IDS Sensor 4.1 doesn't capture events.

jpoudereux — Sun, 10 Mar 2019 09:29:32 GMT

My IDS Sensor 4.1 stops capturing events after some time. I don't know if maybe it is because there are a lot of VLANs in SPAN and the IDS doesn't support all this traffic. Am i wrong?

Here is the show ver output:>

# sh ver

Application Partition:

Cisco Systems Intrusion Detection Sensor, Version 4.1(4)S174

OS Version 2.4.18-5-phoenix

Platform: WS-SVC-IDSM2-BUN

Sensor up-time is 20:49.

Using 337403904 out of 1979682816 bytes of available memory (17% usage)

Using 2.0G out of 17G bytes of available disk space (13% usage)

MainApp 2005_Feb_15_10.32 (Eng4g) 2005-02-15T10:35:34-0600 Running

AnalysisEngine 2005_Feb_15_10.32 (Eng4g) 2005-02-15T10:35:34-0600 Running

Authentication 2005_Feb_15_10.32 (Eng4g) 2005-02-15T10:35:34-0600 Running

Logger 2005_Feb_15_10.32 (Eng4g) 2005-02-15T10:35:34-0600 Running

NetworkAccess 2005_Feb_15_10.32 (Eng4g) 2005-02-15T10:35:34-0600 Running

TransactionSource 2005_Feb_15_10.32 (Eng4g) 2005-02-15T10:35:34-0600 Running

WebServer 2005_Feb_15_10.32 (Eng4g) 2005-02-15T10:35:34-0600 Running

CLI 2004_Apr_15_15.03 (Release) 2004-04-15T15:11:59-0500

Upgrade History:

* IDS-sig-4.1-4-S172 08:51:06 UTC Wed Jun 01 2005

IDS-sig-4.1-4-S174.rpm.pkg 15:13:12 UTC Wed Jun 08 2005

Maintenance Partition Version 2.1(1)

And here is the "sh event" output:

# sh event

evError: eventId=1099377235773324837 severity=warning

originator:

hostId: CISCO-IDS

appName: sensorApp

appInstanceId: 1206

time: 2005/06/10 08:43:21 2005/06/10 10:43:21 GMT

errorMessage: name=errWarning Producer appears to be out of superblocks...consider configuring TCPReassemblyMode to loose FreeBlocks: 2155

evError: eventId=1099377235773324838 severity=warning

originator:

hostId: CISCO-IDS

appName: sensorApp

appInstanceId: 1206

time: 2005/06/10 08:43:23 2005/06/10 10:43:23 GMT

errorMessage: name=errWarning Producer appears to be out of superblocks...consider configuring TCPReassemblyMode to loose FreeBlocks: 2155

But i have already configured TCP Reassembly Mode to 'loose' and it does the same: after some time, it logs a few events and starts logging this event, but the Security Monitor stops showing me any Alarm. What can I do to solve this?

Thank you very much.

Re: IDS Sensor 4.1 doesn't capture events.

jpoudereux — Fri, 10 Jun 2005 10:26:21 GMT

When the IDSM2 starts crashing (i mean, logging only this event), i clear the IDSM2 interface counters and i realize that no packet are processed and the "missed packet percentage" grows and grows.

That means after this crashing it stops processing packets and loses every traffic it receives. The question is why? And how can i solve this?

Thanks everybody.

Re: IDS Sensor 4.1 doesn't capture events.

jpoudereux — Wed, 15 Jun 2005 14:32:04 GMT

The solution to this problem I was having is to install Maintenance Partition Image 2.1(2).

It works!

Re: IDS Sensor 4.1 doesn't capture events.

chulje.sung — Tue, 21 Jun 2005 03:29:47 GMT

remove 4.1.4g fetch

topic Re: IDS Sensor 4.1 doesn't capture events. in Network Security

IDS Sensor 4.1 doesn't capture events.

Re: IDS Sensor 4.1 doesn't capture events.

Re: IDS Sensor 4.1 doesn't capture events.

Re: IDS Sensor 4.1 doesn't capture events.