Updates of GIS on the IDS sensor

Similar Questions

• update of the IDS-K9-sp-4.1-4-s91.rpm.pkg period

  I downloaded IDS-K9-sp-4.1-4-s91.rpm.pkg and IDS-K9-sp-4.1-4-s91.zip to perform the upgrade. I'm currently under version 1.0000 S47 on 4235 NetRnager sensors.

  I applied the s91.zip file to the IDS MC version 1.2.3. It went well with no problem. The problem is all the attempts to transfer ftp of the s91.rpm.pkg by loogging to the individualsensors with the account admin CLI and issue the terminal 'configure' and upgraded ftp://user@IPadd//directory/ISD...rpm.pkg"returns with a message out"time ".

  1. is there another way to do the upgrade?

  2 when I did the upgrade from MC ID using the .zip file, I noticed that it automatically falls my DSI sensors and you are invited to select those ZI want to update. I checked all sensors and clicked on upgrade. Well, the next time I opened to the high DSI MC and selected each of the sensors (Configuration/settings/Identification), I noticed that in fact one of the sensors had now GIS version 4.1 (4) S91 so that previously 4,0000 S47.

  The problem is that all others retain version 4.1 (1) S47 who was that they all had until I applied the file s91.zip on the IDS MC.

  3. I clicked now 'motion sensor' again to (Configuration /settings / identification) and then I got the error message "version of motion sensor has failed. Please check the Audit log for more details. »

  4. I checked my diary's and saw this message (among others)...

  10.31.210.219: importer version the probe sensor error - can not get the type of sensor. Unavailable remote process exit code

  Now, this isn't the first time I get this type of error. What is the solution to this problem.

  5 has anyone who uses SCO and how is it that is used before.

  6. can I log on to the device (via SSH) and run a command so that I can open the dirctory (var / etc) and then empty the. RPM.pkg file?

  7. any help would be appreciated

  Thank you

  When you log on to the service account, you use a unix bash shell (not the CIDS cli). Also, if you have an ssh server running on you high tower of the page (from your description, I think you do) then you have what you need to perform the upgrade of the scp. I will show two options:

  Option 1)

  (update directly from cell phone)

  -you will need to know the path to your file of package on your top of the Tower, in this example lets assume that you have a user defined as "sshU" ssh and the IDS*.pkg file is located in the directory sshU. Suppose also that your IP of your laptop is 10.1.2.3

  -connect the sensor with the admin account (you will use CIDS cli)

  -conf t

  -ssh host 10.1.2.3

  -Yes

  -scp on the rise:[email protected]/ * *//IDS-K9-sp-4.1-4-s91.rpm.pkg

  Option 2 (only if option 1 failed)

  -Connect with sensor as a service (you will use unix bash shell)

  cd/tmp

  -ftp 10.1.2.3

  -User:

  -Password:

  -cd

  -get an IDS-K9-sp-4.1-4-s91.rpm.pkg

  -quit smoking

  -output

  -connect the sensor with the admin account (guess sensor IP is 10.1.2.99 and service account name is 'service')

  -conf t

  -upgrade of the scp:[email protected]/ * *///tmp/IDS-K9-sp-4.1-4-s91.rpm.pkg

• Sensor not known version of the IDS MC

  The system IDS 4215 sensor is version: 1.0000 S47. The MC of the IDS (version 1.2) does not have this version and recommends an update of the signature.

  I downloaded the file IDS-K9-min-4.1-1-S47.rpm.pkg to the web site of Cisco and attempt to update the signature in accordance with the instructions in the ReadMe file.

  I received the following message:

  "Failed to update the object. The provided update package seems to be corrupted, or refused permission to read the file. Please check the contents of the update package and try the operation again. »

  I checked the downloaded file's MD5 signature, and it's OK. I tried to download the file again and I got truncated versions (size about 256 KB).

  I use the correct file? How can I get the correct version of the file? Am I missing any parameter?

  Thank you for your help.

  What you have is the package of real update to the sensor itself. If you use MC to push updates, you need the package from the following location:

  http://www.cisco.com/cgi-bin/Software/Tablebuild/doftp.pl?ftpfile=cisco/crypto/3DES/cw2000/mgmt-ctr/ids/ids4updates/IDS-K9-min-4.1-1-S47.zip&swtype=FCS&software_products_url=%2Fcgi-bin%2Ftablebuild.pl%2Fmgmt-ctr-ids-ids4updates&isChild=&appName=&tbtype=mgmt-ctr-ids-ids4updates

  It contains the files needed for the update of MC and the real update package will be pushed to the sensor.

• Access denied to the IDS MC after update 4.1.2 - s58

  Friday 7, I did the upgrade of four of our device IDS sensors. No problem. Later, I did the upgrade on the MC of the IDS and the next logon, I did ' t access more IDS MC and security monitor:

  "You are not allowed to ask the Action associated screenID: ' / s510"' or ' you are not allowed to ask the Action associated screenID: ' / s550 "' according to the screen I want to access." "" "

  Now it seems to be a problem with authentication via ACS (GANYMEDE +) in combination with fallback to local CS Authentication. However disabling fallback or ACS does not solve the problem. Before this upgrade, we have this problem (of course).

  We are talking to our supplier and an action has already been committed, but after a week, we do not have a solution yet.

  It's really urgent, because we have more access to our events.

  MC ID is always generating reports and send emails to us. It's a pure access problem, I think.

  Is rather peculiar, that we cannot change also the AAA server in the administration of virtual machines (IDS MC). He always wants to check with a GANYMEDE server + even though we have configured local authentication CS in CS security settings.

  Best regards

  Johan Derycke.

  Johan,

  If you've not done so alreacy, go to

  VMS > Administration > Configuration > AAA Server Resync and make sure that it is set on Cisco local works.

  Thank you

  Chad

• Network IDS Sensor/system and retrieval of Images

  Ok.. on this page:

  http://www.Cisco.com/Kobayashi/SW-Center/ciscosecure/IDs/crypto/

  Objective: I want to burn an image from the Images "system and recovering" rather than order a CD from recovery for IDS.

  Issues related to the:

  1 is it possible or not that you must order the recovery CD?

  2. I see that the files under 'System and recovery Images' are in the format tar.pkg. Is this based on Linux or Solaris? Can I use Red Hat Linux to extract this file and then burn it to a CD?

  3. If so, is - anyone know how to extract the file?

  -TKS.

  Answers:

  (1) No, you must order the recovery CD.

  (2) there are 2 types of files: System and recovery.

  The system Images (- sys-) are used only for the installation of sensors that support ROMMON (like the 4215 IDS, IPS-4240 and IPS-4255). The sensors supporting ROMMON have no CDROM drives, and so the image must be tftpd to the sensor through ROMMON.

  System Images are used for recovery after disaster where the compactflash/hard disk from the sensor has been severely damaged or a new white compactflash/hard disk was placed in the sensor.

  Recovery (r) - Inages updated only the probe recovery Partition. They must be installed from a running Application Partition. The .pkg is a special Cisco IDS application-specific extension. There are special methods for unpacking and installation of the unerlying files.

  In ordinary situations the user will constantly update their software to sensor by the normal process of upgrade using large updates (- shift-), minor updates (- min-), Service Pack (sp) - or Signature updates (-- GIS).

  It isn't that where the effective Partition becomes corrupt that a user must always start on the recovery Partition and load a new Partition of Application.

  Most of the users will never update their recovery Partition. Thus, users who have purchased the IDS-4235 for example with the 4.0 software (1) will be a 4.0 (1) recovery Image. If they later upgraded to 4.1 (1) and the experience of corruption then they can always start the recovery Partition and reload 4.0 (1). If they do not want to return to 4.0 (1) provide us a recovery Image to update the Partition recovery to 4.1 (1).

  The only time wherever a recovery CD is really necessary is when the user goes from 3.x, 4.x, because of the drastic change between the 2 versions, or if the recovery Partition has also been damaged, or if you use a blank hard drive.

  3.

  I don't think the recovery or System Images contains the files needed to create a recovery CD. If I just remember additional files have been added to the recovery CD to make it bootable, which were not necessary on the system image or recovery since they were based on a sensor that was already underway.

• Setting up the IDS

  Hi all

  I need to hear from all the experts of the forum,

  I'm setting up the 2 sensors (4215):

  external sensor - deployed in front of the firewall of my network.

  internal probe - deployed after the firewall

  My problem is:

  (1) what are all the signature (more likely), I need to tune or consider listening to w.r.t. external or internal sensor.

  (2) the 2 sensor are in promiscus mode, if I put them online - which parameters to take into account to avoid network failure.

  (3) I set some of the signature, but I don't see the warnings in IEV.where should I look on troubleshoot.

  (4) image for 6.1E2 of 8,0000 E2 4215 supports.

  (5) fact IME Support IDS.

  (6) after upgradation only the newly updated signatures has been activated automatically or you must activate them manually.

  Could someone, please suggest me for the above.

  Thanks in advance,

  Navin

  IME does not support IDS (4.x and old code). This is a replacement (with improvements) for the old VEI.

  Concerning

  Farrukh

• If the IDS 4215 platform support E4 7.0 (2)

  Hello

  We are trying to upgrade the engine in our IPS and IDS devices. We have a single device IDS 4215 in our environment that installed with engine E3. Please let me know as this engine support E4 with 7.0 platform (2) version. If so, please update me with the name of the .pkg file. Thank you.

  Vinoth salvation,

  The IDS-4215 sensor does not support the version of the IPS 7.0 software. The latest version of the software supported on this platform is 6.0.

  He argues, however, E4 engine in combination with the version of the software 6.0 (6).

  To upgrade your sensor to the E4 engine (and use the latest signatures), improve it with the 6.0 (6) E4 software package pkg file.

  You can download this update from the link below:

  http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Intrusion+Prevention+System+%28IPS%29+System+Upgrades&mdfid=278244333&treeName=Security&mdfLevel=Model&url=null&modelName=Cisco+IDS+4215+Sensor&isPlatform=N&treeMdfId=268438162&modifmdfid=null&imname=&hybrid=Y&imst=N

  If you are currently using version 6.0, you will just need the "IPS-engine-E4-req-6.0-6.pkg" file to upgrade the engine, if you are on an earlier version of the software, you will need to download "IPS - K9 - 6.0 - 6 - E4.pkg"

  Be sure to read the readme file before the upgrade:

  http://www.Cisco.com/Web/software/282549759/32618/IPS-Engine-E4.Readme.txt'

  Let me know if you have any other questions.

  Best regards

  Stijn

• CSPM - 2.3.3i - S33 - exe IS NOT being handled IDS Sensor Version 3.1 (2) S25?

  After updating cspm2.3.3i to CSPM - 2.3.3i - S33 - exe of the magician. singnature update | next | load the cspm sensor signature update, I get messages warng to the sensor. order | status of the generations

  ------------------------------------------

  WARNING MESSAGES

  IDS Sensor Version 3.1 (2) specified S25 is newer than the last

  supported version. All the features are not supported.

  -----------------------------------------------

  What's wrong?

  It's just a warning message and a bug is cosmetic. You can ignore the message and click on generated orders to push the config.

  hope this helps,

  -Nairi

• The IDS MC Import configuration

  Hi all

  I installed IDS MC and SecMon on a new server and now I want to import all of the configuration (user, device, config,...) from the old server again.

  What should I do?

  Thank you

  Marco

  the best way to do this, just set up your fancy server, new virtual machines and then 'discover' sensors with this new box. Once you've found the sensor, then "import" in SecMon.

  all configs are stored on the sensor, then everything should come through, for example, the signature parameters, filters, etc..

  After you generate your new server, make sure that you update ID mc to the last sigs.

  hope this helps,

  Chris

• Update of GIS with MC and NAT

  I have (yet) to try uprade my IDSM2 with MC 2.2 VMS, but review of audit logs displays a message like the following:

  An error has occurred during execution of the script of update on the sensor named ID-mo-say-1. Detail = CLI error: "taken from port 443 tls trusted host 10.237.86.132 ip address connect failed [4 110].

  Looks like a script tries to run from the sensor to the MC Server. The problem here generate from the PIX firewall between the sensor and the server that address the real NATs MC 10.237.86.132 for the sensor in 10.237.85.113. Changing the real address using NAT, can we solve the problem? If so, how can I do that?

  Kind regards

  Paolo

  It's the solution that we use, and it seems to work. Change the IP address of the virtual machines to the NAT address box ' ed the sensor sees in the following files. Try it, but make sure that you keep a backup

  NOTE the IDS - MC 1.2.3 isn't compatible NAT to its own interfaces when upgrading (it does not support entered a NAT address for sensors). If you need NAT the MC, PLEASE proceed as follows:

  Stop the CiscoWorks Daemon Manager.

  Edit the following file: \CSCOpx\MDC\etc\ids\xml\SystemConfig.xml

  Find the line that looks like: x.x.x.x.

  Replace x.x.x.x by the correct IP address.

  If you have a MC ID installed, copy the file just to edit \CSCOpx\MDC\Tomcat\vms\ids-config\web-inf\classes\com\cisco\nm\mdc\ids\common\SystemConfig.xml.

  If you have the Security Monitor installed, copy the file just to edit \CSCOpx\MDC\Tomcat\vms\ids-monitor\web-inf\classes\com\cisco\nm\mdc\ids\common\SystemConfig.xml.

  Restart the CiscoWorks daemon manager.

• Tecra M5 - can't find the fingerprint sensor

  I have Tecra M5 with Windows 7 and I'm putting software fingerprints (protector suite QL) but old version is not compatible and new (taken from the Toshibas site) do not work. It just says: 'cannot find code 0xe7210005 of the fingerprint sensor device '. material is integrated.

  In the system's peripheral unknown ACPI\TOA620A, but it cannot be updated. Windows cannot find drivers and support package (driver_fingerprint_upek_TC00237700A) or (2.19C_package) has no driver that should be?

  Hi monono.

  Did you remove the old version of the fingerprint software before installing the new version? Remove from Control Panel > uninstall programs and remove the software before installing a new. Also use a registry cleaner like Ccleaner to clean the registry.

  Fingerprint work with OS preinstalled Toshiba?

• Cannot control the color sensor in LabView for Mindstorms

  Hello!  New here.

  I'm currently boning on LabView via 'LabView for Lego Mindstorms' for a possible job in the near future, and I encountered a problem from the beginning.

  I am programming my brick Lego of LabView to simply activate the color sensor which is quite easy: I'm building a while loop and inside I have a block of color sensor attached to a block of text that displays the light intensity of the probe in the text on the brick.  I compile and run the detector turns on and I can read the intensity constantly updated on the brick.  This part works fine.  I would now like to control the light sensor (that doubles as a light source with color LEDs) on the front of the LV Panel.  The book I'm using (LabView for Lego Minstorms) says I should block sensor on the entry "generate light' do right click and choose"Create--> Control"in the menu that appears.  A Boolean command button should appear connected to the sensor block in the block Panel and a push button should appear in the front panel.  This is not what is happening.  Here, the two things are different.

  (1) I have no port "generate light" click on right-click.  This is probably using a version more day of Mindstorms that uses of the book.  It's a matter of book/Mindstorms, which probably cannot be resolved here but I hope that the next issue of problems will make it irrelevant.

  (2) I right click and create the control, but rather than create a Boolean command button as the book predicts, it creates an icon "BrickReference.lvclass".  He connects very well with the light sensor and a corresponding block is created in the front panel, but it is a paper weight that I can tell.  I can't do anything with it.  There are no buttons to push, no slider, button, button radio etc and I can't seem to change into something that somehow work.  I have delete and don't create a no kidding Boolean button from the library, but it does not connect to the photoelectric cell and so I can not compile.  So now, I'm a little stuck.

  I searched "Reference of the brick" online in the context of LabView class and have found little or nothing that talks about its definition or how I can use it to control the light via the front panel sensor.  Help with the software section is not much help, and yet I'm sure there must be a way to control a simple Lego light sensor of the façade for debugging purposes and others.

  If you know what I'm doing wrong or if you know a finish around this issue that will allow me to control a Mindstorms brick from the front in this way, please let me know.

  Thank you!

  Try to post in the forum of Lego.

  http://forums.NI.com/T5/LabVIEW-for-LEGO-MINDSTORMS-and/BD-p/460

• Problem pairing and using Bluetooth THE TI sensor Tag with Z10

  I can't pair and use THE TI Bluetooth sensor Tag with my Z10 on OS version 10.1.0.273.

  I can find out the sensor with bt_disc_retrieve_devices Tag, but when I try to pair with bt_rdev_pair, I get an "Operation not permitted" error (EPERM). If I skip the step of pairing and just the list of services with a bt_rdev_get_services, I get an error "No such file or directory" (ENOENT). Same thing happens in the settings menu bluetooth where I can see the device, but it fails to the pair.

  And then, when I try to connect directly to a service with bt_gatt_connect_service, I get an error 'No such device' (ENODEV), which leads me to believe that I have to be paired first to connect to a service.

  The sensor Tag I pairs and connects very well with an iPhone 4S and on the flipside, my pairs fine Z10 with other devices THE bluetooth so I don't know which side prevents matching. I was actually at the session of JAM62 to BB Live 2013 and devices we were seemed to pair well with the TI sensor tag. Not sure if the version of the OS has nothing to do with it.

  Anyone else having these issues with the TI sensor Tag matching or know of ways to solve this?

  Updated the Tag TI with TI WHEAT SDK 1.3.2 sensor and now it matches successfully. Thank you!

• Fleeing from a host on the PIX 520 but alerts that are still coming to the IDS

  Last week I saw allot of traffic from a particular host that triggers alerts IDS. After investigating the source, I added a statement SHUN to the pix. When I do a 'sho shun stat' of the NTC for this host is quite high (352) and rises. I still get alerts of the IDS on this particular host (Fragment IP and host sweeps). I guess if I was fleeing from an IP address, I don't receive alerts of IDS on that. Can someone explain what I am doing wrong? Thanks in advance.

  Seems obvious, but can't hurt to ask - where the sniff of your sensor interface? Of course, if your sniffing interface is located outside the pix, then junk traffic will always reach the pix - it just won't be through it.

  In addition, are fleeing this host for these alarms? Doing a show 'show shun' that host being blocked FOR the time you see alerts for this particular host?

  Jeff

• CSPM is unable to talk to the IDS

  I have the following configuration on the IDS

  Sensor:

  IP address: 204.142.253.99

  Subnet mask: 255.255.255.0

  Default gateway: 204.142.253.254

  Host name: IDS

  Host ID: 99

  Host port: 45000

  Agency name: ECC

  Organization ID: 100

  -MORE-

  Director:

  IP address: 204.142.253.98

  Host name: CSPM

  Host ID: 98

  Host port: 45000

  Pace heart rate interval (seconds): 5

  Agency name: ECC

  Organization ID: 100

  A direct JOINT Telnet access: enabled

  Entries in the current list:

  [1] 204.142.253.98

  [2] 204.142.253.55

  [3] 204.142.253.55 0.0.0.0

  but I'm not able to telnet or ping 204.142.253.99 (IDS) of 204.142.253.98 (CSPM) or 204.142.253.55

  I'm not sure of the following:

  1. how to assign the host id?

  2. how to assign mask with IP addresses allowed to access IDS via telnet

  If you cannot ping the ID then it is usually because him vlan command and control was did not in place yet.

  (1) determine what vlan is used for the 204.142.253.0 network.

  (2) make sure that CSPM is connected to the switch through a port in the same vlan (either directly or through a hub or to another switch).

  (3) assign the port command and control of the METHOD to this vlan (this is the part that many people forget): value vlan vlan # mod #/ 2 example: define the vlan 100 5/2

  (4) verify that CSPM can ping both the default gateway 204.142.253.254 and the METHOD.

  (5) check that JOINT can ping CSPM both default Gatewate.

  With regard to your questions:

  Using the last octet of the ip address is generalist, expecially when all the machines are on the same network. If you deal with IDS sensors on several networks, you will need to come with your own convention. NOTE: The identifier of host in CSPM has been assigned during the installation of the CSPM. You must make sure that ID host used when installing CSPM is the same as the one you entries to CSPM for guests to be installed on the sensor.

  Masking used in the access list works exactly the opposite of a normal netmask. For example, with a class C, the network mask normal would be 255.255.255.0, but in the access list you must represent as 0.0.0.255. You say the sensor the bits are variables rather than what the bits are for the network.

  To allow your 204.142.243.0 any network you would use the 0.0.0.255 mask.