10-15-2003 12:15 AM - edited 03-09-2019 05:09 AM
We have then IDSM2 with version 4.1 and CiscoWorks with VMS 1.2.
When I add this host in CiscoWorks Security Monitor, the connection status is "indeterminant".
I see the events on the blade but the connection with ciscoworks doesn't work.
All services of CiscoWorks are started ( IDS_Receiver ).
Thanks for help.
10-15-2003 04:21 AM
I have found that if port 443 (https) is not available for the sensor to management station, you get an indeterminate state.
Try this:
-Delete sensor from IDS MC. Re-add the sensor using "discover settings". I can almost guarantee that if the discover settings works, you wont be indeterminate.
-Try to connect to your sensor using https. You can access the sensor by going to https://(sensor-ip-address)/cgi-bin/idm. Use cisco as the login name and whatever your password is for cisco.
Eric
10-15-2003 04:48 AM
I've deleted the sensor from Security Monitor and MC. Then I have add it in the MC with the "discover settings" : no problem.
In the Security Monitor, I've try to had the sensor with :
- "Add" command : Ok,
- "Import from the MC" : Ok.
I can add the sensor but the connection is always in the status "indeterminant". I can't see the events on CiscoWorks.
For the management with https://sensor, it's ok.
Dimitri
10-15-2003 07:52 AM
Take a look at your analysis statistics in the security monitor. Is the link up and is it full? Do you see Rx bytes? Do you see any alarms when you run the event store statistic?
10-16-2003 12:13 AM
The link of the interface ( int7, int8 ) is up and I see Rx bytes.
In the event store, I have alarms ( informational, low, medium, high )
10-16-2003 11:13 AM
"Indeterminant" status indicates that the receiver process is either not running or is hung.
RDEP device connection status (and CSA MC connection status) is stored in a table in the database. The receiver process updates the device record whenever the connection status for that device changes. "Indeterminant" means that the record for that device has not been added to the database and that can only occur when the receiver is stopped (or hung somehow).
You can restart the Ids_Receiver process (Server Configuration->Administration->Process Management, start/stop process) and the problem should go away.
If you are unsure what caused the receiver to stop, check the Ids_Receiver.log for error messages. You may also want to run an audit log report for the receiver process. This report will show receiver related messages that may help you understand what caused the problem.
10-20-2003 03:33 AM
The problem is resolved.
I have restarted the service IDS_receiver and the status is now Connected TLS.
Thanks.
10-21-2003 05:38 AM
I also had this problem yesterday afternoon, and stop/start the ids_receiver fixed it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide