Filter
Top Products
C-32
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix C Troubleshooting
Troubleshooting the Appliance
Recovery Partition Version 1.1 - 7.1(3)E4
Host Certificate Valid from: 16-Nov-2011 to 16-Nov-2013
sensor#
Step 3 If the Analysis Engine is not running, look for any errors connected to it.
sensor# show events error fatal past 13:00:00 | include AnalysisEngine
evError: eventId=1077219258696330005 severity=warning
originator:
hostId: sensor
appName: sensorApp
appInstanceId: 1045
time: 2004/02/19 19:34:20 2004/02/19 19:34:20 UTC
errorMessage: name=errUnclassified Generating new Analysis Engine configuration file.
Note The date and time of the last restart is listed. In this example, the last restart was on 2-19-2004
at 7:34.
Step 4 If you do not have the latest software updates, download them from Cisco.com. Read the Readme that
accompanies the software upgrade for any known DDTS for the SensorApp or the Analysis Engine.
Step 5 If the Analysis Engine is still not running, enter show tech-support and save the output.
Step 6 Reboot the sensor.
Step 7 Enter show version after the sensor has stabilized to see if the issue is resolved.
Step 8 If the Analysis Engine still reads Not Running, contact the TAC with the original show tech support
command output.
For More Information
• For more information on IPS system architecture, see Chapter A, “System Architecture.”
• For the procedure for obtaining the latest Cisco IPS software, see Obtaining Cisco IPS Software,
page 21-1.
Physical Connectivity, SPAN, or VACL Port Issue
If the sensor is not connected properly, you do not receive any alerts.
To make sure the sensor is connected properly, follow these steps:
Step 1 Log in to the CLI.
Step 2 Make sure the interfaces are up and that the packet count is increasing.
sensor# show interfaces
Interface Statistics
Total Packets Received = 0
Total Bytes Received = 0
Missed Packet Percentage = 0
Current Bypass Mode = Auto_off
MAC statistics from interface GigabitEthernet0/1
Media Type = backplane
Missed Packet Percentage = 0