06-11-2004 01:39 AM - edited 03-09-2019 07:43 AM
Hi,
After updating the signatures to S96, all signatures had been activated on all sensors/blades. However in the CW VMS from where we lanched the update, all signature configurations were still OK. So somehow something went wrong locally on applying this update. Moreover I'm not able anymore to restore defaults on the devices.
Anyone else having the same problems ?
Best regards,
Johan Derycke.
Solved! Go to Solution.
06-12-2004 04:52 AM
06-11-2004 02:38 AM
The same happend to me. I used CLI directly on the sensor(s) and upgraded to S96. Now there's a flood of alarms. Anybody can help ?
06-11-2004 04:05 AM
Good grief! How quickly can y'all get a patch to fix this? VMS pushed out the S96 signature pack to our sensors and while VMS shows the correct config, the sensors turned on all alarms. Pushing out a configuration file from VMS to each sensor seems to have fixed the problem.
06-11-2004 04:20 AM
Well I just pushed all configs from the CW VMS again to all sensors, because in the VMS the signature configs were not overwritten ; only new signatures were added.
But of course you can always use the restore procedure documented in the text file also available with the update.
06-11-2004 05:22 AM
I experienced similar issues with S96. I have 47 sensors, so the flood was debilitating. I have since performed a 'rollback' of all sensors.
For those of you who don't know how to perform a rollback:
- Log into CLI with an admin privileged account
- 'conf t'
- 'downgrade'
- 'yes'
06-11-2004 08:10 AM
There is a problem with S96. We have pulled the package from CCO. We will release a S97 package as soon as possible. We should have the new package posted in a few hours.
Until then we recommend you downgrade back to S96 if you have installed S97.
Sorry for the problem and we are taking steps to ensure this will not occur again.
06-11-2004 08:25 AM
Just a typographical correction.
Downgrade to S95 if you have installed S96.
Was there a package released already.. dang im way behind :)
06-11-2004 09:07 AM
Michael,
can you provide more information what is wrong with S96?
Does it activate all signatures or just some of them?
Do we need to downgrade to S95 before S97 or we could apply S97 on S96?
06-11-2004 09:36 AM
The package used for testing was inadvertently posted to CCO. This testing package has all signatures turned on by default.
Installing S97 on top of S96 will resolve the issue. Once S97 is released, you do not need to downgrade if you have already installed S96, you can simply install S97 on top of S96 and the default values for the signature will be restored.
Sorry for the trouble.
--Mike
06-11-2004 09:31 AM
CORRECTION: If you have installed S96, you should downgrade to your previous version or wait and install S97.
06-14-2004 06:25 AM
Mike,
If I've downgraded my sensors, will I still need to re-import the sensors into IDS MC?
06-11-2004 07:28 AM
I'm flooded with alerts as well (from some sensors - not all of them). I have a feeling that S96 didn't activate all signatures but some of them finally started to work (MSN, Yahoo, ICQ related, SNMP, HTTP, etc)
06-12-2004 04:52 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide