cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
877
Views
0
Helpful
8
Replies

SensorApp IDSM2 fails

laneclark
Level 1
Level 1

I get the following message after running my idsm2 module for a while :

Error: getAnalysisEngineStatistics : ct-sensorApp.588 not responding, please check system processes - The connect to the specified Io::ClientPipe failed.

If I restart the module, I can access the web interface fine and config the module. But after running for a while, the web interface dies and I get the above error. Any ideas?

8 Replies 8

jamesand
Cisco Employee
Cisco Employee

If this is version 4.X then you will probably need to install the 4.1(4g) patch. Several sensorApp related issues that could be causing this symptom are fixed in the patch.

I am running the version 5 stuff.

There are a few known issues for the 5.0 version with the symptoms you are seeing. I would recommend first applying the 5.0(2) service pack (just posted). If that does not fix your issue then you should open a cisco TAC case so we can diagnose this issue.

You could also post the output from the cli "show tech" command to this forum so I can try to ID the issue.

Thanks. It seems to be running much better now.

jpoudereux
Level 1
Level 1

I get the same error than you, laneclark. To be concise, it says:

Error connecting to sensor. Failed to load sensor-errSystem Error-ct-sensorApp.466 not responding, please check system processes - The connect to the specified lo::ClientPipe failed.

Exiting IDM.

When this happens, i can do actually ssh into the IDSM2 and if I type 'show ver' i realize AnalysisEngine is 'NotRunning'.

How can I restart this service without having to reboot the sensor?

How can I solve this error?

I'm already using IPS version 5.0(2)S178.0 .

Any idea?

If the AnalysisEngine continues to fail, then you should open a case with the Cisco TAC. There is an engineering patch, 5.0(3p1, available that addresses several issues that may be causing this.

jpoudereux
Level 1
Level 1

I still haven't found the answer... but I wonder if this may be originated by the fact of the ISM2 to try to process too much traffic.

I mean, the IDSM2's interfaces are 1 Gbps and the maximum process speed is 600 Mbps. I think this is correct.

I'm using SPAN to redirect traffic to the sensor. And maybe the sensor has too much traffic to process than it is able to. What I mean for 'too much traffic' is, for example, peaks of 1 Gbps to 2 Gbps in only one VLAN -the most bandwith-consumer-. And I've got near 25 VLANs in SPAN.

Do you think this is a possible reason of hanging the AnalysisEngine process?

Heavy traffic may be causing one of the memory related bugs that is fixed in the latest patch 5.0(3p1).

Review Cisco Networking for a $25 gift card