PAM user error on ids 4235 Version 4.1(5)S190
this is error message
Sep 9 14:34:30Sep 9 14:34:31 Defiant pam_tally[1321]: pam_tally: pam_get_uid; no such user "sensor name"
it is occuring every minute.
any ideas?
I can only hazard a guess. It looks like something is trying to login in to your sensor, and it is most likely automated.
Is it possible that some kind of network management system is probing your system? Do you have TELNET enabled? WhatsUp from Ipswitch is known to tickle telnet servers with a generic account, I believe, in order to determine the status of the server (up or down)
Another possibility is that you have a RDEP / SDEE client with a misconfigured username (read: typo) trying to access alarms on the sensor.
Have you sniffed your Command and Control interface to see what the offending packets look like?
Alex Arndt
Similar Messages
-
Management Center for IDS Sensors - version error
Hi
Im experiencing problems installing an IDS on CiscoWorks2000 Management Center for IDS Sensors. When I add a sensor I get the following error Error importing configuration files from the sensor - Could not find version in string "Unknown version with discover settings ticked. The sensor is an IDS 4210 version 3.0(5)S17. I have tried to install manually but keep getting sensor not connected in Security monitor.
ThomasYou will usually get this error message when there's a problem with, SSH Fingerprint.
Check the following URL for work around.
http://www.cisco.com/en/US/products/sw/cscowork/ps3990/products_user_guide_chapter09186a0080104f38.html#xtocid6 -
hi,
i have IDS 4235 running ver 4.1(1)S47
i want to upgrade it to act as ips i have upgrdae file IPS-K9-maj-5.0-1-S149.rpm.pkg when i start upgrade process i strats copying file from ftp to ids then i got a message
Error: This hardware platform, , is not supported in version 5.x
is there any solution for this problemHi,
Logon to your sensor to CLI. Run show users all to see your users. If there is one with a Privilege of Service, logoff and login again with that user account. If a service account does not exist (only one allowed), create one with the following:
configure terminal
username service privilege service
Best of Luck. -
Hi Everyone,
I have an IDS-4235 at a customer site. On one of the IDS runnig 4.1 version I am not able to configure an IP address on it. Its giving this, "Error : Could not restart the Network Services. Fatal Error has occured. Node must be rebooted to enable alarming." Is there anything I have to configure before giving it an IP address for management. If anyone can point me to any related documents then it will be helpful to me.
TIA
FaizRun "setup" and follow the prompts, make sure you include your IP in the allowed hosts. Don't worry about setting up NTP just yet.
-
IDS-4235 boots to GRUB after applying 6.0(3)E1
6.0(3)E1 patch applied successfully to our non-production IDS-4215. Applying the patch to our production IDS-4235 causes it to boot directly to grub> command prompt. It appears the system files are there. What command do I need to issue for grub to finish patching and can someone share the content of /boot/boot/grub.conf from IDS-4235 with 6.0(3)E1 so I can boot it manually? Thank you.
Matthew, appreciate you sharing the grub.conf content. As a note for others, from grub I was able to manually boot with the three lines from the default 'Cisco IPS' section:
root (hd0,0)
kernel /vmlinuz-2.4.30-IDS-smp-bigphys ro ramdisk_size=76800 rootrw=/dev/sda2 root=/dev/ram0 init=loadrc nousb console=ttyS0 htlblow=32 hugepages=176
initrd (hd0,0)/runtime.gz
As it turns out the 6.0(3)E1 service pack wiped the content of grub.conf file which is mounted as read only from /dev/boot as /boot. To restore the content of grub.conf as root user (after logging in with support account and doing "su -") remount the filesystem as read write with the following command:
mount -o remount,rw /dev/boot
After restoring grub.conf the appliance can be reloaded normally without manual intervention. Fortunately, it appears the patch broke early enough in the process that nothing else other than grub.conf, as far as I can tell, was affected. The appliance is reporting the prior 6.0(2)E1 version.
I just got off the phone with our reseller support and they and Cisco finally admitted that it's a known issue classified as unreleased bug after saying that IDS-4235 is not supported with 6.0(3)E1 service pack then saying a reimage is needed to fix the grub issue. -
using time warner road runner. when I try to open up safari to home page I get error message that this version does not support the "community toolbar" can't proceed until closing the error message. sick of seeing it
That toolbar/ct plugin seems to cause problems for all who install it!
Close Safari, then locate and delete the following files and it should be gone:
/Library/Application Support/Conduit
/Library/InputManagers/CTLoader
/Library/Receipts/ctloader.pkg
/Library/Receipts/<Toolbar name>.pkg
/Library/Application Support/SIMBL/Plugins/CT2285220.bundle
/Users/<User name>/Library/Application Support/Conduit
where / is the root library on your Hard Disk.
If you are running Snow Leopard you should also look here:
Library/launchAgents/com.conduit.loader.agent.plist
Library/Application support/conduit plugins
Also, as mentioned by Gilli2000:
Library/Receipts - If you read it, it has information in it at the bottom referring extensively to "CT" and "community toolbar".
Maybe it is harmless, but trash those items anyway!
Note: Safari does not support any third-party toolbars except those supplied as an extension to Safari via the Extension Gallery. -
Hi,
I'm having a serious issue with your brend new Cisco Prime Network Control System (NCS) and i would appreciate if someone could give me good answers.
After a background backup task failure, the database was entirelly corrupted and the oracle server no longuer wanted to start. And because of that the NCS web server is unusable, since no one can log in.
We tryed to restore to last known backup obtained after a former suucessful backup. But we get this error:
"ERROR: invalid backup file version. Exception: Error while unzipping invalid wcs 7.x export file"
All the lost data was previously migrated from the former WCS 7.x server. Before this issue everything was working fine.
So we think that the appliance is seeing the backup file from NCS as a WCS backup.
We need to find rapidly a solution. Here is our configuration:
We formerly had WCS 7.0.172.0 hosted on Microsoft Windows Server 2003 SP2 with the above caracteristics:
Intel(R)Xeon(R) CPU 5120 @ 1.86Ghz 1.87Ghz 16GB of RAM.
We now have NCS Version 1.1.1.24 running under Cisco Application Deployment Engine
OS Release: 2.0
ADE-OS Build Version: 2.0.1.038
ADE-OS System Architecture: x86_64I was getting this error too. TL;DR: When you transfer the wcs.zip file to your FTP server, make sure you are using BINARY mode... which is often NOT the default FTP mode.
Long Version:
TO GET THIS ERROR, what I had done was use the Windows CLI FTP command to transfer my "wcs.zip" to the NCS FTP server.
-----BEGIN WRONG STEPS-----
C:\ftp
ftp> open x.x.x.x
Connected to x.x.x.x.
220 Service ready for new user
User (x.x.x.x:(none)): ftp-user
331 User name okay, need password for ftp-user
Password:
230 User logged in, proceed
ftp> put wcs.zip
200 Command PORT okay
150 File status okay; about to open data connection
226 Closing data connection
ftp: 526768949 bytes sent blah blah etc
-----END WRONG STEPS-----
I would then run "ncs stop" and "ncs migrate" and get the "ERROR: invalid backup file version. Exception: Error while unzipping invalid wcs 7.x export file".
I remembered something from my misspent youth: Windows, for no good reason, likes to transfer files in ASCII mode. UNIX (which LINUX comes from) prefers BINARY, and the two do not like to negotiate.
TO FIX THIS, I had to just FTP in Binary mode.
-----BEGIN RIGHT STEPS-----
C:\ftp
ftp> open x.x.x.x
Connected to x.x.x.x.
220 Service ready for new user
User (x.x.x.x:(none)): ftp-user
331 User name okay, need password for ftp-user
Password:
230 User logged in, proceed
ftp> binary
200 Command TYPE okay
ftp> put wcs.zip
200 Command PORT okay
150 File status okay; about to open data connection
226 Closing data connection
ftp: 526768949 bytes sent blah blah etc
-----END RIGHT STEPS-----
NOW when I enter "ncs stop" (actually... had to restart them... then stop them... x.x) and then the proper "ncs migrate" commands, I get a happy output and don't have to go home late troubleshooting this.
" Stage 1 of 5: Decompressing backup ...
-- complete.
Stage 2 of 5: Restoring Support Files ...
: Restoring the Domain Maps ...
: -- complete.
: Restoring the License files ...
: -- complete.
-- complete.
Stage 3 of 5: Restoring Data ...
I hope this helps anyone banging their head against the WCS->PI1.3 install wall.
(Note, WCS needs to be migrated to NCS 1.1.1.24 (NOT NCS 1.1.3!!!!!) before you can migrate to Prime Infrastructure 1.2 or 1.3, because for no readily apparent reason the "ncs migrate" command was removed from PI 1.2 and up. Also note, there is no "Prime Infrastructure 1.1;" they just renamed NCS to Prime Infrastructure after NCS 1.1 because. Yes, the sentence ends there. Great products, all 3, just... agonizing to migrate.) -
Ptlconfig error: Exception resolving Portal version : null/ JDBC connect st
Hi Folks,
i am getting the following error while running ptlconfig on portal 10.1.2.0.2. midtier home to configure portal dad. does anyone know what to do with it? i have tried on metalink and google extensively to see any description or help on this error but have not found anything.
will really appreciate if someone might drop a hint or two.
thanks
syed
-- specs:
win 2003 NT-cmd
AS version: 10.1.2.0.2
portal repos version: 10.1.4.0.0
portal dad = portal30
portal repository sits in a customer DB
D:\ORACLE\Midtier1012\portal\conf>ptlconfig -dad portal30
Portal Dependency Settings Tool
Processing Portal instance '/pls/portal30' (host:port:servicename)
Enter either the Portal schema or OID Admin password:
Problem processing Portal instance: ERROR: Exception resolving Portal version : null
Problem processing Portal instance: ERROR: Exception resolving Portal version : null
Problem processing Portal instance: ERROR: Exception resolving Portal version : null
Processing complete
-- in the ptlconfig.log file i get the following:
ERROR: Getting the Portal version raised exception.JDBC connect string used to access Portal is jdbc:oracle:oci:@ ( tnsanmes entry )
with kind regards,
SyedYes, we were able to resolve it.
Try first identifying if you are facing the same problem or not. So login into your portal schema on sqlplus, and see if you get any rows for the following:
select * from wwc_version$;
If you do not see any rows, then it means that the portal user is not granted Select on wwc_version$. if that is the case, then grant it. and then try to run ptlconfig again.
hope that helps.
AMN -
Upgrade from IDS 4235 to IPS 5.0 license
Dear sirs. I have several 4235 sensors and SMARTnet 8x5xNBD contracts on each of them.
Have I upgrade their software to IPS v5.0 within this contracts or I should get licenses for the IPS?Some one is feeding you a line of crap.
The main announcement for Cisco IDS version 5.0 has this 'fine print' at the bottom of the page:
"*Cisco IPS Sensor Software Version 5.0 is supported on the Cisco IDS 4215, IDS 4235, IPS 4240, IPS 4255, and IPS 4250-XL appliances and on the IDSM-2. It is supported in the promiscuous-based IDS mode only, for the IDS 4210 and the Cisco IDS Network Module (NM-CIDS).
Inline IPS services require more than one monitoring interface on Cisco IPS 4200 Series sensors."
This is posted at the following URL:
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_bulletin0900aecd801e65b9.html
Also, Cisco has stated the same thing in the 'Read Me' file that accompanies the software update:
"You can apply the IPS-K9-maj-5.0-1-S149.rpm.pkg major update to the following IDS & IPS version 4.1 sensors:
- IPS-42xx Cisco Intrusion Prevention System (IPS) sensors
- IDS-42xx Cisco Intrusion Detection System (IDS) sensors (except for the IDS-4220 and the IDS-4230 series)
- WS-SVC-IDSM2 series Intrusion Detection System Module (IDSM2)
- NM-CIDS IDS Network Module for Cisco 26xx, 3660, and 37xx Router Families
It is not compatible with the IDS-4220 and IDS-4230 series IDS sensors, the NRS-xx series IDS sensors, or the WS-X6381-IDS series Intrusion Detection System Module (IDSM)."
I hope this helps,
Alex Arndt -
Hi,
In previous version of JHS (prior to 10.1.2) there was a good example on how to display custom user errors after wrong input.
How can these errors be shown in 10.1.2?
Regards,
MarcelMarcel,
Yes, you need to create a ListResourceBundle class that "wraps" access to the property file. Here is an example:
package model.exception;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.ListResourceBundle;
import java.util.Locale;
import java.util.Properties;
import java.util.PropertyResourceBundle;
import java.util.ResourceBundle;
import java.util.Enumeration;
* Wrapper class around ApplicationResources property file
* so we can use this property file to read messages from. This wrapper class is
* needed because a JboException expects a ListResourceBundle class, and cannot
* handle a property file.
public class CmsMessagesWrapper extends ListResourceBundle
public static final String BUNDLE_NAME = "view.ApplicationResources";
private static HashMap sLocaleContents = new HashMap();
protected Object[][] getContents()
if (sLocaleContents.containsKey(getLocale()))
return (Object[][])sLocaleContents.get(getLocale());
ResourceBundle propFile = ResourceBundle.getBundle(BUNDLE_NAME,getLocale());
String[][] temp = new String[2000][2];
Enumeration keys = propFile.getKeys();
int counter = 0;
while (keys.hasMoreElements())
String key = (String)keys.nextElement();
temp[counter] = new String[] {key,propFile.getString(key)};
counter++;
Object[][] contents = new String[counter][2];
System.arraycopy(temp,0,contents,0,counter);
sLocaleContents.put(getLocale(), contents);
return contents;
Then for each additional language, you need to create an addtional wrapper class, for example:
package model.exception;
import java.util.Locale;
public class CmsMessagesWrapper_fr extends CmsMessagesWrapper
public CmsMessagesWrapper_fr()
public Locale getLocale()
return super.getLocale();
Steven Davelaar,
JHeadstart Team. -
I have 12 IDSM2 and 4 IDS 4235 managed through VMS, I configured automatic download of signature updates but I notice that S189 was missed.
Is it possible to apply the last Service Pack 4.1.5 from VMS? If yes do I simply have to download the file in the correct directory and apply it as a normal signature update or what method shall I use? I need to manage the update process centrally because my IDS systems are all remote.
Thanks for your help,
ChiaraI tried. There is no way to do it. VMS returns a bad file type and effectively the service pack is .rpm.pkg while files managed during updates by VMS are .zip containing .rpm.pkg and other files.
I manually did the update on every IDS by ftp and command line and where the update succeeded I had to re-import the sensor on VMS, otherwise the version was not aligned.
Is this the power of a central management platform? -
Where is Bios_A04.exe for IDS-4235?
Hello All,
I just bought an old IDS-4235 and I need to upgrade its bios to a04. According to Cisco documentation, the BIOS_A04.exe should be in the recovery/upgrade CD. I have a CCO account, I downloaded various versions of upgrade/recovery images to look for this file but could not locate it? And by the way, how do I open files with pkg extension in Windows? Appreciate any help!Since emailing executables is problematic, I'll attempt to post them here.
- Bob -
IDS 4235 showing 98% memory usage, is it normal?
IDS 4235 with 4.1.5.S191 showing
Using 908922880 out of 921522176 bytes of available memory (98% usage)
Is it normal ?There is a 4.x known bug where the memory usage is incorrect.
The actual memory usage number can be determined from the service account by entering the following command:
bash-2.05a$ free
total used free shared buffers cached
Mem: 1934076 1424896 509180 0 18284 1214536
-/+ buffers/cache: 192076 1742000
Swap: 522072 0 522072
The "Mem:" row, "used" column is the amount of memory (in kilobytes) that
the "show version" command reports. However, this total includes the
"cached" amount.
So in the above example, the actual memory used is ( 1424896 - 1214536 ), or
210360 KB. This is ( 210360 / 1934076 * 100 ), or 10.9% of total memory. -
Ids 4235 with single sensing interface
hi guys,
I have an IDS 4235 which i upgraded to 6.0(5)E3 version.
it has only one sension interface,now how can i keep it in inline mode??
any ideas please help.With a single interface you'll need to trunk two vlans to your sensor, an "inside" and and "outside" vlan (just like a firewall) and configure your sensor for in-line vlan paris
http://www.cisco.com/en/US/docs/security/ips/6.0/configuration/guide/idm/dmInter.html#wp1029962 -
When trying to update my version of iTunes on my PC with Windows 7, I receive the error message "The older version of iTunes cannot be romoved". How do I correct this problem without losing all the music that I have in iTunes on my PC?
(1) Download the Windows Installer CleanUp utility installer file (msicuu2.exe) from the following Major Geeks page (use one of the links under the thingy on the Major Geeks page):
http://majorgeeks.com/download.php?det=4459
(2) Doubleclick the msicuu2.exe file and follow the prompts to install the Windows Installer CleanUp utility. (If you're on a Windows Vista or Windows 7 system and you get a Code 800A0046 error message when doubleclicking the msicuu2.exe file, try instead right-clicking on the msicuu2.exe file and selecting "Run as administrator".)
(3) In your Start menu click All Programs and then click Windows Install Clean Up. The Windows Installer CleanUp utility window appears, listing software that is currently installed on your computer.
(4) In the list of programs that appears in CleanUp, select any iTunes entries and click "Remove", as per the following screenshot:
(5) Quit out of CleanUp, restart the PC and try another iTunes install. Does it go through properly this time?
Maybe you are looking for
-
DVD drive won't read disks at boot
I have a Paviliton DV6-2113sa running Win7 HP 64bit. I removed Acronis True Image and when I rebooted I got a BSOD at the point when the coloured balls should merge into one. I thought OK, put the system repair disk into the DVD drive and boot up,
-
Error while deploying WAR file in TOMCAT
hi. I have put my SEA.WAR (test WAR file) into /webapps of TOMCAT. I checked the server.xml and put: <Context path="/SEA" docBase="SEA" debug="0"/> I restarted TOMCAT and tried to execute the file: http://localhost:8080/SEA/index.jsp But I
-
Error 48: File or folder not found when using photomerge panorama - imac photoshop elements 10
Any help is appreciated. Followed the photomerge panorama instructions and got error 48: file or folder not found.....line 16 ... using photoshop elements 10 on imac with OSX 10.8.2 Thx
-
CS3 and PowerPC Mac - can't get Photoshop CS3 to install
I'm using a PowerPC based Mac - OSX v 10.4.11. I tried to install the CS3 suite - some apps installed fine, some did not. Photoshop CS3 did not install. Now when I try to use PS CS2 quite a few features are missing, particularly in the filters menu.
-
I'm using Appleworks 6 to figure taxes. Have inputted the info on my DB, and now I'm trying to convert it to a SS, as I've always done. My tax DB has 47 fields and 1014 records. When I try to paste the figures into a SS, it truncates the data and doe