Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1485
Views
0
Helpful
6
Replies

Automatic Applying Intrusion Policies to multiple sensors at same time.

Go to solution
mahesh18
Level 6
Level 6

‎08-07-2015 12:04 PM - edited ‎03-12-2019 05:44 AM

 

Hi Everyone,

 

Under System

Updates

Rule updates

On Defence center 750 we have enabled the option to download new rules and apply the policies  automaticall to all sensors.

But lately i am seeing that policie apply on sensor is failing.

It will apply on one sensor and fail on rest.

 

But when i apply them manually one at a time then it worked fine.

I also open the case with cisco tech as per him we should apply policies manually one at a time?

 

Does anyone know what else i can check to fix this issue?

 

Regards

Mahesh

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mahesh18

‎08-09-2015 10:21 AM

Hmm. I think whether or not they are in groups, the policy should reapply if you have slected the box to do so (and the update isn't already in place). That's how it works on mine.

What does your rule update log tell you (filter on action = apply)? Mine shows the apply action taking place as configured (open image in new tab to zoom):

 

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mahesh18

‎08-10-2015 07:40 AM

So it's telling you "Already Installed". We see this when we check for updates daily yet the updates are only released more or less weekly. It won't install an update that's already installed.

Perhaps the message could be a bit more informative at the top level but your log show the root cause is of no concern.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-08-2015 08:29 AM

Mahesh,

Have you setup your sensors in a device group? See FireSIGHT System User Guide, section on "Adding Device Groups".

 

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Marvin Rhoads

‎08-09-2015 08:31 AM

Hi Marvin,

 

Not they are not setup in groups.

When i go to Devices,Device Management i see them ungrouped .

 

Regards

MAhesh

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mahesh18

‎08-09-2015 10:21 AM

Hmm. I think whether or not they are in groups, the policy should reapply if you have slected the box to do so (and the update isn't already in place). That's how it works on mine.

What does your rule update log tell you (filter on action = apply)? Mine shows the apply action taking place as configured (open image in new tab to zoom):

 

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Marvin Rhoads

‎08-10-2015 07:36 AM

Hi MArvin,

 

Under Rule update log i see error under action.

When i click on error then new window opens up that shows

 

2015-08-10 00:00:25/var/sf/SRU/Sourcefire_Rule_Update-2015-08-06-001-vrt.shSRU Importerror     Already Installed1

Earlier Rules which were applied to policies shows action as changed.

Regards

Mahesh

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mahesh18

‎08-10-2015 07:40 AM

So it's telling you "Already Installed". We see this when we check for updates daily yet the updates are only released more or less weekly. It won't install an update that's already installed.

Perhaps the message could be a bit more informative at the top level but your log show the root cause is of no concern.

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Marvin Rhoads

‎08-10-2015 07:47 AM

Many thanks Marvin.

Regards

Mahesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card