I have a strange problem. I have had a replacement SSC-5 sensor, and it does not seem to be detecting/denying anything.
I have re-imaged it several time to try to solve the problem, but it makes no difference. Every time it boots up it displays the following messages in the logs.
evError: eventId=1310685483027914007 vendor=Cisco severity=error
originator:
hostId: pga_sensor
appName: interface
appInstanceId: 342
time: Jul 14, 2011 23:18:11 UTC offset=0 timeZone=GMT00:00
errorMessage: - no matching interface descriptor found [PhysicalIntfcList::identifyInterface] name=errSystemError
and
evError: eventId=1310685483027914066 vendor=Cisco severity=error
originator:
hostId: pga_sensor
appName: sensorApp
appInstanceId: 439
time: Jul 14, 2011 23:56:15 UTC offset=0 timeZone=GMT00:00
errorMessage: invalidValue:Anomaly Detection is not supported on this platform name=errUnacceptableValue
-----
I am guessing that the above is causing the sensor to fail in denying any traffic.
Setting the event override to the max on every level should cause it to deny some traffic, but it does not.
If someone could help that would be great.
Thanks
Phill