Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
484
Views
0
Helpful
6
Replies

IDS 4235 sensing interface shutting down alone !

mohsen961
Level 1
Level 1

‎04-11-2004 01:51 AM - edited ‎03-09-2019 07:01 AM

Hi,

I am facing a problem with the 4235 IDS sensors.

In fact, every few days (about 1 week), the sniffing interface is going down alone. So, I have to go to the CLI and interface configuration than type "no shut"

I am not seing any other problem (like the IDS is still showing connected on the VMS)

Does anyone have an answer why this is happening?

Is it related to the amount of traffic sniffed or the number and type of alarms detected?

Thank you for your help.

Labels:
0 Helpful
6 Replies 6

8rpalmer
Level 1
Level 1

‎04-12-2004 04:54 AM

I too, am experiencing the same problem. Any ideas, workarounds will be greatly appreciated!

0 Helpful

pbobby
Level 1
Level 1
In response to 8rpalmer

‎04-12-2004 11:41 AM

I am experiencing something similar, would be interested if anyone can replicate the problem.

So far I've gotten 2 4235s and 1 4230 to do the same.

I build them from scratch to S47, and then upgrade them to S80. All the while the sensing interface is running. Once they reach S80, I add some filters, and run "clear events". As soon as I run "clear events" the sensor no longer works. The interface has not shut down, nor does rebooting the sensor work either.

I've had a case open with Cisco on this since 3/10, and it's in the hands of the engineers. They aren't sure what is happening yet, but I'd be interested to know if anyone else can make this break.

BTW the probe in question is on my most busiest segment of the network.

0 Helpful

s.ferreira
Level 1
Level 1
In response to pbobby

‎04-19-2004 07:48 PM

My IDSM2 running 4.1(S84) do the same so does my 4235

0 Helpful

darin.marais
Level 4
Level 4
In response to pbobby

‎05-06-2004 10:38 AM

I hope that this is not going to confuse the author of the original post on this thread.

** The follow is an attempt to answer some of the other questions that have come up during the post- eg pbobby post etc**

I am presuming that this is a 4.1-3 sensor. Have you tried installing the patch IDS-K9-patch-4.1-3e.rpm.pkg

http://www.cisco.com/cgi-bin/tablebuild.pl/nids

It may or may not resolve you issue> a while back I had an issue where the AnalysisEngine version 4.1-3 would just die> I was advised to try the patch. This I did,,, and the problem has disappeared

0 Helpful

mohsen961
Level 1
Level 1

‎05-05-2004 10:50 PM

Hi Again,

I am sorry, the problem that we were facing doesn't have to do anything with the IDS itself.

We were using VMS to manage the sensors configuration and deploy the changes.

In the VMS settings, some IDS had their sensing interfaces down and every time, I am applying new filters and deploy them, the IDS will obviously shut down the interface.

So, the problem was how to synchroznine the VMS with the IDS configuration.

Thank you

Mohamed

0 Helpful

darin.marais
Level 4
Level 4
In response to mohsen961

‎05-06-2004 10:28 AM

Have you enabled the interface under the configuration> interfaces section of VMS for that particular sensor? By default the interface will be disabled.

Each time you deploy the new configuration for that sensor the interface will shutdown.

0 Helpful
Customers Also Viewed These Support Documents