Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
308
Views
0
Helpful
4
Replies

IDSMC missing signatures

dlac455
Level 1
Level 1

‎02-19-2004 06:11 AM - edited ‎03-09-2019 06:28 AM

I have been running the IDSMC for about 18 months. Signature tuning has worked in the past. I have all patches and updates available applied to IDSMC. Recently, I tried to filter a signature on a newly installed sensor. All but 24 signatures were missing. This was true for all 4 sensors defined to IDSMC. They were there at one time, because I have applied filters to various ones. My TAC case (F139550) has no "traction". Anyone else ever run across this problem? Thanks.

Labels:
0 Helpful
4 Replies 4

gfullage
Cisco Employee
Cisco Employee

‎02-22-2004 07:19 PM

Try deleting the sensor from IDS MC, then re-add it in, making sure you check the "Discover Settings" box so it'll grab all your configuration. This should get all the signatures to reappear. Seems to happen every now and then, the developers have been notified.

0 Helpful

dlac455
Level 1
Level 1
In response to gfullage

‎02-24-2004 03:14 PM

I tried removing then sensors, and then adding them back, as you requested. The sensor could be added back, but it would not work if the Discover Settings box was checked. So, no signatures were added. When I checked the Discover Settings box, the screen would just hang (I waited 30 minutes and then killed it).

0 Helpful

garyprice
Level 1
Level 1
In response to dlac455

‎02-24-2004 05:13 PM

Been there. This is what I discovered.

Since your are accessing the java app on the vms server(ciscoworks) some errors sometimes do not get transfered to your browser session. Evenets are happening but your browser is not getting the info.

I suspect that when your downloaded the zip file for the sigs on the vms server and told it to do an update to the server console that it in fact failed. I have had that happen because several of the system processes had been stopped by the administrator on the cisco works server. Make sure all of the IDS_????? server processes are running and do your update again.

What i think is the issues is that the signatures on the ids is more advanced than the sigs on the ciscoworkds vms console and you are not seeing that error. When it works you should see "singature update blah blah blan not supported.......

make sure the signatures on the ids's and the vms server are the same and then do an import as indicated in the previous message....

gp

0 Helpful

robert_duncan2
Level 1
Level 1
In response to garyprice

‎02-26-2004 07:38 AM

When I see the "signature update...not supported" it is because the VMS console thinks the sensor has an older version signature. Readding the sensor solves the problem. But this is not an acceptable solution since I have to readd the 20+ sensors every time I update the signature. Is there a better way to trouble shoot this?

0 Helpful
Customers Also Viewed These Support Documents