Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problem updating to 3.0

Hi all.

I've just updated one of my sensors to 3.0(1)S4. The update seems to have worked smoothly. See below:

The Version of the Sensor is: 3.0(1)S4

postoffice v175 (Release) 01/07/11-21:50

logger v175 (Release) 01/07/11-21:49

sap v175 (Release) 01/07/11-21:50

fileXfer v175 (Release) 01/07/11-21:48

sensor v175 (Release) 01/07/11-15:33

The problem is with the CSPM. When I approve a new configuration I immediately get an error message stating: "Error - Incorrect sensor version". Looking at the distribution status I see the message: "Actual IDS Sensor Version 3.0(1)S4 is not the same as the user specified version 2.5(1)S3. invalid Sensor version".

Of course I have updated my CSPM to tell it that the sensor is now 3.0(1)S4, so the above message is apparently incorrect.

CSPM version is 2.3.1 build 2440.

I'm locked out from accessing the sensor via CSPM. What am I missing?

TIA,

Giovanni

4 REPLIES
Cisco Employee

Re: Problem updating to 3.0

It is possible that database was not updated after making the version change. The version saved to the database may still have been 2.5(1)S3.

In CSPM select the sensor.

In the configuration window for the sensor ensure that the sensor version 3.0(1)S4 is selected (be sure to not select 3.0(1)S4 IDSM).

Press the OK button so that the change will be saved to local memory.

Press the Update Button so that the change will be saved to the database, and the new configuration files will be generated.

Wait until the configuration is completely generated.

Then try to push the configuration once again.

New Member

Re: Problem updating to 3.0

I did this, it didn't seem to work. I'll try as rcrowe suggests.

Which of the recent string match signatures are made obsolete by S4? The Code Red sig, the TESO telnet exploit?

Giovanni

Cisco Employee

Re: Problem updating to 3.0

The Custom String Matches that have been released for Code Red should be maintained on your sensors until we get S5 posted. Their is a posting under the title Acitve Update Notification: BSD Telnet Daemon Buffer Overflow on this forum that will walk you through adding a custom signature to a 3.0 sensor for The TESO telnet exploit. (NOTE: This signature can only be added to 3.0 sensors) This should be maintained until S5 is posted as well.

S5 is in the final stages of QA and should be ready to post this week.

New Member

Re: Problem updating to 3.0

i saw this too when i updated. im not sure what causes it, and maybe someone else out here might be able to explain it, but the way i got around it was to delete the sensor from CSPM and then re-add the sensor by Wizards --> Add Sensor. Then check Click here to capture sensor configuration. After that everything was fine.

127
Views
0
Helpful
4
Replies