We've been trying to get our new Cisco IDS 4235 sensor + VMS Basic to work for the last few days but with no success:
1) Install CiscoWorks VMS Common Services 2.2 with SP2 with the supplied vms 2.2 startup disk
2) Install IDS MC 1.2.3 from the startup disk
3) Upgrade our IDS 4235 to the latest IDS signature
- upgrade from 4.1(1)S47 to sp-4.1-4-S91
- upgrade from sp-4.1-4-S91 to sig-4.1-4-S131
4) Apply IDS-sig-4.1-4-S131.zip Sig Update on IDS MC 1.2.3
5) Successfully add our ids-4235 sensor with IDS MC using auto discover setting
6) IDS Security Monitor shows TLS-Connected status, etc
The issues we're facing:
1) unable to view any generated reports
- it's forever under the scheduled report tab
2) unable to view any ids events
The funny thing was we managed to generate and view reports on our first installation but an ids signature update went wrong forced us to reinstall the whole thing (including Win2k).
Is it because we apply IDS-sig-4.1-4-S131.zip without applying the sp-4.1-4-S91 on the IDS MC first?
IS the IDS MC 1.2.3 download available at cisco.com the same version as the one included in the startup disk? ( I think ours was IDS MC 22.214.171.1244)
Do I need to apply the Update 1 patch?
( I don't think so since we're already on CS 2.2 w/ SP2 )
Many thanks for any help.
Go directly to the IDS Device Manager panel (not the VMS) and check whether the sensor is generating reports. If its ok check VMS logs(audit log?) for errors in communicating with IDS/generating SecMon view.
I had couple updates go wrong, the only thing to do was to reimage the sensor and reinstall all updates on it.
You can try to protect your self from future problems with updates, try searching the forum for the link provided by cisco employee, which gives a 4-1(4)e patch to the sensor, which *might* fix the problem with later updates :)
We seems to solve our strange problem without knowledge yesterday (restart ciscoworks?). Everything seems to be working fine so far. The Reports and Event Viewer working fine. Next, we're working on the ids shun feature & CSA on our VMS Server. Thanks!