After upgrading from IDS MC 2.02 to IPS MC 2.1 I no longer can get to the NSDB. Whenever I try to pull it up it cannot find the files. The path it's looking for it is https://server/vms/nsdb/html/nsdb/html/signature.html. Is this still applicable?
The path is broken for SecMon 2.1, I haven't noticed it broken in IPS MC 2.1. Anyway, until Cisco fixes it, a simple work around is to create the symbolic link to the web pages. Or copy the nsdb files to the right path.
Windows 2000 and 2003 Resource Kit contains a program called linkd.exe that allows you to create sym links much like the Unix ln command. For SecMon, issue:
linkd C:\CSCOpx\MDC\Apache\htdocs\vms\nsdb\html\nsdb5 C:\CSCOpx\MDC\Apache\htdocs\vms\nsdb5
Now when viewing events in the event viewer, right clicking and selecting explanation will show the appropriate sig explanation html page.
Our systems have SP1 applied to SecMon and the link is still broken.
Prior to upgrade, our dedicated server that runs SecMon:
Common Services 2.2.2 with SP2
Upgrade procedure followed was:
upgrade Common Services to 2.2.3 with SP3
install JRE 1.4.08
upgrade SecMon to 2.0.1
upgrade SecMon 2.0.1 to SecMon 2.1
apply IPS MC/SecMon SP1
apply S190 update
Hmmm, I wonder if S190 was suppose to be in place before SP1?
Correction on my previous post, the command should be:
linkd D:\CSCOpx\MDC\Apache\htdocs\vms\nsdb\html\nsdb5 D:\CSCOpx\MDC\Apache\htdocs\vms\nsdb
Side effect is this will create a circular path; something to take note if you've got a file system backup program or integrity checker (such as Tripwire). Either limit the depth recursion or don't recursion down the nsdb5 junction.
Also, if the Windows 2000 Resource Kit isn't available to you, an alternative is Mark Russinovich's junction program.