https://community.cisco.com/t5/network-security/ips-auto-update-vs-manual-download/m-p/1476181#M67151 <HTML><HEAD></HEAD><BODY><P>Corey;</P><P></P><P>&nbsp; You're certainly welcome - always a pleasure to assist!</P><P></P><P>Scott</P></BODY></HTML> Fri, 25 Jun 2010 15:03:52 GMT Scott Fringer 2010-06-25T15:03:52Z https://community.cisco.com/t5/network-security/ips-auto-update-vs-manual-download/m-p/1476172#M67142 <P>Is there a delay in what's available via auto-update and updates that are available for manual download through cisco.com?&nbsp; I noticed today that S498 became available yesterday, but my IPS module in my ASA hasn't downloaded it automatically yet.&nbsp; When I do a #sh statistics host, I have a recent download attempt that says "Success: No installable auto update package found on server.</P><P></P><P>Just wondering if there is a delay between manual and auto updates or if I need to be concerned that my auto-udpates aren't working properly.</P><P></P><P>Thanks!</P> Sun, 10 Mar 2019 12:02:11 GMT https://community.cisco.com/t5/network-security/ips-auto-update-vs-manual-download/m-p/1476172#M67142 corey 2019-03-10T12:02:11Z https://community.cisco.com/t5/network-security/ips-auto-update-vs-manual-download/m-p/1476173#M67143 <HTML><HEAD></HEAD><BODY><P>There should not be a delay on the availability of the update on the website.&nbsp; When your sensor is scheduled to check may be later than the time it was posted and cause a potential delay.</P><P></P><P>Scott</P></BODY></HTML> Wed, 23 Jun 2010 19:06:19 GMT https://community.cisco.com/t5/network-security/ips-auto-update-vs-manual-download/m-p/1476173#M67143 Scott Fringer 2010-06-23T19:06:19Z https://community.cisco.com/t5/network-security/ips-auto-update-vs-manual-download/m-p/1476174#M67144 <HTML><HEAD></HEAD><BODY><P>I believe it's checked today - last directory read attempt was today, but I guess the last download attempt was yesterday.&nbsp; What's the difference?&nbsp; And if it is indeed not working, what's the best way to troubleshoot my issue.&nbsp; Here's the pertinent info from my sh statistics host:</P><P></P><P>Auto Update Statistics<BR />&nbsp;&nbsp; lastDirectoryReadAttempt = 18:24:12 UTC Wed Jun 23 2010<BR /><SPAN>&nbsp;&nbsp;&nbsp; =&nbsp;&nbsp; Read directory: </SPAN><A class="jive-link-external-small" href="https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl">https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl</A><BR />&nbsp;&nbsp;&nbsp; =&nbsp;&nbsp; Success: No installable auto update package found on server<BR />&nbsp;&nbsp; lastDownloadAttempt = 19:44:09 UTC Tue Jun 22 2010<BR />&nbsp;&nbsp; lastInstallAttempt = 19:45:05 UTC Tue Jun 22 2010<BR />&nbsp;&nbsp; nextAttempt = 19:24:00 UTC Wed Jun 23 2010</P><P></P><P>Thanks!</P></BODY></HTML> Wed, 23 Jun 2010 19:10:23 GMT https://community.cisco.com/t5/network-security/ips-auto-update-vs-manual-download/m-p/1476174#M67144 corey 2010-06-23T19:10:23Z https://community.cisco.com/t5/network-security/ips-auto-update-vs-manual-download/m-p/1476175#M67145 <HTML><HEAD></HEAD><BODY><P>The "lastDirectoryReadAttempt" is when the last check occurred (should match your scheduled timing).&nbsp; If the status is that there is no available update, that is as far as the process goes.&nbsp; If an update is available, the sensor should attempt to download.</P><P></P><P>The "lastDownloadAttempt" will indicate the last time an update download was found and the download was attempted.</P><P></P><P>The "lastInstallAttempt" will indicate the last time an update was downloaded and install initiated.</P><P></P><P>It does look like it checked at a point today and did not find an available update.&nbsp; That your outputs are UTC, I cannot correlate when the check today was run in relation to the publishing of the latest update.&nbsp; It may be that there is a cache engine between your sensor and Cisco, and it is indicating that there is nothing available.&nbsp; I would give the process another 24 hours to update.</P><P></P><P>Scott</P></BODY></HTML> Wed, 23 Jun 2010 20:48:54 GMT https://community.cisco.com/t5/network-security/ips-auto-update-vs-manual-download/m-p/1476175#M67145 Scott Fringer 2010-06-23T20:48:54Z https://community.cisco.com/t5/network-security/ips-auto-update-vs-manual-download/m-p/1476176#M67146 <HTML><HEAD></HEAD><BODY><P>I think I may have a larger issue.&nbsp; According to IDM, my CPU has been sitting at 100% for the last few days and the Analysis Engine Status has been sitting on "Processing Transaction" the whole tim as well.&nbsp; I'm wondering if it might have had an issue trying to apply it's sig update.&nbsp; Is there a way to kick the process in the pants and get it moving again?&nbsp; Should I reboot the module?&nbsp; The sensor is still picking up events.</P></BODY></HTML> Thu, 24 Jun 2010 20:11:30 GMT https://community.cisco.com/t5/network-security/ips-auto-update-vs-manual-download/m-p/1476176#M67146 corey 2010-06-24T20:11:30Z https://community.cisco.com/t5/network-security/ips-auto-update-vs-manual-download/m-p/1476177#M67147 <HTML><HEAD></HEAD><BODY><P>Corey;</P><P></P><P>&nbsp; It sounds like you are encountering bug CSCsq53214.</P><P></P><P><A class="jive-link-external-small" href="http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&amp;bugId=CSCsq53214">http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&amp;bugId=CSCsq53214</A></P><P></P><P>&nbsp; The fix is, as you asked, to reboot the module.&nbsp; You should be able to confirm current signature update from the output of 'sh ver' issued on the CLI.</P><P></P><P>Scott</P></BODY></HTML> Fri, 25 Jun 2010 10:52:02 GMT https://community.cisco.com/t5/network-security/ips-auto-update-vs-manual-download/m-p/1476177#M67147 Scott Fringer 2010-06-25T10:52:02Z https://community.cisco.com/t5/network-security/ips-auto-update-vs-manual-download/m-p/1476178#M67148 <HTML><HEAD></HEAD><BODY><P>I think you're right, Scott.&nbsp; One final question - rebooting the module does not affect the ASA, right? (I can reboot it without affecting my users, right?)</P></BODY></HTML> Fri, 25 Jun 2010 14:50:22 GMT https://community.cisco.com/t5/network-security/ips-auto-update-vs-manual-download/m-p/1476178#M67148 corey 2010-06-25T14:50:22Z https://community.cisco.com/t5/network-security/ips-auto-update-vs-manual-download/m-p/1476179#M67149 <HTML><HEAD></HEAD><BODY><P>Corey;</P><P></P><P>&nbsp; It is possible to reboot the AIP-SSM without impacting user traffic.&nbsp; There are some things to check:</P><P></P><P>- mode of operation:</P><P>&nbsp; - fail-open will allow traffic to traverse the ASA while the AIP-SSM is rebooting</P><P>&nbsp; - fail-close will dstop traffic from traversing the ASA while the AIP-SSM is rebooting</P><P></P><P>- presence of failover for the ASA</P><P>&nbsp; - if no failover configured, you should encounter no issue</P><P>&nbsp; - if you are operating in active/standby failover, a failover will occur</P><P>&nbsp;&nbsp;&nbsp; - you can overcome this by removing the service policy for IPS inspection prior to the reboot of the AIP-SSM</P><P></P><P>Scott</P></BODY></HTML> Fri, 25 Jun 2010 14:54:31 GMT https://community.cisco.com/t5/network-security/ips-auto-update-vs-manual-download/m-p/1476179#M67149 Scott Fringer 2010-06-25T14:54:31Z https://community.cisco.com/t5/network-security/ips-auto-update-vs-manual-download/m-p/1476180#M67150 <HTML><HEAD></HEAD><BODY><P>Thank you for all your replies!</P></BODY></HTML> Fri, 25 Jun 2010 14:56:32 GMT https://community.cisco.com/t5/network-security/ips-auto-update-vs-manual-download/m-p/1476180#M67150 corey 2010-06-25T14:56:32Z https://community.cisco.com/t5/network-security/ips-auto-update-vs-manual-download/m-p/1476181#M67151 <HTML><HEAD></HEAD><BODY><P>Corey;</P><P></P><P>&nbsp; You're certainly welcome - always a pleasure to assist!</P><P></P><P>Scott</P></BODY></HTML> Fri, 25 Jun 2010 15:03:52 GMT https://community.cisco.com/t5/network-security/ips-auto-update-vs-manual-download/m-p/1476181#M67151 Scott Fringer 2010-06-25T15:03:52Z