cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
740
Views
0
Helpful
6
Replies

S10 signature upgrade problem

mbilal
Level 1
Level 1

I have received the message,

"Specified IDS Sensor Version 3.0(2)S10 is not an exact match to a supported

version. All features may not be supported."

I read in a post where the previous mentioned messsage can be ignored. If this is the case, How do you send the configuration to the sensor, because I can no longer use the "Approve Now" button to send the configs to the sensor?

Side Note: I can select every tab in the sensor window, but when I select the "Blocking" tab my application crashes and I receive a Dr. Watson error for cfmi.exe. Have you experienced this strange problem?

6 Replies 6

rsmith
Level 1
Level 1

FYI...I have been experiencing the same problem with the CSPM 2.3.3i update...can't access the blocking tab either, receiving the same Dr. Watson message. So your problem is not local to your box...software bug.

I wasn't aware of any problem with the Approve Now button.

The thing to keep in mind is that when the WARNING shows the Approve Button may not be selectable.

This is because the "Pending Commands" radial button has to be selected to push the Approve Button.

But the WARNING message shows up when another option is selected "Generation Status" if I remember correctly.

NOTE: The message about the version is just a WARNING and not an ERROR. It is just letting you know that new features in 3.0(2) aren't configurable in CSPM so only 3.0(1) features will be configured in the configuration files. Of course, this time around only bug fixes and no features were added in 3.0(2) so you can ignore the WARNING.

I also hadn't heard of any problem with the Device Management windows crashing. Have you called the TAC on that issue? I would recommend contacting the TAC if you haven't yet.

I uninstalled CSPM 2.3.3i from my machine ... rebooted the box and reinstalled 2.3.3i ... I didn't import my cpg file this time, I just rebuilt my topology and went back through my signatures. The Dr. Watson error went away. I didn't want to do that but when you call the TAC about the issue the first thing they tell you is to try a reinstall ... I didn't want to do that because it takes time to go through all of the signatures ... Hope this helps

r.zekic
Level 1
Level 1

I have problems with Unix Director after upgraded the signat. definitions to S10. My filters no longer can be pushed to Sensors, using HP Open View GUI, can not find the signatures in signature list to exclude them, getting 1000000.... alarms for some boxes that they tried to reach 0.0.0.0. I do not know what to do. Tried to compared the packetd.conf file on the Sensors. Lines for the RecordExcludedAddresses is commented out and have only one entry srcip address 10.1.100.1, which I never put it in. This must be some big bug/problem with this signature update as well as pack-update S09(2)

thanks,

ross

There is a known bug with RecordOfExcludedPattern when Summarization alarms are created with 0.0.0.0 addresses. DDTS Issue: CSCdv61032

But I have not seen the situation where the Exclude tokens weren't even being written to packetd.conf.

I would contact the TAC about that.

I talked with the nrConfigure developers and they say that the RecordOfExcludedPattern and RecordOfIncludedPattern tokens are no longer being written in packetd.conf. Instead they are being written to SigSettings.conf (or SigUser.conf).

So check these files also when looking for whether or not the token is being created.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: