IDS Sensor 4.1 doesn't capture events.

Similar Messages

• 2 mars boxes - 1 IDS sensor

  hi - need a sanity check - we have a dead IDS sensor.  that sensor normally talks to MARS server 1.
  while being replaced, in the interim, the suggestion was made to utilize an unused interface on another IDS sensor (this one currently talks to MARS server 2).
  the end result would be 2 distinct MARS boxes trying to pull logs from the same IDS, which would be sniffing traffic on multiple interfaces until the replacement IDS unit is installed.  Assuming a lot of reconfiguration on the MARS side to accomodate the temporary setup, but  beyond that, is it even possible to do this?  I would think the MARS boxes would potentially conflict when connecting to the IDS and copying logs?
  thanks

  thanks Scott and Halijenn
  so if I can have 2 MARS boxes pulling events, then a remaining (secondary) issue is that processing the "new" events (on the previously unused interface / network) will require some reconfiguration on the MARS servers - the MARS box that currently sees this IDS will need to know what to do with the new event stream (from the add'l interface), and the MARS box that currently looks at the dead IDS will have to know that it's now looking at a different IDS (temporarily).
  my main worry is that the monitored network where the dead IDS lives is extremely noisy, and the "surrogate" IDS where we're thinking of lighting up the add'l interface is by design very quiet.  We're essentially introducing a ton of noise into an otherwise quiet IDS/MARS relationship (which is tuned accordingly) - it will light up like a Christmas tree - this seems to suggest a lot of re-tuning / filtering / etc. to accomodate the temporary change and additional noise.
  is there a way we can split an IDS event stream coming into MARS so that the previously "quiet" MARS ignores / drops any "new" events from the newly activated IDS interface?  It would be good if we can set this up in a way that the MARS box already talking to the surrogate IDS will not be impacted by the additional data.  Will a specific list of monitored networks added in the MARS IDS config for the surrogate IDS help out here?
  not sure we will go this route but just want to understand the implications.
  thanks again for jumping in...

• When I subscribe to a calendar it doesn't show events in my ical even though it is refreshed

  When I subscribe to a calendar it doesn't show events in my ical even though it is refreshed & is linked to iCloud - any ideas please?

  Is the calendar checked in the list of calendars in the popup menu in the upper left corner?

• OpenScript DOESN'T capture Java Applet popup window

  I am testing an airline website that requires to choose a Departure and Returning Date from a web.button called 'View Calendar' which is a Java Applet. During recording, it doesn't capture the View Calendar as an object and therefore, i am unable to test the validity of the dates chosen.

  I haven't seen an Applet module in OpenScript yet, you might have to use OFT to build the script

• RFI Buyer Printable View report doesn't capture questionaire responded by Suppliers

  Reference SR 3-9765282261 : RFI Buyer Printable View report doesn't capture questionaire responded by Suppliers (@Bug/ER#: 20623991)
  Hi,
    As part of the Business Process we submit RFI template for supplier to fill up the questionnaires. After supplier responded, the answers will be captured in Oracle SLM.  Buyer has the option to view responses in various way and format.  For the above case, go to Action list, select "Buyer Printable View" in specific RFI, the report in PDF format is launched.  However, only questions are available, it does not include supplier's feedback.  Is this standard function?  I think this is a bug though but I was told not

  This is standard functionality, as the printed copy is circulated to the suppliers.
  Sent from my iPhone

• Management Center for IDS Sensors - version error

  Hi
  I’m experiencing problems installing an IDS on CiscoWorks2000 Management Center for IDS Sensors. When I add a sensor I get the following error “Error importing configuration files from the sensor - Could not find version in string "Unknown version” with “discover settings” ticked. The sensor is an IDS 4210 version 3.0(5)S17. I have tried to install manually but keep getting “sensor not connected” in Security monitor.
  Thomas

  You will usually get this error message when there's a problem with, SSH Fingerprint.
  Check the following URL for work around.
  http://www.cisco.com/en/US/products/sw/cscowork/ps3990/products_user_guide_chapter09186a0080104f38.html#xtocid6

• IPhone sensor ( auto rotate ) Doesn't work !!

  Hello
  I bought an Iphone 4S-16G last week and I understood that on of my Iphone sensor ( auto rotate ) doesn't work it means when I landscape my iphone my messages or photos or in a games doesn't rotate , Now what should I do ?
  I already restored and turned off and turned on and checked rotation option in portrate oriention by double clicking but it didn't work .
  Please Help me .

  oops my bad, you did say exactly that you had tried that. Sorry. Also you already Restored too. Only thing I could add, is to Restore as New iPhone, at end of Restore when prompted Set Up as New iPhone. And then see if better. Anyway, iPhone 4S has full Warranty, make Genius Reservation and take iPhone to Apple for resolution.

• MS exchange account on my iPhone and iPad doesn't capture sent mail when sent from iPhone or iPad! Everyting else seems to work fine. Can someone pleasse help?

  MS exchange account on my iPhone and iPad doesn't capture sent mail when sent from iPhone or iPad! Everyting else seems to work fine. Can someone pleasse help?

  iPhone and iPad use a different way of accessing the server.
  I don't know the exact details, but we are using Zarafa instead of Exchange and have the same problem:
  iPhone and the likes can connect to Zarafas z-push interface, which is some identical interface to the native Exchange interface, while the desktop e-mail application tries to interface with the web front end (via http) of the server.
  These are completely different setups and it depends on the actual installation of the server to get this going.
  So, you will most likely need different access parameters for the desktop - and the web mail feature has to be enabled on the Exchange server.
  In my opinion using the web mail interface is just silly. On the other hand, the native protocol has less features comparedto the web front end, so you are somehow stuck with sins of the past.
  Good luck!

• Capture event c#

  Hi,
  Is it possible to capture event and trigger action? On closing document, message box say "Bye".
  Can I do it using SDK with c# if yes then please guide me how. If NO then  let me know how it can be possible.
  Thanks

  Please tell me more which C++ based plugin I can use?
  I can embed javascript with pdf using c#(like app.alert). But I cannot find example of capturing event. Can you please provide me example?
  Thanks

• Capturing events fired by ACtiveX control

  How can i capture events fired by ACtiveX control. i am using RegEventCallback vi, but that controls user driven events. i have an activeX control that fires events at unspecified time, now i want to know how to handle such events in LabView.
  Rubina

  Hi InformaticsComplex,
  Using the Register Event Callback VI is the correct method to capture events generated by an ActiveX control. Register Event Callback registers a VI to be called when the event occurs. I suggest checking out the LabVIEW Help articles Using ActiveX with LabVIEW and Register Event Callback as well as the following examples. I hope this helps!
  Examples (all found in NI Example Finder):
  ActiveX Event Callback for Excel VI: labview\examples\comm\axevent.llb
  ActiveX Event Callback for IE VI: labview\examples\comm\axevent.llb
  NET Event Callback for Calendar Control VI: labview\examples\comm\dotnet\Events.llb
  NET Event Callback for DataWatcher VI: labview\examples\comm\dotnet\Events.llb
  Mike Lyons
  National Instruments
  http://www.ni.com/devzone

• IDS Sensor 4215 not booting..Halts after kernel error..

  Hi all...
  I have a cisco 4215 IDS sensor.After booting it gives a "Kernel Error" and halts.. Is there any way by which i can recover it or bring it back to normal state.Urgent...

  I'm not sure what state your 4215 was in prior to the failure, or at what point in the boot process you are getting the kernel error. You can perform a complete system re-image using either the 4.1(4) or the 5.1(2) system image available on CCO. This will overwrite all configuration settings as well, so you will need to reconfigure the appliance afterwards. Instructions for using the system images can be found in the associated readme files.
  Another option is to manually recover the appliance using the Recovery Partition if you get to that point (GRUB boot menu) in the boot process. This option will maintain some, but not all, of your network settings. If you get to the menu, select the second option to recover the system. It will reboot several times while imaging, and should stop at the login prompt when it is finished.
  Let me know if you are still having problems after trying one of these recovery methods.
  -Rusty

• Pointing IPS/IDS sensors to a 3rd party

  Hey guys, this is probably a simple question but for some reason I can't find a simple answer.
  I'm testing out a Juniper STRM 2500 box and need to point my 4 IDS/IPS sensors to it so it can collect the data and so on. Is there a command to forward events onto the 3rd party device or do I simply set the logging (syslog type) to send to the juniper box.
  Thanks in advance.

  The sensor is an SDEE server, configure the sensor to allow the STRM's IP address and give the sensor login/password to your STRM box and let STRM connect to the sensor.
  The STRM box will have to request the event data from the sensor.

• Capture event from job cancelled in SM37 by workflow, is not posible.

  Hi, i'm learning workflows and i want capture the event ABORT o CANCELLED form job in sm37 and send email to agent recipient but i dont know as to resolve this problem.
  Please , i need help.
  Thanks.

  Hi......
  Look Job : BI_PROCESS_LOADING.........is actually the background job.............in a process chain.......when the trigger come to a load process...........first this job will run........and after completion of this job...........the actual IP will start...............we don't schedule this job.......but u r saying ur loads are fine.........if this job fails......then the IP will not start......so how ur IP s are running........As already suggested............u deschedule the chain........then again schedule it back.......
  Now to check job that exactly fails at 12:00 a.m.....................
  Go to SM37 ............give this job name...............date......and in the time field give the time.........
  Regards,
  Debjnai......

• Is it possible to capture the state of a button outside of capturing events?

  I was wondering if there was a way in Flex to determine the state of a button (i.e. up, down, over, selected, etc..) besides capturing each individual events.  What I am asking is essentially to be able to access the "phase" private member variable of the Button class.  Please advise.

  Actually, nevermind, I was mistaken that the Button.phase parameter was private, it is actually of mx_internal type.  Thanks.

• Viewer IDs in Activity report doesn't display

  Hi,
  I would like to check which page that visited pages by user.
  As I run activity report that placed in System administration > Monitoring > Portal > Activity Report.
  The Last Week's 10 Most Popular iViews/Pages doesn't display Viewer IDs.
  Are there any configure for this report, please advise.
  Many thank for advise.
  Regards,
  Kanok-on K.

  Hi John,
  According from "10 Most Active User" had selected as second type of activity report template.
  Only select report type no more additional configure. But I wonder if I select the third activity report type, how to configure for show Viewer IDs
  Regards,
  Kanok-on K.