Warning: Executing this command will apply a signature update to the application partition.
Continue with upgrade? : yes
error: AnalysisEngine is currently busy and unable to process this update. Please wait several
minutes before attempting update again.
For a workaround, stop CIDs from the service account, clear the cache files, and restart CIDs.
Perform this procedure:
Log in using the service account.
Note: Access the Linux console in IDS Sensor by logging in with a service account. To determine if Management Center for IDS Sensors (IDS MC) has created a service account, type show users all in the sensor. These accounts are not created by default. They must be created by issuing this command:
sensor(config)#username "service username" privilege service password "password"
Type show users all once more to make sure the service account has been created. Log out and log back in using the service account. Then go as su to root by issuing the su root command. The password for the root user is the same as the password created by the service account command.
Issue the su - command to enter root user mode.
Stop the CIDs by issuing the /etc/init.d/cids stop command.
Issue the cd /usr/cids/idsRoot/var/virtualSensor command.
Remove the *.pmz files rm *.pmz.
Issue the cd /usr/cids/idsRoot/var/.tmp command.
Note: Sometimes the .tmp directory is not available.
Remove the *.pmz files rm *.pmz.
Start the CIDs by issuing the /etc/init.d/cids start command, and wait for 10 minutes.
It should come back within 10 minutes and you should be able to run the upgrade then. There should be about 15 *.pmz files listed after they get re-generated.
If you are still having problem, there could be a signature configuration problem. In that case, delete the analysis engine config file and restart the CIDs with these commands:
[root@ids root]# rm /usr/cids/idsRoot/etc/AE-Config/analysisEngine.xml
[root@ids root]# /etc/rc.d/init.d/cids restartThat will also re-generate the files.
After completing the procedure, log in and verify the updates.
Update the IDS Sensors with the right service pack. Read the release notes before downloading the upgrade pack to determine whether the upgrade code is suitable for the current IDS Sensor version.
User looking for help about an issue with an Cisco IPS (B-BEAU) that is showing the Analysis Engine=NotRunning
These are the SO and Version of my IPS:
OS Version: 2.4.30-IDS-smp-bigphys
If I execute the show events command I get the following lines:
description: Note: /etc/modules.conf is more recent than /lib/modules/2.4.30-IDS-smp-bigphys/modules.dep
The following lines show the result for the show status command:
XXXXXX# show health
Overall Health Status Red Health Status for Failed Applications Red Health Status for Signature Updates Not Enabled Health Status for License Key Expiration Red Health Status for Running in Bypass Mode Red Health Status for Interfaces Being Down Red Health Status for the Inspection Load Green Health Status for the Time Since Last Event Retrieval Not Enabled Health Status for the Number of Missed Packets Green Health Status for the Memory Usage Not Enabled Health Status for Global Correlation Not Enabled Health Status for Network Participation Not Enabled Security Status for Virtual Sensor vs0 Green Security Status for Virtual Sensor vs1 Green
Do you have any idea what's wrong here?
Pre-7.0.8 versions have issues with the latest signature updates, so most likely you will face this issue after every signature
upgrade. So I suggest you to upgrade at least to 7.0.8 or 7.1.7.