Filter
Top Products
17-12
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 17 Administrative Tasks for the Sensor
Clearing the Sensor Databases
Troubleshooting Password Recovery
When you troubleshoot password recovery, pay attention to the following:
• You cannot determine whether password recovery has been disabled in the sensor configuration
from the ROMMON prompt, GRUB menu, switch CLI, or router CLI. If you attempt password
recovery, it always appears to succeed. If it has been disabled, the password is not reset to cisco. The
only option is to reimage the sensor.
• You can disable password recovery in the host configuration. For the platforms that use external
mechanisms, such as ROMMON, although you can run commands to clear the password, if
password recovery is disabled in the IPS, the IPS detects that password recovery is not allowed and
rejects the external request.
• To check the state of password recovery, use the show settings | include password command.
Clearing the Sensor Databases
Caution We do not recommend that you use clear database command unless under the direction of the TAC or
in some testing conditions when you need to clear accumulated state information and start with a clean
database.
Use the clear database [virtual-sensor] all | nodes | alerts | inspectors command in privileged EXEC
mode to clear specific parts of the sensor database. The clear database command is useful for
troubleshooting and testing. The following options apply:
• virtual-sensor—Specifies the name of a virtual sensor configured on the sensor.
• all— Clears all nodes, inspectors, and alerts databases.
Caution This command causes summary alerts to be discarded.
• nodes—Clears the overall packet database elements, including the packet nodes, TCP session
information, and inspector lists.
• alerts—Clears the alert database including the alerts nodes, Meta inspector information, summary
state, and event count structures.
• inspectors—Clears the inspector lists in the nodes. Inspector lists represent the packet work and
observations collected during the time the sensor is running.
Clearing the Sensor Database
To clear the sensor database, follow these steps:
Step 1 Log in to the CLI using an account with administrator privileges.
Step 2 Clear the entire sensor database.
sensor# clear database all
Warning: Executing this command will delete database on all virtual sensors
Continue? [yes]:
Step 3 Enter yes to clear all the databases on the sensor.