Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

C-85

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Appendix C Troubleshooting

Gathering Information

For More Information

For a detailed description of all the event actions, see Event Actions, page 7-5.

IPS Reloading Messages

Symptom ASA syslog messages similar to the following are observed and the root cause of the message

is not clear:

%ASA-1-505013: ASA-SSM-10 Module in slot 1, application reloading "IPS", version

"7.1(6)E4" Config Change

%ASA-1-505013: ASA5585-SSP-IPS10 Module in slot 1, application reloading "IPS", version

"7.1(1)E4" Config Change

These messages occur once an hour for sensors not actively being configured or more often for sensors

being configured.

Conditions ASA adaptive appliances running an affected software version with an ASA IPS module

(ASA 5500 AIP SSMASA 5500-X IPS SSPASA 5585-X IPS SSP) installed that is running IPS 7.1 or

later. The common cause for these messages is global correlation and/or signature updates occurring on

the ASA IPS module that results in these messages being generated for some, but not necessarily all of

the updates, which are attempted every five minutes.

Workaround None. The cause of these messages can be confirmed on the sensor module by reviewing the

show events status past command output and identifying a status event that corresponds to the ASA

syslog message that matches the date and time. The sensor’s status event should provide further details

about what operation occurred that resulted in the ASA syslog message.

Gathering Information

You can use the following CLI commands and scripts to gather information and diagnose the state of the

sensor when problems occur. You can use the show tech-support command to gather all the information

of the sensor, or you can use the other individual commands listed in this section for specific

information. This section contains the following topics:

• Health and Network Security Information, page C-86

• Tech Support Information, page C-86

• Version Information, page C-90

• Statistics Information, page C-93

• Interfaces Information, page C-106

• Events Information, page C-107

• cidDump Script, page C-111

• Uploading and Accessing Files on the Cisco FTP Site, page C-112

previous next