IDS & Cisco Works SIMS

Hello,
I try to integrate a IDS 4.1 appliance to Cisco Works SIMS 3.1 (Netforensics) . But I fail for 2 days now. I can see that the CSIDS4 agent tries to connect to the IDS sensor with TCP port 443 but in the logs I always can see a "failed to conntect host".
I configured the "NF CSIDS Agent":
"Date Processor Data1" -> "CSIDS4 AGENT PROTOCOL" -> "MODE = SECURE"
There is a field: "signature"
Do I need fill out that field? What is the correct input for that field?
Or ist "mode" secure the wrong mode?
Has anybody integrated a Cisco IDS 4.1 to NetForensics 3.1 successfully?
PLEASE HELP!
Thanks a lot
Markus

Hello,
On the IDS Sensor I found that error events:
evError: eventId=1050261859615885102 severity=error
originator:
hostId: idssensorgraz01
appName: cidwebserver
appInstanceId: 11821
time: 2004/10/18 07:28:23 2004/10/18 09:28:23
errorMessage: name=errUnclassified srvcReq protoErr: unexpected_message [10,0]
2. evError: eventId=1050261859615885103 severity=error
originator:
hostId: idssensorgraz01
appName: cidwebserver
appInstanceId: 1153
time: 2004/10/18 07:28:23 2004/10/18 09:28:23
errorMessage: name=errTransport WebSession::sessionTask(4) TLS connection exception: handshake incomplete.
Maybe that helps?
Markus

Similar Messages

  • Cisco works windows 2000 server (IDS)

    I installed cisco works prepared for monitoring IDS Sensor, but i have some problem Access Apache windows folders
    Error: The requested URL cannot be reached because client denied by server configuration: c:/program files/cscopx/htdocs/csconm
    Description: 403 Forbidden is the HTTP status code returned by the Apache web server when either the user or the server itself has insufficient access rights to the URL.
    You are not allowed access to this URL due to insufficient access rights. This may be due to an incorrect installation of the product. Please refer to your product's installation guide.

    Please try the following:
    Stop Daemon Manager. Type in "c:\net stop crmdmgtd " in the Windows command line
    Then go to: NMSROOT\lib\web\conf\allow_files.conf (where NMSROOT is Progra~1\CSCOpx)
    Please check if this file has the following entries
    /index.html
    /login.html
    /mainPanel.html
    /JSP/cmf/admin/index.jsp
    /login1.html
    Afterwards, restart Daemon Manager. Type in "c:\ net start crmdmgtd" in the CLI.
    And try to access the server again.
    HTH,
    -J

  • Cisco Works NCM Driver for Cisco IPS/IDS

    Hi,
         Does anybody happen to know if there are drivers for the Cisco Works NCM that support Cisco IDS/IPS devices?
    Thanks!!

    http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_book09186a00807a8a2a.html
    your vendor is on crack
    you can do any think you want .... but depends how many ports you have on the IPS
    If you get an ips 4215 w/ 4 fastethernet ports you can do any combination

  • How to install Cisco Work 3.2 on Windows 2008 Server Standard R2

    Hi Everyone,
    I have got Cisco Works LAN Management 3.2. But the problem is that i have a Windows 2008 Server Standard R2 and when i try to install, it fails. What I read from the below link is that it supports
    "Windows 2008 Server Standard and Enterprise Edition with Service Pack 1 and 2. Both 32-bit and 64-bit operating systems are supported on the above versions."
    http://www.cisco.com/en/US/partner/prod/collateral/netmgtsw/ps6504/ps6528/ps2425/data_sheet_c78-534877.html
    Please help me out on how i should install on the Windows 2008 Server Standard R2. If there is any patch or any other way out.
    Awaiting your response.
    Farid

    Hi ,
    LMS 3.2 is not supported on Windows 2008 Server Standard R2.
    here is the supported platoform for LMS 3.2
    http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/3.2/install/guide1/prereq.html#wp1110367
    Thanks,
    Gaganjeet

  • Cisco Works - need to re-use a 3560, how to delete and re-add in Cisco Works

    Hello.  I did not see a cisco works section on the forum, forgive me if it's there and I missed it.  I have removed a 3560 switch from one location and am going to rename it (same IP though) and deply it in a different department.  We have cisco works sending critical and informational alerts as well as backup the configs on Sunday mornings.  I think I was able to get it to stop sending alerts when I unplugged and unhooked the switch.  I want to give the switch a new host name and re-deploy it.  I assume it will be easier to delete and then re-add the switch to cisco works.  Is the a document where I can follow steps to remove it from cisco works?  I have the documentation, but it is hard to read and they don't really have an area that specifically says "remove a switch from cisco works", and I don't want to break everything for the other 55 switches that cisco works does do the alerts and backups for.  I know cisco works is full of different modules, so I was wondering if there was a document or some type of help I could get for doing this.  Any help would be greatly appreciated.  Thanks.  Mike Baker

    Hi,
    It sounds like a tutorial may be what you are looking for. Here is one based on LMS 3.1.
    https://learningnetwork.cisco.com/docs/DOC-4031
    To remove a device from DCR (Device & Credential Repository) navigate to Common Services > Device and Credentials > Device Management.
    Thanks,
    Nick

  • Cisco Works Integration with MARS

    Can cisco works be integrated with MARS. I mean cisco works is acting as a syslog server for some switches. Can mars pull the records from Cisco Works and use it for its co-relation

    As Michael pointed out, configuring two syslog destinations on your switch is possible, and allows the switch to send to both CiscoWorks and CS-MARS simultaneously.  This affords the safety that should one system be down, the other system will continue to receive syslog events from the switches.  Should you not wish to configure two logging destinations on your switch, you could configure your switches to send their syslogs to CS-MARS and configure CS-MARS to relay the received syslog messages to CiscoWorks.  This options is outlined in the CS-MARS user guide:
    http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/user/guide/combo/cfgOver.html#wpmkr181270
    Scott

  • Cisco Work (LMS 2.6) Device Configuration

    Hi,
    Can anyone tell me where is the default location of device configuration ( Running conf ) saved in Cisco Work (LMS 2.6) Server.
    Thanks & Regds,
    Lalit

    if you enable the so called shadow directory feature under:  Admin -> Config Mgmt -> Archive Mgmt -> Archive Settings
    then the defaut location is \CSCOpx\files\rme\dcma
    Cheers,
    Michel

  • HT201415 I inserted a working sim card but iPad(2) says "no SIM" - cellular data setting greyed out

    I inserted a working SIM card into my iPad 2. It picked up the network but later gave a message saying "No SIM". The Cellular Data control option is greyed out so I cannot get in to this function. I have tried removing the SIM and re-inserting as well as re-starting. This made no difference. Any suggestions why this is the case? I have tried the SIM in my iPhone 4 and it works fine. Thank you.

    The SIM was taken from my iPhone. It is an extra line and was used for voice calls etc. So, it appears as though I need to get a dedicated data SIM. Appreciate the assistance..many thanks!

  • Cisco Works LMS 4.0 doesn´t start

    Hello All
    i have big trouble with me LMS 4.0 installation. I did an Upgrade from LMS 3.2 to LMS 4.0. After that the Works was running without any problems. After some days i´d tried to login on the LMS and it told me something like my lincens where corrupt or so. I´d tried to start the CiscoWorks Demon Manger but he didn´t start. OK after some investigation at the i-net i decided to perform a clean installation of the Server an Cisco Works.
    So after i do thes i´d perform a restore of my old Data from LMS 3.2. Now i investicated that my ANI Server Falied to start. OK than i tried to restart the Works Demon ... f... and what will happend ?!?!?! The demon doesn´t start. Can someone help me ?!?! Please i will not perform a new istallation again.
    C:\Windows\system32>net start crmdmgtd
    The CiscoWorks Daemon Manager service is starting.
    The CiscoWorks Daemon Manager service could not be started.
    The service did not report an error.
    More help is available by typing NET HELPMSG 3534.
    Thanks
    Mario
    Hi i have an update for this issues ... After i´d tried to start all Works- Services be hand ... all Services will start execpt the deamon ... When i loged in i get messages "License Server/Deamon Manager is down. Please  check license.log for more information."
    Thats the same situtaion befor the new installation.

    Hi Afroj
    i´d just have an update for you and maybe for Martin. I´d checked the services and investigate that the ANIDatabase Engine
    was not stoped. After i stoped the service "by Hand". I tried to reinalize the Database and see ... IT WORKS ...
    D:\CiscoWorks\CSCOpx\bin>perl.exe dbRestoreOrig.pl dsn=ani dmprefix=ANI
    WARNING: Existing contents of ani database will be lost.
    Do you want to continue [y/n]?y
    INFO: Starting the DataBase
        Starting database engine aniEng
    INFO: Process created
    INFO: Started the Database engine : aniEng Retry 0
    INFO: Started the Database engine : aniEng Retry 1
    INFO: Started the Database engine : aniEng Retry 2
    INFO: Started the Database engine : aniEng Retry 3
    INFO: Started the Database engine : aniEng Retry 4
    INFO: Started the Database engine : aniEng Retry 5
    INFO: Started the Database engine : aniEng Retry 6
    INFO: Started the Database engine : aniEng Retry 7
    INFO: Started the Database engine : aniEng Retry 8
    INFO: Started the Database engine : aniEng Retry 9
    INFO: Getting message
    INFO: Connect the database dsn=ani
    INFO: Connected the Database
    INFO: Command Executed
    INFO: Connecting the Database ani
    INFO: Company=Cisco Systems;Application=NMTG;Signature=010fa55157edb8e14d818eb4f
    e3db41447146f1571g32125eb777a87cbf8b29a954f559d4221b792ff8
    INFO: Preparing AUTH cmd
    INFO: AUTH Executed
    INFO: AUTH cmd finished
    INFO: Stopping the Database engine ani
        Stopping database engine aniEng
    INFO: File not exists.SQL Anywhere Command File Hiding Utility Version 10.0.1.40
    51
    INFO: Database [ani] authenticated successfully.
    ani database initialization is completed.
    D:\CiscoWorks\CSCOpx\bin>
    D:\CiscoWorks\CSCOpx\bin>pdshow ANIServer
            Process= ANIServer
            State  = Running with busy flag set
            Pid    = 11136
            RC     = 0
            Signo  = 0
            Start  = 8/22/2011 1:01:29 PM
            Stop   = Not applicable
            Core   = Not applicable
            Info   = ANIServer started.
    Many Thanks for your help ...
    Regards
    Mario

  • Cisco works LMS 3.0.1 cannot archieve configuration for cisco 3000 series vpn concentrator

    Hi All,
    Our problem is, we have Cisco Works LMS 3.0.1. cannot archieve configuration for cisco 3000 series vpn concentrator.
    Any help would be greatly appreciated.
    Thanks in advance.
    Samir

    Make sure you have filled out all of the HTTP/HTTPS credential data in DCR for these devices.  RME will only use HTTPS to fetch VPN concentrator configurations.

  • Cisco works LMS 3.0.1 does not archiever configuration for cisco 7201 router

    Hi All,
    We have Cisco works LMS 3.0.1 and it does not archiever configuration for cisco 7201 router.
    Any help would be appriciated.
    Thanks in advance
    Samir

    Hi,
    *** Device Details for d0151-100 ***
    Protocol ==> Unknown / Not Applicable
    Selected Protocols with order ==> TFTP,SSH,HTTPS
    Execution Result:
    Unable to get results of job execution for device. Retry the job after increasing the job result wait time using the option:Resource Manager Essentials -> Admin -> Config Mgmt -> Archive Mgmt ->Fetch Settings
    This is the error while doing syn archieve.
    I am not sure about Rtr7000 version but we have latest Rtr7000.
    Waiting for your kind reply.
    Samir

  • Cisco Wireless LAN Controller 4402 under Cisco Works RME 4.0?

    I am trying to manage a Cisco 4402 using non-default snmp communities from Cisco Works RME 4.0.  RME Credential Verification fails with “Device Not Supported” recorded against selected option; however, the controller does respond to snmp queries.  The 4402 has snmpv1 through snmpv3 enabled; and the snmp communities are associated with the correct client IP.  Is the WLC only responsive to snmp from the WLS and should the box be manageable via it’s management interface.  ICMP and telnet to the WLC from RME works OK.
    Advice and Guidance would be greatly appreciated.

    What firmware version are on the WLC's..... minimum is 5.0.148 per the RME Table.
    http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_resource_manager_essentials/4.0.5/device_support/table/RME405.html

  • Cisco Works LMS 3.1 Integration with ACS v5.2

    Hello Experts,
    our customer has a working integration with the Cisco Works LMS 3.1 and an ACS v3.3 as it is described in this document:
    http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps2425/prod_white_paper0900aecd80613f62.html
    Now we are changing the old ACS Servers to the new ACS v5.2 platform. Is it possible to integrate the LMS to the new ACS Server? We want to use a granular user access restriction for SuperAdmins, Hotline Users an so on...
    Thanks,
    Florian

    Hi Florian,
    actually the ACS 5.2 is not supported in CS 3.2
    here is a list of the supported ACS servers under LMS 3.1
    http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.2/user/guide/admin.html#wp865998

  • Attempting to upgrade Switch IOS with Cisco Works 2.06

    I am running RME version 4.05 and am trying to test pushing IOS images on a 3560 48port PS switch running 128mb ram and 16mb flash. When I run an analysis on Cisco works it states I only have 127mb of ram and 15 mb of flash. Is this a known bug in Cisco works. I am concerned if I upgrade with the current ram I have it will not work.

    Which report are you running specifically? I have seen something like this before.

  • Cisco Works - Campus Data Collection

    Cisco Works - Common Services 3.0.3, Campus Manager 4.0.3, RME 4.0.3
    I have devices that are "discovered" via Device Discovery, but do not show up in Campus Data Collection. The devices that do not show up, are "reachable" in Device Discovery. I thought all devices in Discovery that are reachable, were sent to Data Collection? I have no filters in Data Collection. It should allow anything.
    Any ideas why Data Collection is not importing those devices?

    you could watch the Discrepancy reports on Campus Manager, maybe it could help you, it would be a duplicate hostname or IP address.
    it happened to me and it was because i had a duplicate hostname

Maybe you are looking for

  • Local and ISP DNS

    Hi all, i have a local DNS server for some local stuff like website,ldap and so on and the normal ISP DNS. On Client i have entered the local DNS IP (xxx.xxx.xxx.xxx) and the ISP DNS IP (yyy.yyy.yyy.yyy). So here is my problem when the Local DNS IP i

  • Fire-wire power supply?

    Hi, just a short question. Can I use my fire-wire power supply and the appropriate cable from my 4th gen. classic ipod (monochrome display) to charge the battery of my ipod nano 3rd gen.? Or do I have to use a new USB power supply? Thank you! Mike

  • Index

    Hi, I had this mssg and i followed the steps as posted by the experts here. <b> Be aware of Note number 597909 when setting line item DataSources Message no. GQPI 063 Diagnosis You have successfully generated an extraction structure for the FI-SL lin

  • PO PDF location

    Hi I want to open the old PO PDF using sql. Please let me know the table in which PO PDF is saved. Regards

  • When will Ethernet Port on Fios STB be available?

    It has been over 18 months since tech support indicated that the ethernet port on the back of the STB will be turned on soon. Is there an ETA? Thanks.