Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

User receives the Analysis Engine is busy and unable to process during an upgrade

Core issue

The user is unable to upgrade the Instrusion Detection System (IDS) Sensor. During the upgrade the IDS console shows this error message:

 

IDS(Config)#upgrade http://IP_address/Service_Pack_version

Warning: Executing this command will apply a signature update to the application partition.

Continue with upgrade? : yes

 

error:  AnalysisEngine is currently busy and unable to process this update.  Please wait several
minutes before attempting update again.

Resolution

For a workaround, stop CIDs from the service account, clear the cache files, and restart CIDs.

Perform this procedure:

 

  1. Log in using the service account.

    Note: Access the Linux console in IDS Sensor by logging in with a service account. To determine if Management Center for IDS Sensors (IDS MC) has created a service account, type show users all in the sensor. These accounts are not created by default. They must be created by issuing this command:

    
     

    sensor(config)#username "service username" privilege service password "password"

    Type show users all once more to make sure the service account has been created. Log out and log back in using the service account. Then go as su to root by issuing the su root command. The password for the root user is the same as the password created by the service account command.

  2. Issue the su - command to enter root user mode.
  3. Stop the CIDs by issuing the /etc/init.d/cids stop command.
  4. Issue the cd /usr/cids/idsRoot/var/virtualSensor command.
  5. Remove the *.pmz files rm *.pmz.
  6. Issue the cd /usr/cids/idsRoot/var/.tmp command.

    Note: Sometimes the .tmp directory is not available.

  7. Remove the *.pmz files rm *.pmz.
  8. Start the CIDs by issuing the /etc/init.d/cids start command, and wait for 10 minutes.

    It should come back within 10 minutes and you should be able to run the upgrade then. There should be about 15 *.pmz files listed after they get re-generated.

    If you are still having problem, there could be a signature configuration problem. In that case, delete the analysis  engine config file and restart the CIDs with these commands:

    [root@ids root]# rm /usr/cids/idsRoot/etc/AE-Config/analysisEngine.xml
    [root@ids root]# /etc/rc.d/init.d/cids restartThat will also re-generate the files.
  9. After completing the procedure, log in and verify the updates.
  10. Update the IDS Sensors with the right service pack. Read the release notes before downloading the upgrade pack to determine whether the upgrade code is suitable for the current IDS Sensor version.

 

Scenario 2:

Problem:

User looking for help about an issue with an Cisco IPS (B-BEAU) that is showing the Analysis Engine=NotRunning

These are the SO and Version of my IPS:

Version: 7.0(6)E4

OS Version: 2.4.30-IDS-smp-bigphys

If I execute the show events command I get the following lines:

ct-sensorApp.650 not responding
evStatus: eventId=1326914865100530240 vendor=Cisco
  originator:
   hostId: XXXXXXXX
    appName: modprobe
    appInstanceId:
  time: 2013/07/13 02:11:05 2013/07/12 20:11:05 CST

  syslogMessage:

    description: Note: /etc/modules.conf is more recent than /lib/modules/2.4.30-IDS-smp-bigphys/modules.dep

The following lines show the result for the show status command:

XXXXXX# show health

Overall Health Status                                                           Red
Health Status for Failed Applications                                Red
Health Status for Signature Updates                                 Not Enabled
Health Status for License Key Expiration                          Red
Health Status for Running in Bypass Mode                       Red
Health Status for Interfaces Being Down                           Red
Health Status for the Inspection Load                                Green
Health Status for the Time Since Last Event Retrieval    Not Enabled
Health Status for the Number of Missed Packets            Green
Health Status for the Memory Usage                                 Not Enabled
Health Status for Global Correlation                                  Not Enabled
Health Status for Network Participation                            Not Enabled
Security Status for Virtual Sensor vs0                               Green
Security Status for Virtual Sensor vs1                               Green

Do you have any idea what's wrong here?

 

Solution:

 

Pre-7.0.8 versions have issues with the latest signature updates, so most likely you will face this issue after every signature 

upgrade. So I suggest you to upgrade at least to 7.0.8 or 7.1.7.

Planning, Design, and Implementation Help Desk
http://www.cisco.com/web/partners/tools/pdihd.html

 

6001
Views
0
Helpful
0
Comments