Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
702
Views
0
Helpful
5
Replies

Sensor Not able to communicate

p.revi
Level 1
Level 1

‎06-28-2005 11:24 AM - edited ‎03-10-2019 01:31 AM

I have an IDSM running Sensor version 4.1(4) and Signature S174. It was working perfectly untill few days back . But When telneted in to the IDSM it logs in and logs out instantly showing the error message "Not able to communicate with the Process". The RDEP connection with the VMS is also showing not connected .I tried accessing the sensor through the web browser through https but with No luck. The IDSM status seems to be fine when checked from the MSFC . I tried resetting the IDSM through MSFC. But its still the same. Can anything done to troubleshoot to know what has happened?

Labels:
0 Helpful
5 Replies 5

5mlattimore
Level 1
Level 1

‎06-28-2005 12:07 PM

Ive had this happen after upgrading signatures and it seems I have to reboot to get the process restarted.

Hope this helps

0 Helpful

p.revi
Level 1
Level 1
In response to 5mlattimore

‎06-29-2005 04:36 AM

I tried the soft reset and hard boot also. But its still not communicating.can any thing be done through MSFC

0 Helpful

stephblair
Level 1
Level 1
In response to p.revi

‎06-29-2005 10:02 AM

Hopefully, you did not reboot immediately after the s174 update. That initial msg will display while the sensor is updating itself, then will become avail later. If you rebooted too soon, you may have corrupted the cfg of the sensor. If not the above, I've had to completely power down will all cables disconnected, then powered the sensor back up and reimported to the vms at times.

0 Helpful

p.revi
Level 1
Level 1
In response to stephblair

‎06-29-2005 11:24 AM

The Sensor was working fine for 15 days after the S174 Upgrade and the problem started suddenly. My sensor is IDSM2 which is loaded on a 6509 chasis.There is no external connection except the shutdown button.Packets to be captured are diverted onto the IDSM through MSFC.The MSFC config related to IDSM seems to be unaltered.

I am attaching the related config of MSFC .This may help Understand the problem better.

intrusion-detection module 8 management-port access-vlan 17

intrusion-detection module 8 data-port 2 capture

intrusion-detection module 8 data-port 2 capture allowed-vlan 2,4-7,11,16-25

intrusion-detection module 8 data-port 2 capture allowed-vlan 50,51,1002-1005

!

vlan access-map captureall 10

match ip address idsmon

action forward capture

!

ip access-list extended MATCHALL

permit ip any any

ip access-list extended idsmon

permit ip any any

VLAN 17 is my management VLAN .IDSM has the Management IP in the same VLAN.

0 Helpful

jamesand
Cisco Employee
Cisco Employee
In response to p.revi

‎06-29-2005 11:52 AM

You said you tried a hard reboot. You may need to power the blade down and physically pull the blade from the chasis, wait 15 min, and then reseat the blade. This is the only way to completely power down everything including the hard drive. If you don't have a service account, you should add one. You may be able to log into the service account when in this state.

After you get the sensor running you should look for any core files in the /usr/cids/idsRoot/core/sensorApp directory (using service account or by running cli "show tech" command). If you see any core files, you should open a Cisco TAC case and ask to apply the 4.1(4g) patch.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card