11-17-2010 05:44 AM - edited 03-10-2019 05:10 AM
Hello,
auto update problem with IPS..
I noticed that the IPS isnt updating anymore and I found this :
Auto Update Statistics
lastDirectoryReadAttempt = 13:20:35 UTC Wed Nov 17 2010
= Read directory: https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl
= Error: AutoUpdate exception: Receive HTTP response failed [3,212]
lastDownloadAttempt = 00:01:37 UTC Thu Oct 28 2010
lastInstallAttempt = 00:02:32 UTC Thu Oct 28 2010
nextAttempt = 00:00:00 UTC Thu Nov 18 2010
What does that error means ? It was working before.
Thank you
Solved! Go to Solution.
11-17-2010 07:53 AM
Hi,
Please refer this discussion.
https://supportforums.cisco.com/message/3227833#3227833
Could be related to this. What does "show statistics host" output look like from the IPS? Could you also post the output of "show version"?
Cheers,
Prapanch
11-17-2010 07:53 AM
Hi,
Please refer this discussion.
https://supportforums.cisco.com/message/3227833#3227833
Could be related to this. What does "show statistics host" output look like from the IPS? Could you also post the output of "show version"?
Cheers,
Prapanch
11-17-2010 08:07 AM
I'd love to know what this erro mean Receive HTTP response failed [3,212]
Here it is:
sh statistics host
General Statistics
Last Change To Host Config (UTC) = 17-Nov-2010 15:32:17
Command Control Port Device = Management0/0
Network Statistics
= ma0_0 Link encap:Ethernet HWaddr 00:04:23:E3:1A:C1
= inet addr:10.161.0.79 Bcast:10.161.0.255 Mask:255.255.255.0
= UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
= RX packets:21763193 errors:0 dropped:0 overruns:0 frame:0
= TX packets:13870087 errors:0 dropped:0 overruns:0 carrier:0
= collisions:0 txqueuelen:1000
= RX bytes:2406636591 (2.2 GiB) TX bytes:3012815414 (2.8 GiB)
= Base address:0xbc80 Memory:fcce0000-fcd00000
NTP Statistics
= remote refid st t when poll reach delay offset jitter
= *roma.coe.ufrj.b 200.132.0.132 2 u 102 1024 377 31.960 -1.809 0.287
= LOCAL(0) 73.78.73.84 5 l 22 64 377 0.000 0.000 0.001
= ind assID status conf reach auth condition last_event cnt
= 1 17764 b674 yes yes none sys.peer reachable 7
= 2 17765 9034 yes yes none reject reachable 3
status = Synchronized
Memory Usage
usedBytes = 1906143232
freeBytes = 2194202624
totalBytes = 4100345856
Summertime Statistics
start = 02:00:00 UTC Sun Oct 17 2010
end = 02:00:00 UTC Sun Feb 20 2011
CPU Statistics
Usage over last 5 seconds = 88
Usage over last minute = 88
Usage over last 5 minutes = 88
Usage over last 5 seconds = 48
Usage over last minute = 46
Usage over last 5 minutes = 46
Memory Statistics
Memory usage (bytes) = 1906143232
Memory free (bytes) = 2194202624
Auto Update Statistics
lastDirectoryReadAttempt = 15:33:35 UTC Wed Nov 17 2010
= Read directory: http://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl
= Error: AutoUpdate exception: Receive HTTP response failed [3,212]
lastDownloadAttempt = 00:01:37 UTC Thu Oct 28 2010
lastInstallAttempt = 00:02:32 UTC Thu Oct 28 2010
nextAttempt = 16:33:00 UTC Wed Nov 17 2010
Auxilliary Processors Installed
sh version
Application Partition:
Cisco Intrusion Prevention System, Version 7.0(4)E4
Host:
Realm Keys key1.0
Signature Definition:
Signature Update S524.0 2010-10-26
OS Version: 2.4.30-IDS-smp-bigphys
Platform: IPS-4260-K9
Serial Number: XXXXXXXX
Licensed, expires: 16-Nov-2011 UTC
Sensor up-time is 22 days.
Using 1906151424 out of 4100345856 bytes of available memory (46% usage)
system is using 17.4M out of 38.5M bytes of available disk space (45% usage)
application-data is using 46.9M out of 166.8M bytes of available disk space (30% usage)
boot is using 41.6M out of 69.5M bytes of available disk space (63% usage)
application-log is using 494.0M out of 513.0M bytes of available disk space (96% usage)
MainApp B-BEAU_704_2010_JUL_21_15_57_7_0_3_29 (Ipsbuild) 2010-07-21T15:59:36-0500 Running
AnalysisEngine B-BEAU_704_2010_JUL_21_15_57_7_0_3_29 (Ipsbuild) 2010-07-21T15:59:36-0500 Running
CollaborationApp B-BEAU_704_2010_JUL_21_15_57_7_0_3_29 (Ipsbuild) 2010-07-21T15:59:36-0500 Running
CLI B-BEAU_704_2010_JUL_21_15_57_7_0_3_29 (Ipsbuild) 2010-07-21T15:59:36-0500
Upgrade History:
* IPS-sig-S523-req-E4 05:31:28 UTC Tue Oct 26 2010
IPS-sig-S524-req-E4.pkg 22:01:39 UTC Wed Oct 27 2010
Recovery Partition Version 1.1 - 7.0(4)E4
Host Certificate Valid from: 28-Sep-2010 to 28-Sep-2012
PS.
licence expires on Nov 11 2011
The CCO is working fine, it can download signatures.
The update worked fine as you can tell the Oct 27 was auto update.
The update was scheduled for every day at 2AM but i've chenged to every 1 hour to see if is cisco.com that is flooded and rejects the conection.
11-17-2010 08:50 AM
Seems related to what Scott posted in the other thread.
Regards,
Prapanch
11-18-2010 08:50 PM
Hello all,
This issue has been resolved. Please set your sensors' Auto Update URL to the default and allow the update to run again. Let us know if you continue to experience issues.
Thank you,
Blayne Dreier
Cisco TAC Escalation Team
**Please check out our Podcasts**
TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast
TAC IPS Media Series: https://supportforums.cisco.com/community/netpro/security/intrusion-prevention?view=tags&tags=tac_ips_media_series
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide