01-23-2013 12:03 PM - edited 03-10-2019 05:52 AM
Im looking at the IPS modules at the moment that seem to have an ongoing issue of the Analysis Engine crashing. This runs as a process called sensorApp located in /usr/cids/idsroot/bin/
When its originally launched it runs without problem using a -z switch and specifies the PID of the mainApp process.
Normally when this crashes the recommended action is to restart the module however what can i do if im unable to do that.
We have probably in the region of 400+ firewall pairs, i.e 800+ firewalls/IPS modules.
If the IPS module stops working in the active firewall, the restart it, the firewall in the failover pair gets marked as failed and therefore the firewalls failover to the standby.
How can I restart this process through a service account and make the IPS active again without restarting it?
I have tried logging in with a service account and starting the process manually. I get the PID of mainApp by doing a /etc/init.d/cids status. Then run the commands
su -
<password>
su cids
/usr/cids/idsroot/bin/sensorApp -z PID
It runs and loads signatures etc. But when doing a sh ver on the module it still shows the analysis engine as being down.
Someone please help or Cisco... if your listening break up the Analysis Engine from the mainapp and collaberation engine.
Thanks
Ross
01-23-2013 08:24 PM
It is not recommended to start the Analysis Engine manually.
Regards,
Sawan Gupta
01-24-2013 01:13 AM
I know its not recommended however for me it is a nessecity.
If in cases where I have a failover pair and the IPS in the active firewall has caused the sensorApp to crash, I could restart the app. Get the module back up and running then upgrade both modules at the same time which doesnt cause a firewall failover.
Given that you mentioned its not recommended that indicates there is a way to do it?
01-24-2013 01:17 AM
Cisco TAC will surely answer this query once you have a service request opened :-)
Regards,
Sawan Gupta
01-24-2013 01:19 AM
Thanks for that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide