06-15-2004 04:50 PM - edited 03-09-2019 07:45 AM
I am running sensor signature 4.1(1)S47 on netranger 4235. the VMS is vers 2.2 and the Management Center for IDS sensor is version 1.2.3. I recently added the netranger to the Management center but due to problems with the process of generating, approving and deploying a signature which I edited to permit logging, I decided to delete the sensor from the management center for IDS.
I have since tried to add the netranger to the management center using 2 different methods but no success. One I went to Mgt Ctr/ IDS Sensor / Device / Sensor/ Add. I supplied relevant data and checked the "discovery settings." It came back with the following error message...
"Error importing configuration files from the sensor - Can not get the type of sensor. Remote process exit code unavailable"
I then unchecked the "discovery settings" and added the sensor. It appeared to be succesful until I went to Mgt Ctr/ IDS Sensors / "selected the newly added sensor" / settings / identification.
Then it came back with another error message..
"Query Sensor version failed. Please check the Audit Log for details."
I checked teh audit log, and I got the following..
2004-06-15 17:22:52 PDT 0.0.0.0 Shared service processes Common Java System Services error Query Sensor version failed. Please check the Audit Log for details.
2004-06-15 17:22:48 PDT 0.0.0.0 Shared service processes Sensor Version Import error 10.31.210.226: Error importing sensor version from the sensor - Can not get the type of sensor. Remote process exit code unavailable
2004-06-15 17:18:24 PDT 0.0.0.0 Shared service processes Common Java System Services error Query Sensor version failed. Please check the Audit Log for details.
2004-06-15 17:18:20 PDT 0.0.0.0 Shared service processes Sensor Version Import error 10.31.210.226: Error importing sensor version from the sensor - Can not get the type of sensor. Remote process exit code unavailable
2004-06-15 17:12:42 PDT 0.0.0.0 Shared service processes Common Java System Services error Query Sensor version failed. Please check the Audit Log for details.
---------------------
Now I can ping the device, but SSH is failing with the following error message... "Server responded "Connection closed by remote host." The connection to th eremote host was lost. This usually means that your network went down or that the remote host was rebooted. Most network outgaes are short and thus tying again may work."
Well, the fact is that I have not rebooted the device.. but I went ahead to reboot the machine. I then pinged and got a response indicating that the device is UP. Butyet again, ssh failed and when I tried to connect using port443 to the device, it failed. Yet, the second netranger is working quite well. I could ping, ssh, add to IDS Sensor management Center, and do a port 443 access.
I would appreaciate a response addressing this issue and also advise on the very best, sure way to delete a sensor from the IDS Sensor Mgt Ctr. At the time of the deletion, I had some config files which I was yet to deploy, or better yet, files that I had tried to deploy but failed to deploy. I did try tod elete those one as well and got some kind of "database related" error message.
Thanks for any information to resolve this problem.
ade
06-16-2004 07:21 AM
I'm just going to address your SSH problems...
Have you added an entry to the sensor's "Allow Hosts" portion of its configuration that matches the IP address of the system you're trying to connect from?
If you haven't, you'll need to. This area of the configuration equates to '/etc/hosts.allow' on the file system, which means its a tcpwrappers issue. If there is no entry in this file for a system trying to connect on a protected TCP port (which I believe should only be SSH in this case), the connection will be dropped.
In order to make a new entry, here's how to do it...
IDM - Login as user 'cisco' (or another account with "administrator" privileges), then select the 'Device' tab, select 'Sensor Setup' and then 'Allowed Hosts' in the left-hand navigation pane. Make the appropriate entry and apply your changes.
CLI - Login as user 'cisco' (or another account with "administrator" privileges), run the command 'setup' and answer "yes" when asked if you want to continue. At each of the following prompts, continue to hit
I hope this helps,
Alex Arndt
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide