Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
274
Views
0
Helpful
1
Replies

Problem adding netranger 42235 to IDS Mgt Ctr

infinitingr2
Level 1
Level 1

‎06-15-2004 04:50 PM - edited ‎03-09-2019 07:45 AM

I am running sensor signature 4.1(1)S47 on netranger 4235. the VMS is vers 2.2 and the Management Center for IDS sensor is version 1.2.3. I recently added the netranger to the Management center but due to problems with the process of generating, approving and deploying a signature which I edited to permit logging, I decided to delete the sensor from the management center for IDS.

I have since tried to add the netranger to the management center using 2 different methods but no success. One I went to Mgt Ctr/ IDS Sensor / Device / Sensor/ Add. I supplied relevant data and checked the "discovery settings." It came back with the following error message...

"Error importing configuration files from the sensor - Can not get the type of sensor. Remote process exit code unavailable"

I then unchecked the "discovery settings" and added the sensor. It appeared to be succesful until I went to Mgt Ctr/ IDS Sensors / "selected the newly added sensor" / settings / identification.

Then it came back with another error message..

"Query Sensor version failed. Please check the Audit Log for details."

I checked teh audit log, and I got the following..

2004-06-15 17:22:52 PDT 0.0.0.0 Shared service processes Common Java System Services error Query Sensor version failed. Please check the Audit Log for details.

2004-06-15 17:22:48 PDT 0.0.0.0 Shared service processes Sensor Version Import error 10.31.210.226: Error importing sensor version from the sensor - Can not get the type of sensor. Remote process exit code unavailable

2004-06-15 17:18:24 PDT 0.0.0.0 Shared service processes Common Java System Services error Query Sensor version failed. Please check the Audit Log for details.

2004-06-15 17:18:20 PDT 0.0.0.0 Shared service processes Sensor Version Import error 10.31.210.226: Error importing sensor version from the sensor - Can not get the type of sensor. Remote process exit code unavailable

2004-06-15 17:12:42 PDT 0.0.0.0 Shared service processes Common Java System Services error Query Sensor version failed. Please check the Audit Log for details.

---------------------

Now I can ping the device, but SSH is failing with the following error message... "Server responded "Connection closed by remote host." The connection to th eremote host was lost. This usually means that your network went down or that the remote host was rebooted. Most network outgaes are short and thus tying again may work."

Well, the fact is that I have not rebooted the device.. but I went ahead to reboot the machine. I then pinged and got a response indicating that the device is UP. Butyet again, ssh failed and when I tried to connect using port443 to the device, it failed. Yet, the second netranger is working quite well. I could ping, ssh, add to IDS Sensor management Center, and do a port 443 access.

I would appreaciate a response addressing this issue and also advise on the very best, sure way to delete a sensor from the IDS Sensor Mgt Ctr. At the time of the deletion, I had some config files which I was yet to deploy, or better yet, files that I had tried to deploy but failed to deploy. I did try tod elete those one as well and got some kind of "database related" error message.

Thanks for any information to resolve this problem.

ade

Labels:
0 Helpful
1 Reply 1

a.arndt
Level 3
Level 3

‎06-16-2004 07:21 AM

I'm just going to address your SSH problems...

Have you added an entry to the sensor's "Allow Hosts" portion of its configuration that matches the IP address of the system you're trying to connect from?

If you haven't, you'll need to. This area of the configuration equates to '/etc/hosts.allow' on the file system, which means its a tcpwrappers issue. If there is no entry in this file for a system trying to connect on a protected TCP port (which I believe should only be SSH in this case), the connection will be dropped.

In order to make a new entry, here's how to do it...

IDM - Login as user 'cisco' (or another account with "administrator" privileges), then select the 'Device' tab, select 'Sensor Setup' and then 'Allowed Hosts' in the left-hand navigation pane. Make the appropriate entry and apply your changes.

CLI - Login as user 'cisco' (or another account with "administrator" privileges), run the command 'setup' and answer "yes" when asked if you want to continue. At each of the following prompts, continue to hit (which will keep current settings) until prompted with "Modify current access list?[no]:" prompt. Answer 'yes', hit if you don’t want to delete entries (otherwise, enter the number for the entry you want to remove) and then enter the IP address and the Netmask at the "Permit:" prompt, and then hit again at the prompt to continue. Accept the default "no" so that the system time isn’t changed and then review the new configuration. Select the appropriate number from the menu provided at the end to both change you configuration and apply it (default), start over or just quit.

I hope this helps,

Alex Arndt

0 Helpful
Customers Also Viewed These Support Documents