cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
377
Views
5
Helpful
4
Replies

Indeterminant State

emusican
Level 1
Level 1

On my 4X sensor, I keep on getting an indeterminant state on the Secuirty Monitor's Connections tab. I have full connectivity to the sensor on port 22 and 443. I am able to ssh both ways, and I am able to use the IDM tool via 443. What I havent seen is alarms being forwarded back to the MC. Im sure this is why its in an indeterminate state, but if I can use the IDM tool and 443 is open, why wouldnt it work properly? Im kind of stumped on this one.

4 Replies 4

ywadhavk
Cisco Employee
Cisco Employee

This state indicates that the connection status record has not yet been written for this device in the database. It will only show up in two situations.

The device is added while the system is very busy and the user checks the connection status before the receiver is able to create the collector thread for the device.

The device was added while the receiver process was stopped.

Try rebooting the VMS server and if this doesn't work,deleting and adding back the IDS

thanks

yatin

OK, I figured out the problem....but this kind of leads me to ask another question.

The dbserv7 process was hung at 20%. This probably occupied the system to an extent where it wasn't able to create the collector thread.

This is far from the first issue I have had with dbserv7. It always seems to get hung around 20% especially after reports are run or the EvsServer is run. To correct the problem (75% of the time this works) I have been first stopping dmgtd, then deleting the .SQLAnywhere directory out of the /tmp directory. After waiting about 5 minutes I restart dmgtd. Smetimes this works, sometimes it doesnt. Whenever you interrupt a process, i.e.closing the EvsServer window before it displays alarms or Canceling out a hung report, the dbserv7 process goes to 20% and stays there. Anyone have any information on this process or their own experiences in dealing with this?

alll
Level 1
Level 1

In Security Monitor. Go to "Administration" "Process Management" choose "stop process" and stop only the IDS_Receiver process. Once it has been stopped. Start it again and it should show connected.

That would not work because dbsrv7 was hung. THe only thing that worked was what I mentioned above.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: