Hello Sawan,

thanks for that good hint. But we have running CSC SSM module and I didn't find any option to login in service analysis mode and configure virtual sensor for checking the signature status. I had configured the specific rule in ASA for that specific traffic and that log capture I sent already. Is there any other work around to check it? There is an option in SSM to gather logs. Do you think it would help in this scenario? If it is then I would ask the local system engineers to give any IP from their local FTP or TFTP server to send log report.

regards

Pial

You could simple SSH to the SSM appliance on its management IP, and issue the above command to get the information. You don't need the service account to do that.

Regards,

Sawan Gupta

Hello Sawan,

thanks for your quick reply. By default the CSC module don't have by default ssh enable. So I enable it and now I can login. But unfortunately that command isn't working.

-bash-3.00# sh statistics virtual-sensor | i Sign

sh: statistics: No such file or directory

-bash: i: command not found

-bash-3.00#

-bash-3.00# sh statistics virtual-sensor

sh: statistics: No such file or directory

I have found it cisco document a list of module which support virtualization in sensor.

The following sensors support virtualization:

•IDS 4235

•IDS 4250

•IPS 4240

•IPS 4255

•IPS 4260

•IPS 4270-20

•AIP SSM

This is the link where I have found that information: http://www.cisco.com/en/US/docs/security/ips/6.0/configuration/guide/cli/cliAnEng.html

So my question did I miss something? Whenever I search in google I see only the example about how to configure the AIP-SSM module for  But there is no information about CSC-SSM module about it.

your help is really appreciated.

Pial

Hi,

You logged into the service account thats why the command failed. You need to login to via admin account.

http://www.cisco.com/en/US/docs/security/ips/5.1/configuration/guide/cli/cliAdmin.html#wp1037225

Regards,

Sawan Gupta

Hello Sawan,

I have tried with cisco account which I believe is an admin account. But whenever I login it prompt to change root password. So what I understand it is a service account. But with account name cisco it didn't work. I have added the screen shot.

sorry if I didn't get the point for the admin account. Onething to mention that we have base license. So I am not sure whether it plays any role in this scenario.

thanks again for your help.

You were doing right. User "cisco"'s password has expired. You just need to set a new one and then issue the command.

Regards,

Sawan Gupta

Hello Sawan,

thanks for your patience and time for me. Yesterday I forgot to mention you the rest part of the login issue. I have created the new password. But after retype the new password the login screen is disappeared. I tried with the login name cisco and the new password which I had set last time. But the login failed and again only I can login with cisco default password which is 'cisco'. So to verify I tried again with the new login with root account and then that new password works. When I login with cisco account it appears with a message the password has expired then it asks "changing password for the root". So what I understand it is asking to change the password for the root account. I have tried with the ASDM login password for CSC. But it fails too.

So again my question whether I have missed anything ...

Pial

You need to involve Cisco TAC, since you are unable to login to the device. They will need to collect show-tech-support logs to diagnose the problem.

Regards,

Sawan Gupta

Hello Sawan,

after your answer I have tried with another CSC module in different location and I have seen the same issue. The message every time appears to change the password for root if I directly login with cisco account through ssh and if I login from asa (session 1) then instead of sensor mode it comes with ssm setup menu.

thanks again for your assist.

Pial