09-27-2007 01:28 PM - edited 03-09-2019 06:54 PM
Hello everyone,
I start this discussion as I think I'm experiencing something really strange with CS-MARS 4.3.1 (build 2600) and Cisco IPS 5.1(6).
I upgraded today our MARS box from 4.2.8 to 4.3.1. And a bit later, I decided to migrate one of our IPS from 4.1 to 5.1.
After all the upgrades, I deleted the old IDS 4.1 from MARS and recreated it. But I can't have MARS to communicate with the IPS! From the MARS box I can "telnet ... 443", I have a response, but MARS complains again and again of being not able to contact the IPS. "Try a telnet ... 443 from the MARS appliance to check if IP connectivity is present" is the message reported by the "View Error" after a "test connectivity" has been issued.
The problem is that I need that first connection to make MARS subscribes to the IPS in order to receive the logs.
I made a try with a 5.1 IPS already present before the upgrade : same result "Can't connect". But as the MARS box subscribed previously to the IPS, the logs are arriving.
Does someone else have this strange behaviour ?
Regards,
Jean-Fran?ois Gobin
09-28-2007 12:58 AM
I have a similar problem. I did an upgrade right after the 4.3.1 release, I did however not upgrade my IDSM at the same time since it was already at 5.1(6), I got incoming events from the IDSM and didn't take much notice.
But, today I upgraded the IDSM to 6.0(3)E1 and now I get the same error after removing and reconfiguring the IDSM in MARS. I've tried the telnet from MARS and it works fine AND I'm getting events from the IDSM so I guess there is some bug in the detection process.
/Fredrik
09-28-2007 06:27 AM
I am not sure if my issue is related, but I am trying to configure a 2821's IPS into the Cisco MARS. I have tried several different methods, but I believe that I should use the "Cisco IPS 5.x" device type. When I configure it, I get the same error "Try telnet...". I have successfully tested the port via telnet several times.
I have confirmed that I am not getting any events or alerts from the device by running a query for all raw messages from the one IPS.
Am I using the right Device Type?
2821 RTR @ 12.3(14)T7
MARS @ 4.2.8 (2543).
Note - I am currently running MARS with IDSM2 @ 6.0(2)E1, and it is functioning properly. I have tested the "Test Connectivity" and it also works.
09-28-2007 06:54 AM
Update:
I believe that this is a known error.
http://www.cisco.com/en/US/products/ps6241/prod_release_note09186a00808bbbce.html#wp1195329
CSCsk03722 Test Connectivity returning error
10-15-2007 06:58 PM
Hi
I experienced the same things.
now I am recovering the mars's image that is version 4.3.1(2600).
I will post a message next.
maybe it's a bug....
01-21-2008 07:54 PM
hello,
When I upgrade the mars to 4.3.1. I've noticed that the mars doesn't received any logs from IPS,ASA and other reporting device. But when I check ASA and IPS, i'm pretty sure that the ASA and IPS were sending syslogs alerts to mars the only problem is the mars could not receive. I can ping the IPS / ASA in the mars console but failed when i test the connectivity/discover in Web Interface.
I also execute the pnstart and pnstatus command in the CLI console.
This is what i get:
[pnadmin]$ pnstart
[pnadmin]$ pnstatus
Configuration error: host name does not match janus.conf::janusBoxName.
Please contact Cisco for support.
[pnadmin]$
Any ideas about this?...
Carlou
01-21-2008 07:57 PM
By the way, I'm running Cisco IPS 6.x and Cisco ASA 7.0
Carlou
01-22-2008 04:18 AM
Hello Carlou,
This behaviour (not able to discover https devices) is mentionned in the Release Notes. Fortunately, the next version (4.3.2) is out and corrects this.
How do you poll your ASA devices ? Syslog or https ? If you sniff the traffic on the port your CS-MARS is connected to, do you see anything ?
Don't forget to click on "activate". In the latest version, it turns to red to indicate you need to, but in the previous ones, you have to remember it.
Kind regards and hope it helps,
Jean-François (And moving to New York this month).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide