Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
509
Views
15
Helpful
7
Replies

IDSM2 - Connection status indeterminant

ddugailliez
Level 1
Level 1

‎10-15-2003 12:15 AM - edited ‎03-09-2019 05:09 AM

We have then IDSM2 with version 4.1 and CiscoWorks with VMS 1.2.

When I add this host in CiscoWorks Security Monitor, the connection status is "indeterminant".

I see the events on the blade but the connection with ciscoworks doesn't work.

All services of CiscoWorks are started ( IDS_Receiver ).

Thanks for help.

Labels:
0 Helpful
7 Replies 7

emusican
Level 1
Level 1

‎10-15-2003 04:21 AM

I have found that if port 443 (https) is not available for the sensor to management station, you get an indeterminate state.

Try this:

-Delete sensor from IDS MC. Re-add the sensor using "discover settings". I can almost guarantee that if the discover settings works, you wont be indeterminate.

-Try to connect to your sensor using https. You can access the sensor by going to https://(sensor-ip-address)/cgi-bin/idm. Use cisco as the login name and whatever your password is for cisco.

Eric

0 Helpful

ddugailliez
Level 1
Level 1
In response to emusican

‎10-15-2003 04:48 AM

I've deleted the sensor from Security Monitor and MC. Then I have add it in the MC with the "discover settings" : no problem.

In the Security Monitor, I've try to had the sensor with :

- "Add" command : Ok,

- "Import from the MC" : Ok.

I can add the sensor but the connection is always in the status "indeterminant". I can't see the events on CiscoWorks.

For the management with https://sensor, it's ok.

Dimitri

0 Helpful

emusican
Level 1
Level 1
In response to ddugailliez

‎10-15-2003 07:52 AM

Take a look at your analysis statistics in the security monitor. Is the link up and is it full? Do you see Rx bytes? Do you see any alarms when you run the event store statistic?

0 Helpful

ddugailliez
Level 1
Level 1
In response to emusican

‎10-16-2003 12:13 AM

The link of the interface ( int7, int8 ) is up and I see Rx bytes.

In the event store, I have alarms ( informational, low, medium, high )

0 Helpful

bygregory
Level 1
Level 1

‎10-16-2003 11:13 AM

"Indeterminant" status indicates that the receiver process is either not running or is hung.

RDEP device connection status (and CSA MC connection status) is stored in a table in the database. The receiver process updates the device record whenever the connection status for that device changes. "Indeterminant" means that the record for that device has not been added to the database and that can only occur when the receiver is stopped (or hung somehow).

You can restart the Ids_Receiver process (Server Configuration->Administration->Process Management, start/stop process) and the problem should go away.

If you are unsure what caused the receiver to stop, check the Ids_Receiver.log for error messages. You may also want to run an audit log report for the receiver process. This report will show receiver related messages that may help you understand what caused the problem.

ddugailliez
Level 1
Level 1
In response to bygregory

‎10-20-2003 03:33 AM

The problem is resolved.

I have restarted the service IDS_receiver and the status is now Connected TLS.

Thanks.

shawn.posthumus
Level 1
Level 1
In response to ddugailliez

‎10-21-2003 05:38 AM

I also had this problem yesterday afternoon, and stop/start the ids_receiver fixed it.

Customers Also Viewed These Support Documents