Sensor Management
Hello,
In Sensor Management TAB there is an option of Update sensor,from this option can we upgrade the sensor image as well as sensor signatures.I have downloaded the image and signatures updates from cisco ,, can i browse and specify the local path one at a time for image and signature to update the sensor.
I have IPS 4240 i have created interface pairing between 1 and 3 ,, 2 and 4, these 2 pair can be assigned to vs0,ad0,rules0,
Thanks
Yes, you are absolutely correct. You can update the sensor both the signature as well as the software upgrade from the sensor update tab.
Further to that, you can also configure auto update to automatically update the signature pack directly from cisco.com. This signature pack is released every few days, therefore, it is best or most convenient to configure auto update, so the signature gets automatically updated to the latest signature pack.
Similar Messages
-
I am trying to proactively setup sensor monitoring so that I get an alert if the sensor changes state. I am running the latest version of IPS code (7.1.6) and I have setup SNMP traps. I have found the information below about sending sensor health information via SNMP traps, but I was wondering if anyone else has setup any customer SNMP MIB pollers or anything else you might use to monitor this?
Thanks,
Send traps when health metrics change—If checked, sends SNMP traps containing information about the overall health of the sensor (supported in IPS 7.1(3)E4 and later).
Note To receive sensor health information through SNMP traps, you must have the sensor health metrics enabled. Choose Configuration > Sensor Management > Sensor Health to enable sensor health metrics.The device and system is up for months now, but still only the last 1 hour is charted.
Is there a setting that enables charting of monitoring data longer than 1 hour in CSM?
Thanks for the help.... -
Sony a6000. EVF proximity sensor is too sensitive.
I experience problems with the sensitivity of the EVF eyecup proximity sensor on the Sony ILCE-6000. Mostly when trying to compose a shot using the LCD monitor. The camera strap or fingers often get near the proximity sensor which turns off the LCD mid use. Also I wear glasses. When the frame the glasses gets near the proximity sensor, it starts switching between the display and the EVF like crazy. This is very distracting and annoying. I request of Sony to add an option to disable the proximity sensor in a firmware upgrade. If other a6000 users experience the need to disable the proximity sensor, I invite them to write here and/or to Sony directly. Sony will not change anything while the people asking for it are few in numbers. Only wishing and hoping isn't enough.
Yes BakoKen, an EVF/LCD custom key toggle option is a necessity for the A6000. I also touched on this issue in an earlier post. But I rarely use the LCD for shooting, and when I do, the proximity sensor manages to mess up the experience. I prefer the Viewfinder for shooting. It's why I gave the A6000 a try. But even when using the EVF only, the proximity sensor shows it's disservice. When we enable the Viewfinder only in the [FINDER/MONITOR] menu. We can see that the EVF continues to be dependent on the proximity sensor. As we distance from the camera the EVF turns off. When we put the eye to the eyecup once more, we see the EVF turn on, but with a bit of a delay (about a third of a second lag). All the lags add up and create a somewhat frustrating experience. Also as I wrote above, the proximity sensor of the A6000 isn't friendly towards glasses. I think the anti-UV coating of my glasses messes with the UV-beam of the proximity sensor assembly. Which in turn makes it react like crazy. This is why I want an option to disable the proximity sensor, making the EVF always on while the camera is powered on. At least when the Viewfinder is selected in the [FINDER/MONITOR] menu.
-
An application for multi-channel measurements
Does NI have a software solution for multi-channel measurements? I mean systems for measurements, tests and monitoring which contain numerous DAQ devices with thousands of sensors.
I suppose the software for such system should have the following features:
Instrument control
Sensor management (type, s/n, accuracy, calibration data, next calibration date, measurement limits, etc.)
Data acquisition
Storing data in databases
Data visualisation and analysis
Report generation
Tools for creating custom user interfaces / data visualisations for monitoring
As far as I know the DIAdem is great for data analysis, visualisation and report generation but it's not suitable for other tasks. With LabVIEW you can do anything but it's not an "out-of-the-box" solution.
Just to clarify what I'm talking about, here's an application that seems to fit the description. It's the HBM catman. Maybe someone worked with it? Do you know any analogues for it?Just to add to Hooovahh's comments.
NI has flat out stated that they do not want to make turn-key solutions. That would take away from them being able to make tools for people to create the solutions. That is why they have alliance partners. These partners take the tools made by NI and make really cool stuff. My latest project was a software package that helped a technician build a jet engine correctly so that the turbine blades do not come out and destroy the engine (just slightly important). I have also done some test systems for space craft avionics.
So if you are really serious about this, I highly recommend finding an Alliance Partner to help you out. If you want, give me a PM and I can work on getting you and a few people on my side to discuss your requirements and proceed from there.
There are only two ways to tell somebody thanks: Kudos and Marked Solutions
Unofficial Forum Rules and Guidelines -
Hi everybody!
I have ASA5520 version 8.2(1) with AIP-SSM-20 module
and I want to upgrade AIP-SSM-20 software from version 6.1(3)E3 to 7.0(2)E4
I go to the download site and see the following list:
Intrusion Prevention System (IPS) Recovery Software:
IPS-K9-r-1.1-a-7.0-2-E4.pkg
Release Date: 29/Mar/2010
IPS Recovery Image File
Intrusion Prevention System (IPS) Signature Updates:
IPS-sig-S481-req-E4.pkg
Release Date: 31/Mar/2010
E4 Signature Update S481
Intrusion Prevention System (IPS) System Software:
IPS-SSM_20-K9-sys-1.1-a-7.0-2-E4.img
Release Date: 29/Mar/2010
IPS-SSM_20 System Image File
Intrusion Prevention System (IPS) System Upgrades
IPS-K9-7.0-2-E4.pkg
Release Date: 29/Mar/2010
IPS 7.0 Major Upgrade File (All Supported Platforms Except AIM-IPS and NME-IPS)
IPS-engine-E4-req-7.0-2.pkg
Release Date: 29/Mar/2010
IPS E4 Engine Update
I am somewhat confused by the number of files and want to ask what the procedure/sequence I should follow to upgrade?This is the file that you would like to use to upgrade it:
Intrusion Prevention System (IPS) System Upgrades
IPS-K9-7.0-2-E4.pkg
To upgrade:
1) Upload the "IPS-K9-7.0-2-E4.pkg" file through IDM
2) IDM --> Configuration --> Sensor Management --> Update Sensor --> choose Update is located on this client --> choose the "IPS-K9-7.0-2-E4.pkg" file --> hit the "Update Sensor" button.
It will take a while (around 20 minutes) to upgrade the sensor, so don't panic if it doesn't come back up in "UP" status straight away.
Hope that helps. -
Hii,
I have 2 UCS with 1 PUB and 1 SUB and I want to put a second LAN connection to the physical server in order to have redundancy If the first LAN port is down. Any ideas about how to finis this setup or some information/how to about the config.
Pls see attachment
Thanks for supportCIMC is there for C-series UCS for iLO/remote console access and management:
Ref: http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/e/1-0/gs/guide/b_Getting_Started_Guide/b_Getting_Started_Guide_chapter_0101.html#topic_CD641EB5E8F4416A9C8AB250941F5338
CIMC Overview
The Cisco Integrated Management Controller (CIMC) is the management service for the E-Series Servers. CIMC runs within the server. You can use a web-based GUI or the SSH-based CLI to access, configure, administer, and monitor the server.
You can use CIMC to perform the following server management tasks:
Power on, power off, power cycle, reset and shut down the server
Configure the server boot order
Manage RAID levels
View server properties and sensors
Manage remote presence
Create and manage local user accounts, and enable remote user authentication through the Active Directory
Configure network-related settings, including NIC properties, IPv4, VLANs, and network security
Configure communication services, including HTTP, SSH, IPMI Over LAN, and SNMP
Manage certificates
Configure platform event filters
Update CIMC firmware
Update BIOS firmware
Install the host image from an internal repository
Monitor faults, alarms, and server status
Collect technical support data in the event of server failure -
Upgrade AIP SSM with Signature Engine 4 file
When I tried to upload Signature Engine 4 file (IPS-engine-E4-req-7.0-2.pkg), using FTP server both by CLI and IDM, to new AIP SSM sensor, I got the following error message:
Cannot upgrade software on the sensor - socket error:110.
When I tried to do the same by using these steps: IDM --> Configuration --> Sensor Management --> Update Sensor --> choose Update is located on this client --> choose the "IPS-K9-7.0-2-E4.pkg" file --> hit the "Update Sensor" button, I got the following error message
The current signature level is S480.The current signature level must be less than s480 for this package to install.
Here is the output for sh ver command
AIP_SSM# sh version
Application Partition:
Cisco Intrusion Prevention System, Version 7.0(2)E4
Host:
Realm Keys key1.0
Signature Definition:
Signature Update S480.0 2010-03-24
OS Version: 2.4.30-IDS-smp-bigphys
Platform: ASA-SSM-10
Serial Number: JAF1514BAHS
Licensed, expires: 07-Jun-2012 UTC
Sensor up-time is 21 days.
Using 695943168 out of 1032495104 bytes of available memory (67% usage)
system is using 17.4M out of 38.5M bytes of available disk space (45% usage)
application-data is using 45.4M out of 166.8M bytes of available disk space (29% usage)
boot is using 41.6M out of 68.6M bytes of available disk space (64% usage)
application-log is using 123.5M out of 513.0M bytes of available disk space (24% usage)
MainApp B-BEAU_2009_OCT_15_08_07_7_0_1_111 (Ipsbuild) 2009-10-15T08:09:06-0500 Running
AnalysisEngine BE-BEAU_E4_2010_MAR_25_02_09_7_0_2 (Ipsbuild) 2010-03-25T02:11:05-0500 Running
CollaborationApp B-BEAU_2009_OCT_15_08_07_7_0_1_111 (Ipsbuild) 2009-10-15T08:09:06-0500 Running
CLI B-BEAU_2009_OCT_15_08_07_7_0_1_111 (Ipsbuild) 2009-10-15T08:09:06-0500
Upgrade History:
IPS-K9-7.0-2-E4 02:00:07 UTC Thu Mar 25 2010
Recovery Partition Version 1.1 - 7.0(2)E4
Host Certificate Valid from: 30-May-2011 to 30-May-2013
Any idea what could be the problem?
Regards,Based on your show version, you already have E4, what is it that you are trying to do?
Mike -
Problems with license upgrade on AIP-SSM
Hi guys:
I have a problem with my AIP-SSM, recently I download the latest license and I need to install in my AIP but when I try to do this I receive this error:
"errSystemError-idsPackageMgr: digital signature of the update file was not valid, use CCO to replace corrupted file"
So I download the license again, because maybe was corrupted, but I receive the same error at the time I want to install it.
Does anybody knows what this error means?
RegardsIt sounds like you are attempting to install a .lic license-key file via the Update Sensor section (which is used for software upgrades/updates instead). If you are trying to install a .lic license-key file, you can do that from IDM or IME's Configuration > Sensor Management > Licensing section. Ensure the Update From: option is set to License File, then click the Browse Local… button and locate/select the .lic license-key file on your local client machine. Finally, click the Update License button to upload and install the license-key file onto the sensor.
If you try to install a .lic license-key file via the Update Sensor section, then you will encounter the error message you noted. -
IPSMC Unable to create "SigEvent action filters" with $
When creating a Signature Event Action Filter and use an "Event Variable" ($INTERNAL or $OUT) in the attacker address or victim address, the MC throws an error.
"Error - Attacker Start address is invalid"
Is this a known bug?
Thanks in advance
MI'm in the same setup of using IPS V5 on the sensors managed by CiscoWorks VMS with IPS MC 2.1. I can confirm same kind of troubles with the interaction between both softwares. Here is what I have experienced sofar :
- there is a difference in syntax for adding addresses into the default $in and $out variables. If I set more than one address range into those variables, I can generate the config, but can't deploy onto the sensor.Error = "The ip address range format is invalid at line: 1, at character: 381"
Even when I do the configuration via IDM, import the new config into IPS MC and without changing anything try to deploy the same config onto the sensor again, I get the same error.
- the is also some syntax problem on the naming of filters. By default filters are named filter[x], but again when deploying this config with that kind of names onto the sensor, IPS MC is generating errors:
"** ECD result for eventActionRules: Error validateError: / -- /_root_/filters/filter1-filter- - -0-D/ -- invalid name
/_root_/filters/filter10-filter- - -9-D/ -- invalid name
etc ...."
So I'm not surprised by the above problem description. -
IDSM 2 Upgrade from 6.2(2)E4 to version 7.x(x) E4
Hell Frz ..
I am planning to upgrade IDSM 2 from current version 6.2(2)E4 to latest version 7.x .
Could you please guide me how to upgrade it to latest version and also let me know what precausionary measurs I have to do before upgrade .
Thanks in advance .
Regards ..
Manik PalekarYou can either upgrade it via the GUI (IDM) or via command line (CLI).
Via GUI: Configuration -->Sensor Management --> Update Sensor:
http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_sensor_management.html#wp2219913
Via CLI:
http://www.cisco.com/en/US/docs/security/ips/7.0/installation/guide/hw_system_images.html#wp1088688
Hope that helps. -
Download signatures for ASA-SSM-10
I have a couple of ASA with some SSM-10 and SSM-20 modules. My CSM is currently not working on the auto update side and i'm a bit behind on the updates till I figure out what's the issue.. Can somebody tell me what link can I manually downoad the signatures the how to update it from either IDM or IME pertaining to a SSM-10/20 ?
My last update history shows.
Upgrade History:
* IPS-sig-S535-req-E4 04:55:41 UTC Sat Dec 11 2010
IPS-sig-S537-req-E4.pkg 04:55:33 UTC Wed Jan 05 2011
so these are the signature trains I'm after..
thanksThe download URL was posted in the above reply (and can also be found in the IDS/IPS - Quick Links document). As far as installing the update via IME: You can do that by navigating to IME's Configuration > Sensor Management > Update Sensor section. From there, check (select) the radio button next to Update is located on this client, then click the Browse Local... button to select the file, and finally click the Update Sensor button to transfer and install the update.
-
What does the interface configuration in AIP-SSM indicates ?
If this indicates that the traffics of this interface will be monitored, then what is the purpose of diverting traffic from asa though policy command.I would suggest an upgrade to the latest version which is 7.0.2(E3). You can upgrade directly to that version if you are currently already running at least 5.1.6(E3).
To upgrade:
1) Download the upgrade package:
http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=7.0%282%29E3&mdfid=280432811&sftType=Intrusion+Prevention+System+%28IPS%29+System+Upgrades&optPlat=&nodecount=2&edesignator=null&modelName=Cisco+ASA+Advanced+Inspection+and+Prevention+%28AIP%29+Security+Services+Module&treeMdfId=268438162&treeName=Security&modifmdfid=null&imname=&hybrid=Y&imst=N&lr=Y
2) Go to IDM: Configuration --> Sensor Management --> Update Sensor --> upload the upgrade package from your local computer and update it.
Hope it helps. -
Recommendations for IPS in Medium-Sized LAN?
I have two ASA-5520's in active/standby mode servicing a 500-node LAN w/ 1 outside interface, 1 inside interface, and 1 DMZ. How best to implement IPS, preferably using integrated modules, and without introducing a single point of failure? Also, what software would I need to install & manage IPS? Can it be managed thru ASDM or is something like Cisco Security Manager (CSM) necessary? TIA!
You don;t mention if you want to do in-line IPS or promiscious mode IDS.
We'll assume you want in-line IPS. You'll need an AIP-SSM module in each ASA5520 chassis. they will operate independantly (unlike the firewalls that maintain state between them), and you'll suffer a little when traffic fails over between active and standby ASAs. The size of the AIP-SSM modules will depend on how much traffic you're pushing thru your firewall interfaces that require inspection, including your DMZs. Don't believe the Cisco performance numbers. Since you only have two IPS sensors I wouldn't reccomend CSM. use the CLI, build in GUI or the free up-to-5-sensor management application. -
AIP-SSM-10 signature update failure
Hopefully someone will be able to help me, I am unable to get the IPS signature autoupdate working on our ASA 5510. We have a valid support contract, our username does not incude and special characters and I am able to download the signature files from the website using our CCO.
When trying to get them via Auto/cisco.com update though I get the following in the event logs every update attempt:
evError: eventId=1319467413849005289 vendor=Cisco severity=error
originator:
hostId: xxxx
appName: mainApp
appInstanceId: 354
time: Oct 26, 2011 11:40:01 UTC offset=60 timeZone=GMT00:00
errorMessage: AutoUpdate exception: HTTP connection failed [1,111] name=errSystemError
I have included a "show conf" and a "show stat host" below.
<snip>
xxxxxx# show conf
! Current configuration last modified Wed Oct 26 10:48:07 2011
! Version 7.0(6)
! Host:
! Realm Keys key1.0
! Signature Definition:
! Signature Update S604.0 2011-10-20
service interface
exit
service authentication
exit
service event-action-rules rules0
exit
service host
network-settings
host-ip 10.x.x.x/24,10.x.x.x
host-name xxxxxx
telnet-option disabled
access-list 10.x.x.x/32
access-list 10.x.x.x/16
access-list 10.x.x.x/32
dns-primary-server enabled
address 10.x.x.x
exit
dns-secondary-server disabled
dns-tertiary-server disabled
exit
time-zone-settings
offset 0
standard-time-zone-name GMT00:00
exit
ntp-option enabled-ntp-unauthenticated
ntp-server 10.x.x.x
exit
summertime-option recurring
summertime-zone-name GMT00:00
start-summertime
week-of-month last
exit
end-summertime
month october
week-of-month last
exit
end-summertime
month october
week-of-month last
exit
exit
auto-upgrade
cisco-server enabled
schedule-option periodic-schedule
start-time 00:40:00
interval 1
exit
user-name xxxxxxxxxxxxxxx
cisco-url https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl
exit
exit
exit
service logger
exit
service network-access
exit
service notification
exit
service signature-definition sig0
exit
service ssh-known-hosts
exit
service trusted-certificates
exit
service web-server
exit
service anomaly-detection ad0
exit
service external-product-interface
exit
service health-monitor
exit
service global-correlation
exit
service aaa
exit
service analysis-engine
virtual-sensor vs0
physical-interface GigabitEthernet0/1
exit
exit
<snip>
xxxxxx# show stat host
General Statistics
Last Change To Host Config (UTC) = 27-Oct-2011 08:27:10
Command Control Port Device = GigabitEthernet0/0
Network Statistics
= ge0_0 Link encap:Ethernet HWaddr 00:12:D9:48:F7:44
= inet addr:10.x.x.x Bcast:10.x.x.x.x Mask:255.255.255.0
= UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
= RX packets:470106 errors:0 dropped:0 overruns:0 frame:0
= TX packets:139322 errors:0 dropped:0 overruns:0 carrier:0
= collisions:0 txqueuelen:1000
= RX bytes:40821181 (38.9 MiB) TX bytes:102615325 (97.8 MiB)
= Base address:0xbc00 Memory:f8200000-f8220000
NTP Statistics
= remote refid st t when poll reach delay offset jitter
= *time.xxxx.x 195.x.x.x 3 u 142 1024 377 1.825 -0.626 0.305
= LOCAL(0) LOCAL(0) 15 l 59 64 377 0.000 0.000 0.001
= ind assID status conf reach auth condition last_event cnt
= 1 43092 b644 yes yes none sys.peer reachable 4
= 2 43093 9044 yes yes none reject reachable 4
status = Synchronized
Memory Usage
usedBytes = 664383488
freeBytes = 368111616
totalBytes = 1032495104
Summertime Statistics
start = 03:00:00 GMT00:00 Sun Mar 27 2011
end = 01:00:00 GMT00:00 Sun Oct 30 2011
CPU Statistics
Usage over last 5 seconds = 51
Usage over last minute = 44
Usage over last 5 minutes = 50
Memory Statistics
Memory usage (bytes) = 664383488
Memory free (bytes) = 368111616
Auto Update Statistics
lastDirectoryReadAttempt = 08:40:00 GMT00:00 Thu Oct 27 2011
= Read directory: https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl
= Error: AutoUpdate exception: HTTP connection failed [1,111]
lastDownloadAttempt = N/A
lastInstallAttempt = N/A
nextAttempt = 09:28:00 GMT00:00 Thu Oct 27 2011
Auxilliary Processors Installed
<snip>
Many thanks.Hi Bob,
Thanks for the reply - it got me thinking about how it was actually getting the update.
I needed to modify an ACL and add a PAT for the sensor management IP as I've tied down the hosts that can get out.
It's now showing that it is attempting to reach the URL - currently there aren't any updates waiting though....
Many thanks. -
Oracle BPEL Process Manager 10.1.3.x sensors and Oracle BAM Server 11g TP4
In Oracle Fusion Middleware Developers Guide for Oracle SOA Suite in section 42.5 there is the next:
"You can also use Oracle BPEL Process Manager 10.1.3.1 sensor actions to publish sensor data as data objects on Oracle BAM Server 11g"
Is it really possible?Hi, Please post this in BPEL forum, not here.
Regards,
Priyanka GES
Maybe you are looking for
-
my ipad back light is off and backing up itunes is asking to put my password on my ipad in or else it can back it up i cant see on ipad so how can backup without opening my ipad with password?
-
Migrating from Centura/Gupta to Oracle forms
Hi I work at an organistion that is the result of a merger, we have two main bespoke systems, one in Oracle Forms which has recently been upgraded to the web based version (6.5) and a second written in Gupta / Centura SQL Windows client server. Both
-
Set up FileMaker DSN is Cold Fusion administrator
I am trying to set up a dsn to filemaker pro 11 database in the cf administrator. I am at the Datasources > Other screen and there are questions there that I know I dont have answered correctly. Here is the error message I get. "No suitable driver av
-
Bought the new mac 10.9.4 which doesn't has a dvd-drive. I already transfered the software successfully from my old mac and saved it, but it doesn't work. I get the following message: "Installer failed to initialize. Download Adobe Support Advisor to
-
In Jdeveloper 3.2.3, I can still use Ctrl+KB, Ctrl+KC, Ctrl+KI, Ctrl+KU, or Ctrl+Y,.. to define a block of text, indent a block, or erase a line. These functions seems gone in JDeveloper 9i. I understand these functions are coming from Borland. Is JD