Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1400
Views
0
Helpful
7
Replies
Highlighted
learnsec
Beginner
Beginner
‎08-24-2011 12:00 AM
‎08-24-2011 12:00 AM

Global Correlation Error

dear all,

i newly enabled global correlation on my IPS-4240. the global correlation was working fine for several days.

suddenly it is no more working, although the config is not modified.

1-mgt interface can resolve Address.

2-clock is not synchronized with ntp but it is set manually to be same as ntp server(internet)

3- no proxy used .

i disbaled /enabled global config still the same issue.

sh statistics global-correlation

Network Participation:

   Counters:

      Total Connection Attempts = 0

      Total Connection Failures = 0

      Connection Failures Since Last Success = 0

   Connection History:

Updates:

   Status Of Last Update Attempt = Failed

   Time Since Last Successful Update = 7392 minutes

   Counters:

      Update Failures Since Last Success = 1478

      Total Update Attempts = 3060

      Total Update Failures = 1481

   Update Interval In Seconds = 300

   Update Server = update-manifests.ironport.com

   Update Server Address = 204.15.82.17

   Current Versions:

      config = 0

      drop = 0

      ip = 0

      rule = 0

please advice.

Labels:
0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Jennifer Halim
Cisco Employee
Cisco Employee
In response to learnsec
‎08-24-2011 02:07 AM
‎08-24-2011 02:07 AM

If there is no network changes, I would suggest that you reload the IPS and see if that resolves the issue.

If you would like to further investigate the issue, I would suggest that you open a case with TAC so it can be further investigated.

View solution in original post

0 Helpful
Reply
7 REPLIES 7
Highlighted
Jennifer Halim
Cisco Employee
Cisco Employee
‎08-24-2011 12:12 AM
‎08-24-2011 12:12 AM

Pls check if there is any changes in the network infrastructure since the Global Correlation stops working.

Would need to confirm that access to update-manifests.ironport.com (204.15.82.17) is allowed through the network.

0 Helpful
Reply
Highlighted
learnsec
Beginner
Beginner
In response to Jennifer Halim
‎08-24-2011 01:42 AM
‎08-24-2011 01:42 AM

no network change,

plz check the following error log:

errorMessage: A global correlation update failed: Failed download of ibrs/1.1/drop/default/1314000963 : URI does not contain a valid ip address Messages, like this one, in the category - Reputation update failure - were logged 25 times in the last 7495 seconds.  name=errUnclassified

0 Helpful
Reply
Highlighted
Jennifer Halim
Cisco Employee
Cisco Employee
In response to learnsec
‎08-24-2011 02:07 AM
‎08-24-2011 02:07 AM

If there is no network changes, I would suggest that you reload the IPS and see if that resolves the issue.

If you would like to further investigate the issue, I would suggest that you open a case with TAC so it can be further investigated.

View solution in original post

0 Helpful
Reply
Highlighted
learnsec
Beginner
Beginner
In response to Jennifer Halim
‎09-06-2011 12:05 AM
‎09-06-2011 12:05 AM

hello jennifer,

i didn't reload the device, i was checking after couple of days the issue and i found that it was automaticaly and alone resynchronizing with global correlation site.

right it is abnormal behavior but i don't have an explanation to what happened.

regards,

0 Helpful
Reply
Highlighted
Jennifer Halim
Cisco Employee
Cisco Employee
In response to learnsec
‎09-06-2011 12:22 AM
‎09-06-2011 12:22 AM

Thanks for the update, and you might want to open a TAC case if it happens again in the future for further investigation.

0 Helpful
Reply
Highlighted
learnsec
Beginner
Beginner
In response to Jennifer Halim
‎09-06-2011 04:28 AM
‎09-06-2011 04:28 AM

hello jennifer,

unfortunately the problem re-occured.

could it be that the update-manifests.ironport.com (global correllation site) is not stable?

0 Helpful
Reply
Highlighted
praprama
Cisco Employee
Cisco Employee
In response to learnsec
‎09-12-2011 09:07 AM
‎09-12-2011 09:07 AM

Hi,

We will have to probably enable logs for global correlation using the service account and see what's going on. I would suggest what jennifer suggested above, that is, open a TAC case.

Regards,

Prapanch

0 Helpful
Reply
Latest Contents
Bridge the security gap with Cisco Remote Secure Worker
Created by Kelli Glass on 02-26-2021 04:37 PM
0
0
0
0
More people are working remotely, and this increases the risk of security breaches and the difficulty in defending remote workers where they work and securing the devices they use. Learn about Cisco Remote Secure Worker solutions that verify workers, secu... view more
ISE Performance & Scale
Created by howon on 02-24-2021 08:26 PM
11
214
11
214
    ISE Node Terminology PAN MNT PSN PXG Policy Administration Node Monitoring & Troubleshooting Node Policy Services Node Platform Exchange Grid Node The single plane of glass for ISE administration and configuration operatio... view more
Detecting and Responding to the SolarWinds Infrastructure At...
Created by aligarci on 02-23-2021 08:19 AM
0
5
0
5
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr... view more
Arista CloudVision WiFi Dictionary and NAD Profile for ISE I...
Created by hslai on 02-21-2021 01:59 PM
0
10
0
10
Attached are the dictionary and NAD profile as described in Arista CloudVision WiFi Integration with Cisco ISE .
Cisco Secure Endpoint Free Trial Guide
Created by E.L. Howard on 02-15-2021 07:36 PM
0
0
0
0
  About this Document Cisco Secure Endpoint (formerly AMP for Endpoints) is a comprehensive Endpoint Security solution designed to function both as a stand-alone tool, and as a part of the architecture of natively integrated Cisco and 3rd par... view more
Content for Community-Ad