Re: IDS sig Updates (IDS-K9-sp-4.1-5-s189.rpm.pkg) Problem - Page 2

emad.mohamed · ‎09-07-2005

I am trying to upgrade some IDS sensors from S188 to the new service pack which is S189. The IDS device show this message (The System will rebooted upon completion of the update)

After I rebooted the IDS, it still running the old version S188. ANY IDEA why????

Thank you

jchrisos · ‎09-19-2005

If it is due to storage issues, I found that the IDS 4.1(4h) Patch resolves the IDS incorrectly calculating storage space.

jodr · ‎09-20-2005

Well, as installing the upgrade 4.1.(5) does not work on the 4240, I would very much like to install this patch to see if this will resolve the lack of disk space issue. But I don't find it right away. Do have still the link ?

Thanks,

Johan.

jchrisos · ‎09-20-2005

I don't have the link, but I found the post that solved my problem:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dd90e88/1#selected_message

The link is:

http://www.cisco.com/cgi-bin/tablebuild.pl/ids-patches

But I don't see anything that says "4h" on there. I guess anything beyond patch level "g" should do the trick according to that post.

Hope this helps!!!!!!!!!!

Jim

--UPDATE--

Doesn't look like the link he gave me works. The link below may be more help, but I still don't see that patch.

INSTALLATION

To install the version 4.1(4h) patch on a 4.1(4), 4.1(4a), 4.1(4b)

4.1(4c), 4.1(4d), 4.1(4e), 4.1(4f) or 4.1(4g) sensor, follow these steps:

1. Download the file IDS-K9-patch-4.1-4h.rpm.pkg

to an ftp, scp, http, or https server on your network from:

http://www.cisco.com/cgi-bin/tablebuild.pl/nids

CAUTION: You must log in to Cisco.com using an account with

cryptographic privileges in order to download the file. Do not

change the file name. You must preserve the original file name for

the sensor to accept the update.

jamesand · ‎09-20-2005

What is the error message you receive when attempting to install 4.1(5)? If it is a "disk" space issue, then installing a patch will not help. If it is a sensorApp not running error then I would suggest rebooting the sensor disabling the sniffing interfaces and then attempting the upgrade to 4.1(5). NOTE: all of the fixes for sensorApp memory issues that are in the patches are also in 4.1(5).

jodr · ‎09-21-2005

This is the error when trying to install the 4.1.(5) upgrade to a 4240 sensor :

Applying update IDS-K9-sp-4.1-5-S189.

Shutting down all CIDS processes. All connections will be terminated.

The system will be rebooted upon completion of the update.

Error: The update requires 115000 KB in /usr/cids/idsRoot/var, there are only 96317 KB available.

This is a 'clean' sensor as we reimaged it only yesterday to make as much space free as possible. But it did not work out. Afterwards I installed the 4.1.4h patch which I found at the url :

http://www.cisco.com/cgi-bin/tablebuild.pl/ids-patches

with which I gained a few MB, but not enough.

There is now some 119MB free before trying the installation.

jamesand · ‎09-21-2005

Here is a workaround for your 4240 storage space issue (this should cleanup more than enough space):

- log into service account and become root (use the su command with the same svc acct PW)

- remove the following directories:

# rm -rf /usr/cids/idsRoot/var/updates/files/S69

# rm -rf /usr/cids/idsRoot/var/updates/files/common

# rm /usr/cids/idsRoot/var/virtualSensor/*

# rm /usr/cids/idsRoot/var/.tmp/*

- retry the 4.1(5) upgrade

jodr · ‎09-21-2005

Upgrade done ! The two last cleanups did the trick ! I had read one of your first answers for cleaning up /usr/cids/idsRoot/var/updates/files/S69 and /usr/cids/idsRoot/var/updates/files/common, but this did not free up enough space. But by also cleaning up the last two directories you mentioned freed up more than enough space so that we ended up with 155 MB free. After doing the upgrade we end up now with still some 114 MB free on the root partition. Thank you very much for helping us out !!

wrh123456789 · ‎09-22-2005

No good, after removing the items you listed, I still have the folowing error:

Error: The update requires 115000 KB in /usr/cids/idsRoot/var, there are only 110896 KB available.

wrh123456789 · ‎09-22-2005

No good, after removing the items you listed, I still have the folowing error:

Error: The update requires 115000 KB in /usr/cids/idsRoot/var, there are only 110896 KB available.

wrh123456789 · ‎09-22-2005

No good, after removing the items you listed, I still have the folowing error:

Error: The update requires 115000 KB in /usr/cids/idsRoot/var, there are only 110896 KB available.

jamesand · ‎09-22-2005

Here are some other files that you can remove (this will prevent you from doing a downgrade, but that should not matter since you are attempting to upgrade anyway):

# rm -rf /usr/cids/idsRoot/var/updates/sigupdate/*

# rm -rf /var/log/messages*

# rm /usr/cids/idsRoot/var/updates/backups/*

jchrisos · ‎09-21-2005

Well, I manage several Cisco IDSes and that is what worked for me. Maybe we're talking about two different things?