About khendrick512

khendrick512 · 03-10-2017

Hello, We use AMP integrated with Firepower and send events to our SIEM via eStreamer. We have been seeing events with a "file_action" of 0. Our documentation does not identify what this type of event might be. The most current documentation I c...

khendrick512 · 10-28-2016

Hello, I have two 3500 MCs that I'd like to upgrade to 6.1. Recently, I attempted upgrading the secondary MC which failed mid-upgrade and needed to be restored back to 6.0. As a result, I lost all objects/configuration on the device. Since HA does...

khendrick512 · 10-27-2016

Hello all, In MC 6.0.1, I added two custom Snort rules (see end of post), turned these on to "generate events" in a few different Intrusion policies, and try to commit the changes, but it fails with the message "EOStore failed". Has anyone else see...

khendrick512 · 12-15-2015

Hi, Whenever any policy changes occur that require a push, I am unable to consistently apply the policy to several appliances. I have five sets of access control policies that I will push out, and out of all these, maybe one will successfully run an...

khendrick512 · 12-15-2015

Hi, I am running two 3500 DC appliances in a high availability pair on DC version 5.4.1.2 and find that most tasks on the GUI, including just logging in, opening dashboards, editing policies, and especially applying policies, seems painfully slow. D...

khendrick512 · 04-18-2017

Thanks. That's the same document I linked in my original post -- I had checked the documentation first before asking here and found nothing in the document for action code 0.

khendrick512 · 11-07-2016

kaisero, I ran the pre-installation package and this completed successfully without issue. TAC identified this as bug ID CSCvb27923, and since a reboot had occurred, the only workaround was to do a complete reformat and restoration.

khendrick512 · 10-31-2016

The problem with moving both devices to 6.1 is that my secondary device failed on that upgrade and the only way to fix it was a complete restore, so I was very reluctant to try it out on my primary device and risk losing everything requiring me resto...

khendrick512 · 10-27-2016

It looks like you're right, though I'm still not sure what the real issue is. I assumed the policy was not committing since the policy stays in edit mode and the error implies that the commit failed, but after I discard my edits and go into the poli...

khendrick512 · 03-28-2016

The timeouts I see in the log (using cat /var/log/messages | grep) are entries like this: Mar 28 16:12:44 <DC_NAME> SF-IMS[31339]: [1466] SFDataCorrelator:RRDClient [INFO] read timed out Mar 28 12:51:54 <DC_NAME> SF-IMS[7603]: [3703] sftunneld:sf_ss...

Member Since	‎09-29-2015 01:25 PM
Date Last Visited	‎08-18-2017 03:54 AM
Posts	15

User Statistics

User Activity

AMP events in eStreamer

Importing/Exporting Objects in 6.0?

Custom Snort rule, "EOSTORE FAILED" - cannot commit policy changes

Sourcefire DC 3500 policy pushes hang or fail

Sourcefire DC 3500 very slow performance

Thanks. That's the same

kaisero, I ran the pre

The problem with moving both

It looks like you're right,

The timeouts I see in the log