02-19-2004 06:11 AM - edited 03-09-2019 06:28 AM
I have been running the IDSMC for about 18 months. Signature tuning has worked in the past. I have all patches and updates available applied to IDSMC. Recently, I tried to filter a signature on a newly installed sensor. All but 24 signatures were missing. This was true for all 4 sensors defined to IDSMC. They were there at one time, because I have applied filters to various ones. My TAC case (F139550) has no "traction". Anyone else ever run across this problem? Thanks.
02-22-2004 07:19 PM
Try deleting the sensor from IDS MC, then re-add it in, making sure you check the "Discover Settings" box so it'll grab all your configuration. This should get all the signatures to reappear. Seems to happen every now and then, the developers have been notified.
02-24-2004 03:14 PM
I tried removing then sensors, and then adding them back, as you requested. The sensor could be added back, but it would not work if the Discover Settings box was checked. So, no signatures were added. When I checked the Discover Settings box, the screen would just hang (I waited 30 minutes and then killed it).
02-24-2004 05:13 PM
Been there. This is what I discovered.
Since your are accessing the java app on the vms server(ciscoworks) some errors sometimes do not get transfered to your browser session. Evenets are happening but your browser is not getting the info.
I suspect that when your downloaded the zip file for the sigs on the vms server and told it to do an update to the server console that it in fact failed. I have had that happen because several of the system processes had been stopped by the administrator on the cisco works server. Make sure all of the IDS_????? server processes are running and do your update again.
What i think is the issues is that the signatures on the ids is more advanced than the sigs on the ciscoworkds vms console and you are not seeing that error. When it works you should see "singature update blah blah blan not supported.......
make sure the signatures on the ids's and the vms server are the same and then do an import as indicated in the previous message....
gp
02-26-2004 07:38 AM
When I see the "signature update...not supported" it is because the VMS console thinks the sensor has an older version signature. Readding the sensor solves the problem. But this is not an acceptable solution since I have to readd the 20+ sensors every time I update the signature. Is there a better way to trouble shoot this?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide