cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4229
Views
10
Helpful
4
Replies

IPS signature update

Rodrigo Gurriti
Level 3
Level 3

Hello,

auto update problem with IPS..

I noticed that the IPS isnt updating anymore and I found this :

Auto Update Statistics
   lastDirectoryReadAttempt = 13:20:35 UTC Wed Nov 17 2010
    =   Read directory: https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl
    =   Error: AutoUpdate exception: Receive HTTP response failed [3,212]
   lastDownloadAttempt = 00:01:37 UTC Thu Oct 28 2010
   lastInstallAttempt = 00:02:32 UTC Thu Oct 28 2010
   nextAttempt = 00:00:00 UTC Thu Nov 18 2010

What does that error means ? It was working before.

Thank you

1 Accepted Solution

Accepted Solutions

praprama
Cisco Employee
Cisco Employee

Hi,

Please refer this discussion.

https://supportforums.cisco.com/message/3227833#3227833

Could be related to this. What does "show statistics host" output look like from the IPS? Could you also post the output of "show version"?

Cheers,

Prapanch

View solution in original post

4 Replies 4

praprama
Cisco Employee
Cisco Employee

Hi,

Please refer this discussion.

https://supportforums.cisco.com/message/3227833#3227833

Could be related to this. What does "show statistics host" output look like from the IPS? Could you also post the output of "show version"?

Cheers,

Prapanch

I'd love to know what this erro mean Receive HTTP response failed [3,212]

Here it is:

sh statistics host

General Statistics
   Last Change To Host Config (UTC) = 17-Nov-2010 15:32:17
   Command Control Port Device = Management0/0
Network Statistics
    = ma0_0     Link encap:Ethernet  HWaddr 00:04:23:E3:1A:C1
    =           inet addr:10.161.0.79  Bcast:10.161.0.255  Mask:255.255.255.0
    =           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
    =           RX packets:21763193 errors:0 dropped:0 overruns:0 frame:0
    =           TX packets:13870087 errors:0 dropped:0 overruns:0 carrier:0
    =           collisions:0 txqueuelen:1000
    =           RX bytes:2406636591 (2.2 GiB)  TX bytes:3012815414 (2.8 GiB)
    =           Base address:0xbc80 Memory:fcce0000-fcd00000
NTP Statistics
    =      remote           refid      st t when poll reach   delay   offset  jitter
    = *roma.coe.ufrj.b 200.132.0.132    2 u  102 1024  377   31.960   -1.809   0.287
    =  LOCAL(0)        73.78.73.84      5 l   22   64  377    0.000    0.000   0.001
    = ind assID status  conf reach auth condition  last_event cnt
    =   1 17764  b674   yes   yes  none  sys.peer   reachable  7
    =   2 17765  9034   yes   yes  none    reject   reachable  3
   status = Synchronized
Memory Usage
   usedBytes = 1906143232
   freeBytes = 2194202624
   totalBytes = 4100345856
Summertime Statistics
   start = 02:00:00 UTC Sun Oct 17 2010
   end = 02:00:00 UTC Sun Feb 20 2011
CPU Statistics
   Usage over last 5 seconds = 88
   Usage over last minute = 88
   Usage over last 5 minutes = 88
   Usage over last 5 seconds = 48
   Usage over last minute = 46
   Usage over last 5 minutes = 46
Memory Statistics
   Memory usage (bytes) = 1906143232
   Memory free (bytes) = 2194202624
Auto Update Statistics
   lastDirectoryReadAttempt = 15:33:35 UTC Wed Nov 17 2010
    =   Read directory: http://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl
    =   Error: AutoUpdate exception: Receive HTTP response failed [3,212]

   lastDownloadAttempt = 00:01:37 UTC Thu Oct 28 2010
   lastInstallAttempt = 00:02:32 UTC Thu Oct 28 2010
   nextAttempt = 16:33:00 UTC Wed Nov 17 2010
Auxilliary Processors Installed

sh version 
Application Partition:

Cisco Intrusion Prevention System, Version 7.0(4)E4

Host:                                                        
    Realm Keys          key1.0                               
Signature Definition:                                        
    Signature Update    S524.0                   2010-10-26  
OS Version:             2.4.30-IDS-smp-bigphys               
Platform:               IPS-4260-K9                          
Serial Number:          XXXXXXXX                        
Licensed, expires:      16-Nov-2011 UTC                      
Sensor up-time is 22 days.
Using 1906151424 out of 4100345856 bytes of available memory (46% usage)
system is using 17.4M out of 38.5M bytes of available disk space (45% usage)
application-data is using 46.9M out of 166.8M bytes of available disk space (30% usage)
boot is using 41.6M out of 69.5M bytes of available disk space (63% usage)
application-log is using 494.0M out of 513.0M bytes of available disk space (96% usage)


MainApp            B-BEAU_704_2010_JUL_21_15_57_7_0_3_29   (Ipsbuild)   2010-07-21T15:59:36-0500   Running  
AnalysisEngine     B-BEAU_704_2010_JUL_21_15_57_7_0_3_29   (Ipsbuild)   2010-07-21T15:59:36-0500   Running  
CollaborationApp   B-BEAU_704_2010_JUL_21_15_57_7_0_3_29   (Ipsbuild)   2010-07-21T15:59:36-0500   Running  
CLI                B-BEAU_704_2010_JUL_21_15_57_7_0_3_29   (Ipsbuild)   2010-07-21T15:59:36-0500         

Upgrade History:

* IPS-sig-S523-req-E4       05:31:28 UTC Tue Oct 26 2010  
  IPS-sig-S524-req-E4.pkg   22:01:39 UTC Wed Oct 27 2010

Recovery Partition Version 1.1 - 7.0(4)E4

Host Certificate Valid from: 28-Sep-2010 to 28-Sep-2012

PS.

licence expires on Nov 11 2011

The CCO is working fine, it can download signatures.

The update worked fine  as you can tell the Oct 27 was auto update.

The update was scheduled for every day at 2AM but i've chenged to every 1 hour to see if is cisco.com that is flooded and rejects the conection.

Seems related to what Scott posted in the other thread.

Regards,

Prapanch

Hello all,

This issue has been resolved. Please set your sensors' Auto Update URL to the default and allow the update to run again. Let us know if you continue to experience issues.

Thank you,

Blayne Dreier

Cisco TAC Escalation Team

**Please check out our Podcasts**

TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast

TAC IPS Media Series: https://supportforums.cisco.com/community/netpro/security/intrusion-prevention?view=tags&tags=tac_ips_media_series

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: