Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
678
Views
10
Helpful
4
Replies

error upgrading sigs

pryan
Level 1
Level 1

‎04-06-2005 11:40 AM - edited ‎03-10-2019 01:22 AM

Hi Guys,

I have been working with Cisco TAC to solve this and no one has been able to fix this yet. Thought I would give the forum a shot. Here is the message and some other info.

attsensor# conf t

attsensor(config)# upgrade ftp://service@x.x.x.x//IDS-sig-4.1-4-S141.rpm.pkg

Password: *******

Warning: Executing this command will apply a signature update to the applicatio

partition.

Continue with upgrade? : yes

Broadcast message from root (Wed Apr 6 11:46:50 2005):

error: AnalysisEngine is currently busy and unable to process this update. Pl

ase wait several minutes before attempting update again.

Error: error: AnalysisEngine is currently busy and unable to process this upda

e. Please wait several minutes before attempting update again.

attsensor(config)# exit

attsensor# show ver

Application Partition:

Cisco Systems Intrusion Detection Sensor, Version 4.1(4)S140

OS Version 2.4.18-5smpbigphys-4215

Platform: IDS-4215

Using 177246208 out of 459202560 bytes of available memory (38% usage)

Using 1.2G out of 17G bytes of available disk space (8% usage)

MainApp 2004_Apr_15_15.03 (Release) 2004-04-15T15:11:59-0500

unning

AnalysisEngine 2004_Apr_15_15.03 (Release) 2004-04-15T15:11:59-0500

otRunning

Authentication 2004_Apr_15_15.03 (Release) 2004-04-15T15:11:59-0500

unning

Logger 2004_Apr_15_15.03 (Release) 2004-04-15T15:11:59-0500

unning

NetworkAccess 2004_Apr_15_15.03 (Release) 2004-04-15T15:11:59-0500

unning

TransactionSource 2004_Apr_15_15.03 (Release) 2004-04-15T15:11:59-0500

unning

WebServer 2004_Apr_15_15.03 (Release) 2004-04-15T15:11:59-0500

unning

CLI 2004_Apr_15_15.03 (Release) 2004-04-15T15:11:59-0500

Upgrade History:

* IDS-sig-4.1-4-S139 10:32:35 UTC Fri Jan 28 2005

IDS-sig-4.1-4-S140.rpm.pkg 15:09:19 UTC Mon Jan 31 2005

Recovery Partition Version 4.1(1)S47

Please Help!

Labels:
0 Helpful
4 Replies 4

scothrel
Level 3
Level 3

‎04-06-2005 01:14 PM

load the latest 4.1.4 "g" patch if you're not already running it. An out of memory during upgrade bug was patched somewhere in the 'e' or 'f' patch level ('g' just being the latest release). This is likely the cause of what you are seeing.

marcabal
Cisco Employee
Cisco Employee

‎04-06-2005 01:43 PM

If you look in the output of show version you see "NotRunning" for AnalysisEngine. This means the sensorApp process has stopped for some reason.

What to do:

1) Reboot the sensor to get everything running again.

2) Use show version to verify that AnalysisEngine is Running.

NOTE:

If AnalysisEngine is NotRunning then don't even bother with the sig update it will fail. the AnalysisEngine has to be running for the sig update install.

The TAC would need to be contacted to help troubleshoot further in that situation.

If AnalysisEngine is not running right after a reboot then something in the configuration or another file on the box may be a problem. You might have to execute "conf t" and then "recover application-partition" to re-image the sensor and start from scratch again (the TAC should walk you through it if necessary).

3) Attempt to install the sig update again.

Hopefully it installed just fine this time.

If so then the previous error had nothing to do with the sig update install instead the AnalysisEngine was probably having a problem even before you tried the update.

You will need to keep a watch on this sensor to see if AnalysisEngine stops running again. If so then contact the TAC so they get a core file and pass it on for development to analyze. They may have you load a 4.1(4g) engineering patch that contains some additional fixes.

If the install errors then go to step 4.

4) Check the output of "show version" again if you get the same error.

If AnalysisEngine was Running just before the install but is NotRunning just after the install then you may be running across a known issue that was addressed in the 4.1(4g) engineering patch. Contact the TAC to get the patch.

If AnalysisEngine is still Running after the install failure, then this could just be a normal situation where the AnalysisEngine was busy and not ready to be updated. This is perfectly normal after a reboot.

Wait a few minutes, and start with step 3 above one more time.

You may have to wait as much as 25 minutes (on low end platforms) for AnalysisEngine to be ready. These situations are rare, and are generally only seen on a fresh image of the sensor where the AnalysisEngine has to prepare a lot of cache files, or where a large number of signature updates have been skipped (like jumping from S91 to S155) which will cause a lot of cache files needing to be created for all of the new signatures.

So if it doesn't work the 2nd time and AnalysisEngine is still Running, then wait 30 minutes and try again. You might be running into one of those rare ocurrences.

If AnalysisEngine stays running but you still can't get the sig update installed even after waiting 30 minutes, then something weird is going on.

You will need to supply the TAC with a system status report from the sensor (a show techsupport).

pryan
Level 1
Level 1
In response to marcabal

‎04-06-2005 02:16 PM

Thanks for the help guys, the analysisEngine is still "NotRunning" after reboot.

i guess i will have to go back to TAC.

0 Helpful

scothrel
Level 3
Level 3
In response to pryan

‎04-06-2005 03:22 PM

Or, recover the application-partition, install the 'g' patch, then install your signature update. All updates are cumulative, so you only have to jump to the one you want. You may have to contact the TAC for the 'g' patch. Mention the 'g' patch to the TAC....

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card