02-13-2011 10:29 PM - edited 03-10-2019 05:16 AM
Hi all,
The Analysis Engine is not running for IPS module in AIPSSM Module. Please let me know how can i resolve this issue and get the analysis engine of IPS to running status.
Regards
Kiran
02-13-2011 10:31 PM
Reload should resolve the issue, however, if you would like to further investigate why it's not running, I would suggest that you open a case with the TAC.
02-13-2011 10:51 PM
Hi,
How do i reload the sensor? Is it through ASA? . Can you please let me know the exact command to do the same.
If i relaod the sensor , does it have any effect on the ASA as it is a AIPSSM module. Let me know if any backup needs to be taken.
Regards
Kiran
02-13-2011 11:45 PM
Multiple ways to reload the IPS:
1) If you are connected via IDM, you can go to Configuration --> Reboot Sensor --> and the "Reboot Sensor" button.
2) If you are in the IPS CLI, you can issue: reset
3) If you only have access to the ASA, then you can issue: hw-module module 1 reload
Are you running the ASA in failover mode? if it is, you can manually failover the ASA prior to the reload of the AIP module. Otherwise, it will automatically failover to the standby ASA when you reload the module.
If you are only running a single ASA, I would suggest that you reload the IPS during after hour, or double check if your policy map for redirecting the traffic towards the IPS says: "fail-open".
02-21-2011 06:38 AM
Hi All,
I have reloaded the IPS module in AIPSSM, Still no luck, the analysis engine is still not running.Can you please help me out to solve this.
Regards
Kiran
02-21-2011 01:11 PM
Hello,
I work in the TAC IDS team.
The command " asa#hw-module module 1 reload " will not be useful under this condition since it only does a software reset.
This may not be useful in conditions of a software crash.
Issue the command below to do a hardware reset of the module. This should bring the module back up.
asa#hw-module module 1 reset
If you want to investigate the reason behind the crash, please open a TAC case.
Regards,
Sid
02-21-2011 06:52 PM
Hi,
I have also tried with the command "hw-module module 1 reset". But still the analysis engine is not running. Will re-imaging solve the issue or do guide me if there are any other methods to resolve the same.
Also please share me the steps for re-imaging
Regards
Kiran
02-21-2011 07:14 PM
Hi Kiran,
Ideally, what you can do is to remove the configuration on the ASA that sends traffic to IPS.
The crash in sensorapp or analysis engine might be traffic, configuration related.
We can try to reboot the IPS with no load on it by stopping sending traffic to it.
You can remove the IPS policy from the ASA configuration.
http://tools.cisco.com/squish/2f7A3
What this will do is stop ASA from sending any traffic to IPS.
Now do the hw-module module 1 reset command.
See if the IPS module comes back up.
If that also fails, then you can re-image the module.
This will however erase the configuration on the module.
The re-image procedure for SSM module:
http://tools.cisco.com/squish/ee66a
Hope this helps.
Sid
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide