Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,
We use AMP integrated with Firepower and send events to our SIEM via eStreamer. We have been seeing events with a "file_action" of 0. Our documentation does not identify what this type of event might be.
The most current documentation I c...
Hello,
I have two 3500 MCs that I'd like to upgrade to 6.1. Recently, I attempted upgrading the secondary MC which failed mid-upgrade and needed to be restored back to 6.0. As a result, I lost all objects/configuration on the device. Since HA does...
Hello all,
In MC 6.0.1, I added two custom Snort rules (see end of post), turned these on to "generate events" in a few different Intrusion policies, and try to commit the changes, but it fails with the message "EOStore failed". Has anyone else see...
Hi,
Whenever any policy changes occur that require a push, I am unable to consistently apply the policy to several appliances. I have five sets of access control policies that I will push out, and out of all these, maybe one will successfully run an...
Hi,
I am running two 3500 DC appliances in a high availability pair on DC version 5.4.1.2 and find that most tasks on the GUI, including just logging in, opening dashboards, editing policies, and especially applying policies, seems painfully slow. D...
Thanks. That's the same document I linked in my original post -- I had checked the documentation first before asking here and found nothing in the document for action code 0.
kaisero, I ran the pre-installation package and this completed successfully without issue. TAC identified this as bug ID CSCvb27923, and since a reboot had occurred, the only workaround was to do a complete reformat and restoration.
The problem with moving both devices to 6.1 is that my secondary device failed on that upgrade and the only way to fix it was a complete restore, so I was very reluctant to try it out on my primary device and risk losing everything requiring me resto...
It looks like you're right, though I'm still not sure what the real issue is. I assumed the policy was not committing since the policy stays in edit mode and the error implies that the commit failed, but after I discard my edits and go into the poli...
The timeouts I see in the log (using cat /var/log/messages | grep) are entries like this:
Mar 28 16:12:44 <DC_NAME> SF-IMS[31339]: [1466] SFDataCorrelator:RRDClient [INFO] read timed out
Mar 28 12:51:54 <DC_NAME> SF-IMS[7603]: [3703] sftunneld:sf_ss...
