C-22
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
Appendix C Troubleshooting
Troubleshooting the Appliance
External Product Interfaces Troubleshooting Tips
To troubleshoot external product interfaces, check the following:
•
Make sure the interface is active by checking the output from the show statistics
external-product-interface command in the CLI, or choose Monitoring > Sensor Monitoring >
Support Information > Statistics in the IDM and check the Interface state line in the response, or
choose Configuration > sensor_name > Sensor Monitoring > Support Information > Statistics
in the IME, and check the Interface state line in the response.
•
Make sure you have added the CSA MC IP address to the trusted hosts. If you forgot to add it, add
it, wait a few minutes and then check again.
•
Confirm subscription login information by opening and closing a subscription on the CSA MC using
the browser.
•
Check the Event Store for the CSA MC subscription errors.
For More Information
•
For the procedure for adding trusted hosts, see Adding TLS Trusted Hosts, page 3-52.
•
For the procedure for displaying events, see Displaying Events, page C-98.
Troubleshooting the Appliance
This section contains information to troubleshoot the appliance. It contains the following topics:
•
Troubleshooting Loose Connections, page C-22
•
The Analysis Engine is Busy, page C-23
•
Communication Problems, page C-23
•
The SensorApp and Alerting, page C-28
•
Blocking, page C-35
•
Logging, page C-44
•
TCP Reset Not Occurring for a Signature, page C-50
•
Software Upgrades, page C-51
Tip
Before troubleshooting the appliance, check the Caveats section of the Readme for the software
version you have installed on your sensor to see if you are dealing with a known issue.
Troubleshooting Loose Connections
Perform the following actions to troubleshoot loose connections on sensors:
•
Make sure all power cords are securely connected.
•
Make sure all cables are properly aligned and securely connected for all external and internal
components.
•
Remove and check all data and power cables for damage. Make sure no cables have bent pins or
damaged connectors.