"show statistics analysis-engine" output

Similar Messages

• CCADStatus.jsp not showing up (Analysis Engine Daemon Manager)

  We are in GRC5.3 SPS19 and I have configured our system as per the note 999785.  I am able to see the http://<server>:<port>/sap/CCBgStatus.jsp, I am seeing that the job is being run, but when I try "http://<server>:<port>/sap/CCADStatus.jsp" while I am not getting other than the heading "Analysis Engine Daemon Manager"
  Heap is already at 2048M as per the note 999785. Can somebody advise what needs tobe checked.

  Hi,
  try note 1176262 - Analysis Daemon Page is Blank/ BG Jobs stay in ready status.
  /Vit

• Analysis Engine is Not Running

  Hi Guys!
  I´m looking for your help about an issue with an Cisco IPS (B-BEAU) that is showing the Analysis Engine=NotRunning
  These are the SO and Version of my IPS:
  Version: 7.0(6)E4
  OS Version: 2.4.30-IDS-smp-bigphys
  If I execute the show events command I get the following lines:
  ct-sensorApp.650 not responding
  evStatus: eventId=1326914865100530240 vendor=Cisco
    originator:
      hostId: XXXXXXXX
      appName: modprobe
      appInstanceId:
    time: 2013/07/13 02:11:05 2013/07/12 20:11:05 CST
    syslogMessage:
      description: Note: /etc/modules.conf is more recent than /lib/modules/2.4.30-IDS-smp-bigphys/modules.dep
  The following lines show the result for the show status command:
  XXXXXX# show health
  Overall Health Status                                   Red
  Health Status for Failed Applications                   Red
  Health Status for Signature Updates                     Not Enabled
  Health Status for License Key Expiration                Red
  Health Status for Running in Bypass Mode                Red
  Health Status for Interfaces Being Down                 Red
  Health Status for the Inspection Load                   Green
  Health Status for the Time Since Last Event Retrieval   Not Enabled
  Health Status for the Number of Missed Packets          Green
  Health Status for the Memory Usage                      Not Enabled
  Health Status for Global Correlation                    Not Enabled
  Health Status for Network Participation                 Not Enabled
  Security Status for Virtual Sensor vs0   Green
  Security Status for Virtual Sensor vs1   Green
  Do you have any idea what's wrong here?
  I'll appreciate any help about it,
  Thanks folks!!!

  Hi Manuel,
  Pre-7.0.8 versions have issues with the latest signature updates, so most likely you will face this issue after every signature upgrade. So I suggest you to upgrade at least to 7.0.8 or 7.1.7.
  HTH
  Luis Silva
  "If you need PDI (Planning, Design, Implement) assistance feel free to reach"
  http://www.cisco.com/web/partners/tools/pdihd.html

• Analysis engine fails frequently.

  hi, Recently i deployed ips4240 inline -with software versions -
  IPS-K9-sp-5.0-6
  IPS-sig-S242-minreq-5.0-6.pkg
  I found that the Analysis engine keeps failing (please refer the screen msg below).
  I am using one pair of interface for in-line configuration and I have modified quite a few signature response to drop the packets.
  egsensor# SH STATISTICS ANALysis-engine
  Error: getAnalysisEngineStatistics : ct-sensorApp.338 not responding, please che
  ck system processes - The connect to the specified Io::ClientPipe failed.

  Try restarting the analysis engine...
  1. Log into service account
  2. su to root
  3. Type /etc/init.d/cids restart
  4. su to cisco
  5. Type sho stat analysis-engine
  6. Send me the printout

• Analysis Enginer showing not running

  Analysis Engine is not running and giving Error:
  Error: getAnalysisEngineStatistics : ct-sensorApp.598 not responding, please check system processes - The connect to the specified Io::ClientPipe failed

  I fixed this issue once using the following procedure:
  https://supportforums.cisco.com/docs/DOC-3589
  If the above procedure or reload does not fix the issue as suggested on the following link:
  https://supportforums.cisco.com/docs/DOC-5121/diff;jsessionid=82FA4EB3696EC0C97B6394F996EEAA5E.node0?secondVersionNumber=2
  You have to contact TAC, as mentioned below:
  http://www.cisco.com/en/US/docs/security/ips/6.0/installation/guide/hwTS.html#wp1122031
  Regards
  Farrukh
  Message was edited by: Farrukh Haroon

• 4215 IPS 5.x analysis engine woes

  I've got about 20 4215's that i'm upgrading from 4.1 to 5.x
  Like everyone else I've had nothing but problems with the 5.1x (analysis engine just stops running)
  I've tried upgrading using a brand new image, using both the 5.0(1) and 5.0(2) images. However, with both of those I get the following errors:
  Modify virtual sensor "vs0" configuration?[no]: yes
  Warning: The AnalysisEngine is initializing, virtual-sensor "vs0" can not be configured.
  and..
  sensor# conf t
  sensor(config)# serv analysis-engine
  sensor(config-ana)# virtual-sensor vs0
  sensor(config-ana-vir)# physical-interface fast
  fastEthernet0/0 fastEthernet1/0 fastEthernet1/2
  fastEthernet0/1 fastEthernet1/1 fastEthernet1/3
  sensor(config-ana-vir)# physical-interface fastEthernet1/3
  sensor(config-ana-vir)# ex
  sensor(config-ana)# ex
  Apply Changes:?[yes]:
  Error: editConfigDeltaAnalysisEngine : Analysis Engine is busy
  What's the deal with this? It sometimes takes several resets just to work. Sometimes I have to wait 10 minutes. Sometimes it just doesn't work at all. I can't even upgrade to 5.0(6) or anything because, you guessed it, my analysis engine is busy.
  Does it normally take that long for it to allow me to make changes? Anybody have any ideas?

  After a re-image there will always be a period of time when the Analysis Engine is busy.
  The Analysis Engine can take up to about 30 minutes on a low end sensor like the IDS-4215 to completely initialize itself.
  It takes all of the regular expression signatures and will compile the regular expressions together into what you can consider one giant regular expression. It was what we call a regular expression cache file.
  The creation of the regular expression cache file was speeded up as part of a bug fix in the 5.0(6) Service Pack.
  So what to do:
  After you do a re-image of the sensor just let it sit for 20 to 30 minutes. Then execute "iplog-status". If it tells you analaysisEngine is busy then keep waiting. It is tells you No Ip Logs are available then it is ready to go. (Any other command that queries the AnalysisEngine would work as well) This way you can also check the Analysis Engine status before going through and typing up all of the config changes.
  Resetting the sensor while the Analsysis Engine is busy just prolongs the initialization, the Analysis Engine will have to redo some of the intialization.
  My recommendation for versions right now is to load 5.0(1) or 5.0(2) base image. Wait for 20 to 30 minutes till Analysis Engine is responding, then load the 5.0(6) Service Pack. When you load the 5.0(6) Service Pack there will once again be a big jump in signatures so there will be another initialization period.
  Once that initialization is done, then load the latest Signature Update.
  As for version 5.1(1) there are some known issues that cause Analysis Engine to stop Running. Don't confuse these bugs with the standard initialization time for Analysis Engine. Analysis Engine veing busy is normal and expected after a re-image or upgrade, an Analysis Engine "Not Running" is a bug.
  If you are seeing "Not Running" for Analysis Engine when executing "show version" then please contact the TAC. There is a engineering patch for some of these issues, but it does requiring running special engineering builds that are in the process of going through testing.
  Cisco is working on these issues and will be releasing an official update as soon as the fixes have been fully tested at Cisco.
  Until those 5.1(1) issues are addressed, your options would be to contact the TAC and possibly obtain the special engineering build, or downgrade to the 5.0(6) version as mentioned above.

• Failed to retrieve Analysis Engine Service How to fix

   my Shorepoint is 2013  And i now is search is have proplem
  On event logs show Failed to retrieve Analysis Engine Service
  how to fix it please help me  T_T
  Best Regrads
  chatchai-netd

  Hi,
  Per my knowledge, SharePoint 2013 Search services should not be required to the SQL analysis service, however, you can try to install it in SQL Server 2012 with SP1.
  For this issue, you can try to just Ctrl+F5 and reset the index, also check if there is any URL not exist in the Start Addresses of the Local SharePoint Sites.
  http://techchucker.wordpress.com/2013/04/12/sharepoint-2013-search-stopped-working/
  http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/MS-SharePoint/Q_28095194.html
  And, you can recreate a new search service application in the Central Administration.
  If it not works, you can use the PowerShell to recreate the search service application as below.
  http://jsuhail.blogspot.com/2014/01/search-has-encountered-problem-that.html
  http://microsoft-techies.blogspot.com/2014/03/search-has-encountered-problem-that.html
  What’s more, to quickly and accurately find the issue, you can check the event log and ULS log to see if anything unexpected occurred.
  For SharePoint 2013, by default, ULS log is at C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS.
  For more information, you can refer to:
  http://sp-vinod.blogspot.com/2014/02/getting-results-failed.html
  https://social.technet.microsoft.com/Forums/exchange/en-US/3f1e94ce-aa3e-4a0a-ab14-8d1e3bee5e78/sharepoint-2013-search-has-encountered-a-problem?forum=sharepointdevelopment
  https://social.technet.microsoft.com/Forums/exchange/en-US/73019f94-54f5-4308-9cf8-a7025ecd3228/search-has-encountered-a-problem-that-prevents-results-from-being-returned-if-the-issue-persists?forum=sharepointsearch
  https://social.technet.microsoft.com/Forums/exchange/en-US/88fc7028-290f-4a09-9e47-ec7b0bf2c980/search-has-encountered-a-problem-that-prevents-results-from-being-returned?forum=sharepointsearch
  Thanks,
  Yumi Fu
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected].

• ASA-SSC-AIP-5 Analysis Engine Not Responding

  Every couple of days I have been noticing that the IPS is in bypass mode and the Analysis Engine Status is often shown as not responding or is still loading something, and naturally, the CPU is pegged at 100%... so I have been reloading the IPS when this happens.
  2 Questions:
  Any general pointers of what often causes this, or things that I should look for when this is happening?  I know I did not give enough details for specific answers, but I am just looking for general ideas to start with.
  More importantly, what syslog messages might show up in the logs when the IPS goes into Bypass mode?  I'd like to setup a notification for these syslog messages so that I can troubleshoot immediately and determine the cause.
  IPS Version 6.2(2)E4
  Signature Version 559.0
  Cisco Adaptive Security Appliance Software Version 8.3(2)13
  Thanks.

  I would suggest that you upgrade the AIP-5 software to the latest version: 6.2.3(E4).
  Here is the release notes where a number of memory related bugs have been resolved:
  http://www.cisco.com/web/software/282549758/38029/IPS-6_2-3-E4_readme.txt
  You might also want to check if the AIP-5 module is overloaded with traffic, which can cause that issue.

• Restarting Analysis Engine on IDSM-2

  Hi All,
  I have an IDSM-2 module and I have noticed that the analysis engine stops very frequently (I do a show version and I see the analisys engine not running). Is there a way to restart it without reseting the module?
  I also see the following message:
  Note: /etc/modules.conf is more recent than /lib/modules/2.4.30-IDS-smp-bigphys/modules.dep
  does anybody know what does it mean?
  Regards

  Hi Vicente,
  The work around was to disable auto-update, sigs 3333 and 5597 (SMB MSRPC Messenger Overflow). I have no idea why this was the work around but it seems to have worked. They are also supposed to have a minor version upgrade on Monday that fixes this issue I just found out.
  Cheers

• Missing App server in GRC Analysis Engine Daemon Manager

  Hi,
  We have two app servers for our GRC AC 5.3.The Analysis Engine Daemon Manager(http://<host>:5<nn>00/sap/CCADStatus.jsp) lists only one of the app servers .If I try the URL for the Daemon manager using the URL with app1 or app2 it lists only the background job workers and web services workers for the app1 only and not the app2.I checked the entry for table VIRSA_CC_CONFIG which has entry for the first app server ('107', 0,http://app1:5<nn>00/webdynpro/dispatcher/virsa/ccappcomp/BgJobStart', 'BgJobStart URL').Do I need to add the other URL for the other app server also.If yes how.If any one has faced this issue please help me.Your help is greatly appreciated.
  Thanks,
  Max

  Since the Instance number (i.e. <nn> ) is a mandatory part of the URL so the URL for two app. server should be different. But first of all what is the necessity for keeping two different Instances (Java) for GRC AC? One is enough with proper hardware and system parameter sizing - right?
  Also, the Batch Jobs are not App server specific stuff.. so it is not correct to say that there are Jobs from only one App server and not from the other.
  regards,
  Dipanjan
  Edited by: Dipanjan Sanpui on Sep 27, 2010 2:51 PM

• Printer shows paper jamming in output bin but no paper visible in 2605dn

  printer shows paper jam in output bin---have reset and cleared everything---still shows same.  What now?

  In case you missed something, see this:
  http://h20564.www2.hp.com/hpsc/doc/public/display?​docId=emr_na-c00783950
  Try a NVRAM reset: (but make sure u save your n/w config 1st)
  1. power off the printer
  2. holding down the select and cancel buttons and powering on
  3. release buttons when display reads "permanent storage init"
  Please mark my post as SOLVED if it has resolved your problem. It helps others with similar situations.

• Analysis Engine Not running for IPS in AIPSSM Module

  Hi all,
    The Analysis Engine is not running for IPS module in AIPSSM Module. Please let me know how can i resolve this issue and get the analysis engine of IPS to running status.
  Regards
  Kiran

  Hi Kiran,
  Ideally, what you can do is to remove the configuration on the ASA that sends traffic to IPS.
  The crash in sensorapp or analysis engine might be traffic, configuration related.
  We can try to reboot the IPS with no load on it by stopping sending traffic to it.
  You can remove the IPS policy from the ASA configuration.
  http://tools.cisco.com/squish/2f7A3
  What this will do is stop ASA from sending any traffic to IPS.
  Now do the hw-module module 1 reset command.
  See if the IPS module comes back up.
  If that also fails, then you can re-image the module.
  This will however erase the configuration on the module.
  The re-image procedure for SSM module:
  http://tools.cisco.com/squish/ee66a
  Hope this helps.
  Sid

• Java code statistics analysis

  Hi,
  I see some product that use "java code statistics analysis" in order to my JR programmer made program as SR programmer or as AP.
  I think that is better for my apps this tools.
  I think that this tool could make "robots" and could make that SR programmer to cash more money.
  I like see a Open Source tools.
  Please, what is your opinion ?

  (About "bad English": statistically English is decreasing.)
  Improving code quality is a good idea.
  Javadoc usage is a pre. Say what is intended, what the requirements are,
  what is problematic.
  Software metrics give information on the entire architecture. They are useful,
  as they provide insight in the architecture.
  The problem is the interpretation and treatment afterwards.
  So is connectivity in all its forms not something to be easily resolved, but important.
  And individual source evaluation can give an "error probability" which you can doctor from red to green again - without quality improvement. Indeed productivity may often reduce "quality" a bit.
  JR programmers can be usefull. The best to my experience is putting one or two JRs with a SR. This is called peer-to-peer management, and insures that code is checked afterwards.
  Code-reviews are the same thing.
  Designing software before coding, maybe though with prototypes, would be ideal, as one can talk about the code. The two dangers there are:
  - fright to perform in public;
  - discussing without sound basis: too abstract, and too long on side issues,
  not recognizying the crucial points.
  Try to minimalise the number of classes.
  Design separation, independent classes in independent package hierarchies. Avoid inheritance.
  UML is another way to talk about code.
  It is nice to have, but should not be given more weight than it has.
  Design patterns are a SR thing, but things like singletons, dependency injection, etcetera should be communicated as concepts, so another
  programmer can benefit from reading.
  I do not know how it is in your country; in Germany where I live, I have
  found, that especially the inexperienced have an almost arrogant attitude,
  the experienced are professionally friendly.
  Good communication and both freedom for creativity and reviewing/redesigning are a must.
  P.S.
  The commercial MyEclipse has some of the things you want.
  Open source solutions should also exist.

• Analysis Engine

  The sensor IDS 4250XL 5.1 reports that the daemon AnalysisEngine has a status of not Runnnig. What does it mean? What i have to do? It is probably this is the source of the problem i have with the deployment of this sensor from the IPS Manager??
  Thank you

  If the Analysis Engine is not running, the sensor will not analyze traffic and will therefore be useless (won't generate alerts..). To restart the analysis engine, make a service account then log into the service account and run the command below (you must su to root first).
  /etc/init.d/cids restart
  Hope this helps.

• Interpreting show tfo connection summary output

  In the output from the 'show tfo connection summary output' command there are 3 sections :
  - Optimized Connection List
  - Auto-Discovery Connection List
  - Pass-Through Connections
  The 'Pass-Through Connections' section is fairly self-evident, but what is the difference between entries in the 'Auto-Discovery Connection List' and the 'Optimized Connection List' sections ?
  Also, I have some output that I am having difficulty interpreting :
  Auto-Discovery Connection List
  E: Established, S: Syn, A: Ack, F: Fin, R: Reset
  s: sent, r: received, O: Options, P: Passthrough
  Local-IP:Port Remote-IP:Port Conn-Type Orig-St Term-St
  10.250.216.5:4050 10.250.195.3:27903 Int. Server SAsO UNU
  10.250.195.7:443 10.250.216.5:27655 Ext. Server SAsO SAr
  What are do the 'Int. Server' and 'Ext. Server' types mean under the column 'Conn-Type' ?
  What are 'Orig-st' and 'Term-st'abbreviations for ? Original state/terminated state ??
  Finally, what does the UNU under the Term-st column mean ?
  Apologies for the many questions, but I can't find any answers in the Cisco config or command ref guides...
  Thanks
  Nigel.
  Thanks
  Nigel.

  Nigel,
  The optimized connection list shows connections that are established and being optimized. The auto-discovery connection list shows connections that are still in the auto-discovery phase (i.e. the 3-way setup handshake has not completed).
  The designation 'Int. Server' or 'Ext. Server' indicates whether the connection is sourced/destined from/to an internal process (such as WAFS, telnet, etc.) or an external host.
  'Orig-st' and 'Term-st' are as you described them.
  UNU = unknown.
  Zach