Re: virtual sensor not running

rmv72 · ‎04-13-2004

When i configure the Sensor to capture all traffic related to the specified hosts (You Are Here: Administration\IP Logging) and add IP address than i recived "Error: Unable to add log: virtual sensor not running".

In ConfigurationSensing EngineInterface Groups

i see that my virtualSensor is enabled:

Interface Groups

Showing 1-1 of 1

# Group Number Virtual Sensor Alarm Channel Sensing Interfaces Enabled

1. 0 virtualSensor virtualAlarm int0 Yes

Which reason of that message can be?

sirpa_k · ‎04-20-2004

Any update on this ?

marcabal · ‎04-20-2004

Before trying to add an IP Log let us first be sure that the virtual sensor is monitoring traffic.

From the CLI execute "show interfaces" and check the packet statistics on int0 and your virtual sensor.

Ensure that the packet statistics for both are increasing.

If the packet counts are not increasing then you will need to check your interface and group configurations, as well as the physical cables. If it is plugged into a switch or router then check the configuration of those devices to ensure that packets are being copied to the sensor.

If you receive an error when executing "show interfaces" then execute "show version" to see if analysis engine is running. If it is not then try rebooting the sensor. There are few known issues with analysis engine that have been resolved in the 4.1(2) and 4.1(3) service packs. So be sure you are at least running version 4.1(3). If you are running version 4.1(3) and analysis engine continues to wind up as "not running" in show version then contact the TAC. There are a few additional bug fixes available through the TAC that will be rolled into a 4.1(4) service pack.