06-25-2002 04:40 AM - edited 03-08-2019 11:08 PM
IDS appliance not comunicate with the Event Viewer Agent on W2000 the error is " csids1.hal Connection 1: 192.168.1.201 45000 1 ( SynSent ) sto:5000 syn Noyt rcvd! "
I have already verify all the configuration paramiter , and all is ok .
Why not comunicate ? .
06-26-2002 02:46 AM
check the host id, org id, etc (all paramters) on IDS as well as CSPM/Director.
stop the deamons on IDS "nrstop" and start "nrstart"
Check on the IDS "nrstatus" if packetd is running?
Use following URL to troubleshoot further;
http://www.cisco.com/univercd/cc/td/doc/cisintwk/itg_v1/tr1925.htm#xtocid162254
R/Yusuf
06-28-2002 08:19 AM
All the configuration parameters seem ok .They are :
IP Address: 192.168.1.201
IP Netmask: 192.168.1.0 255.255.255.0
IP Host Name: sensor1
Default Route: 192.168.1.1
Allowed Hosts:
ALL:192.168.1.
Sensor Host ID: 1
Sensor Organization ID: 100
Sensor Host Name: sensor1
Sensor Organization Name: hal csids1
IDS Manager Host ID: 10
IDS Manager Organization ID: 100
IDS Manager Host Name: csids1
IDS Manager Organization Name: hal
IDS Manager IP Address: 192.168.1.101
nrstatus show this output :
Sun Microsystems Inc. SunOS 5.8 Generic February 2000
You own the console
netrangr 507 1 0 08:53:23 ? 0:01 /usr/nr/bin/nr.sapd
netrangr 506 1 0 08:53:22 ? 0:00 /usr/nr/bin/nr.loggerd
netrangr 448 1 0 08:53:18 ? 0:01 /usr/nr/bin/nr.postofficed
netrangr 508 1 0 08:53:23 ? 0:00 /usr/nr/bin/nr.fileXferd
netrangr 511 1 1 08:53:25 ? 0:14 /usr/nr/bin/nr.packetd
We have already verified further troubleshooting , but we have always the same errors :
Connection Status for sensor1.hal
csids1.hal Connection 1: 192.168.1.101 45000 1 [SynSent] sto:5000 syn NOT rcvd!
Are there any patches or fix that you know about our problem ?
Thanks , best regards .
06-28-2002 08:57 AM
Sounds like you need to check the configuration entries on csids1.hal, and be sure they match.
The files to check are the etc/hosts and etc/routes files in the directory where IEV is installed.
You want to check all the values in these files and check to make sure they match the exact files from the sensors. If the sensor entries are not in these files, then you need to follow the IEV instructions for configuring IEV to communicate with a sensor.
Form the IEV bin directory also try running:
"nrget 10000 10 100 1 DestinationConnectionStatus"
This is equivelant to nrconns executed on the sensor.
See if a line for the sensor shows up.
If the sensor line doesn't show up in the nrget output but is in the config files, then try rebooting the IEV box. In some situations IEV may not have read the config files because of some windows limitations.
If the line shows up with "syn NOT rcvd" for the sensor, then it may be a network issue that you will have to deal with. It could be that the sensor is not able to communicate wih the IEV because a Fireall may be blocking the communication or they may not have a route to each other. You would have to trouble shoot from a network communication standpoint.
Marco
07-12-2002 11:41 PM
Hi Mr.Leonard,
I am getting the same error on my IDS 4320 sensor. All the parameteres seems to be ok. when I check the connection it is giving the same error. It is running on sensor ver2.5s0.
07-15-2002 05:32 AM
To resolve these types of issues, first verify the network connectivity - ping the Director from the Sensor. If there is a firewall between the two devices, then verify that the PO port is allowed through (default: 45000).
If the 2 hosts can communicate, then verify that the PO configuration parameters are correct on both hosts. The host id, host name, organization name, organization id for each host should be defined identically on each host. Also verify that the correct IP addresses are being used.
07-15-2002 11:41 PM
Hello boys. Thanks for your aid, the problem is resolved. A parameter lacked configuration on the serveur where IEV was installed, in the files hosts and routes, in directory "Programmi\Cisco Systems\Cisco IDS Event Viewer\DataFeed\etc".
Thanks still.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide