In the IDM and CLI you can use variables. Why is the IPSMC different?

What version of MC are you using? What type/version sensor are you using?

Can you describe step by step how you're trying to create this variable?

Im using version 2.1 with the latest service packs and all. The sensors are 5.0.4. From the IPSMC I go to the sensor I would like to manage, then choose event action filters then choose add and in the source field type in the $variablename (i.e. IN or OUT). These are all defined in the event variables section.

If I make the variable changes using the cli it works fine. If I reimport the sensor to the mc the variable show up fine. But you cannot create add variable to the event action filters section from the MC.

Its pretty annoying to have to use the IDM or cli to make changes and then reimport each sensor. I have 20 sensors and its is a royal pain to do this to each sensor. I have a TAC case open on this as well, and no one has any idea. I need some help, anyone!!

I'm in the same setup of using IPS V5 on the sensors managed by CiscoWorks VMS with IPS MC 2.1. I can confirm same kind of troubles with the interaction between both softwares. Here is what I have experienced sofar :

- there is a difference in syntax for adding addresses into the default $in and $out variables. If I set more than one address range into those variables, I can generate the config, but can't deploy onto the sensor.Error = "The ip address range format is invalid at line: 1, at character: 381"

Even when I do the configuration via IDM, import the new config into IPS MC and without changing anything try to deploy the same config onto the sensor again, I get the same error.

- the is also some syntax problem on the naming of filters. By default filters are named filter[x], but again when deploying this config with that kind of names onto the sensor, IPS MC is generating errors:

"** ECD result for eventActionRules: Error validateError: / -- /_root_/filters/filter1-filter- - -0-D/ -- invalid name

/_root_/filters/filter10-filter- - -9-D/ -- invalid name

etc ...."

So I'm not surprised by the above problem description.

This is an oversight in the IPS MC 2.1 that is being rectified in version 2.2 (due out next month). CSCsb66685

Any possibility of getting a patch for this sooner than sometime next month?

All dev and test resources are fully committed to the 2.2 release (3 weeks to FCS). This particular issue is currently being worked on. IMO, a patch would take at least 2 weeks if the resources were available. So I would recommend waiting for 2.2.

Well, I've been patient so far, but I'm still waiting for a patch for this issue. It's 21 days out, no patch, no v2.2 that I can find. I know they are getting rid of VMS soon, so are they really working on this?

Yes. The fix for CSCsb66685 will be in MC 2.2.

I can only take your word on it, but we can't afford to wait on this stuff, time for a competitive upgrade, I'm afraid.

Sorry -- The defect you have requested CSCsb66685 cannot be displayed.

This may be due to one or more of the following:

The defect number does not exist.

The defect does not have a customer-visible description available yet.

The defect has been marked Cisco Confidential.

Sorry, the defect was being treated like a 2.2 dev bug. The release note should now be visible.