 1 [Established] sto:-336 with Version 1

The system info for host "lafayette-sensor" is:

NT 4 0 Service Pack 6, SENSOR: 3.0(4)S20, IDS Line Card

The version of postofficed on host "lafayette-sensor" is:

postoffice v199 (Release) 01/09/28-12:54

The version of fileXferd on host "lafayette-sensor" is:

fileXfer v199 (Release) 01/09/28-12:53

The version of sapd on host "lafayette-sensor" is:

sap v199 (Release) 01/09/28-12:54

The version of packetd on host "lafayette-sensor" is:

sensor v260 (Release) 02/05/06-15:51

The status of the enabled applications on host "lafayette-sensor" is as follows:

fileXferd

Running

sapd

Running

packetd

Running

END

Any ideas how I can get this running again other than going back to 3.0(3)S13IDSM ?

carlmoore
Level 1
Level 1

Alaa, Have you resolved this issue yet? I am currently working with TAC to try to resolve this problem. If you have found a solution send me an email at carl.moore@pec.ngb.army.mil . If TAC gets this figured out I will send you what we did to fix it. Thanks

carlmoore
Level 1
Level 1

Stanley Karunditu at TAC came up with the solution to my problem, maybe it will work for you also.

1. If you are able to get into CSPM go to File --> Export and export to a known location that is not associated with CSPM.

2. If you are not able to bring up the gui then use Windows Exporer and browse to the following location. (E:\Program Files\Cisco Secure Policy Manager\Backup) Sort by date and copy the last two or three .cpm files. Note: pu is created when you do an update and the db is created with you click the save button. It does not matter which one you get.

3. Close CSPM if not closed already.

4. Go to Start --> Programs --> Cisco Systems --> Cisco Secure Policy Manager --> CSPM Tools (if you are running 3.0) --> Troubleshooting ToolKit

5. Locate the Restore Policy Database tab

6. Leave the default options and click Restore.

7. The Greyed out boxes will be populated with check marks as CSPM go through the Restore process. (Can take up to 30 seconds)

8. When all the boxes are populated with check marks then click OK.

9. Bring up CSPM normally

10. Import the saved .cpm file. (File --> Import)

11. Click Update to build your database again.

Note:

It may tell you that you have an imported administrator. Just delete it.

This process will Restore you Database to new. You will loose all your configuration but you will be able to rebuild your database by importing your .cpm file in and clicking update. If this process does not work then your only other option will be a un-install --> restart system --> re-install.

Not applicable

I had the same issue not too long ago. I updated the IDS & CSPM with S23 update. The CSPM was able to update to all of my sensors but I was not receiving any events back from them. I tried reinstalling an older database, & power off & on the sensors all of which did not work. It almost came down to reinstalling the CSPM until a power failure fixed the problem. My co-worker pointed out that the power failure resetted the ports on the facility cisco switches which corrected the communication problem. He mentioned that sometimes the ports could "fall asleep" for a lack of a better term & probably needed to be resetted. I hope this helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: