Re: ASA-SSC-AIP-5 Analysis Engine Not Responding

Mark^ · ‎04-14-2011

Every couple of days I have been noticing that the IPS is in bypass mode and the Analysis Engine Status is often shown as not responding or is still loading something, and naturally, the CPU is pegged at 100%... so I have been reloading the IPS when this happens.

2 Questions:

Any general pointers of what often causes this, or things that I should look for when this is happening? I know I did not give enough details for specific answers, but I am just looking for general ideas to start with.
More importantly, what syslog messages might show up in the logs when the IPS goes into Bypass mode? I'd like to setup a notification for these syslog messages so that I can troubleshoot immediately and determine the cause.

IPS Version 6.2(2)E4

Signature Version 559.0

Cisco Adaptive Security Appliance Software Version 8.3(2)13

Thanks.

Mark

Jennifer Halim · ‎04-17-2011

I would suggest that you upgrade the AIP-5 software to the latest version: 6.2.3(E4).

Here is the release notes where a number of memory related bugs have been resolved:

http://www.cisco.com/web/software/282549758/38029/IPS-6_2-3-E4_readme.txt

You might also want to check if the AIP-5 module is overloaded with traffic, which can cause that issue.

Mark^ · ‎04-19-2011

Thank you. I did not see that was available. I have applied the update and will monitor it for a while. Hopfully that's all it was!

As fr as the syslog messages, I think I got what I needed via the ASA syslog.

Thanks!

Mark