Upgrading IDSM2 4.1 to 5.01

Similar Messages

• Upgrade IDSM2 from 4.1(5)S225 to 5,1 using application partition

  can i upgrade an IDSM2 (WS-SVC-IDSM2-BUN)in a 6513 from 4.1(5)S225 to 5.1 by copying the 5.1 application partition to the sensor
  [from the cisco userguide]
  Chapter 10 Configuring the Sensor Using the CLI
  Reimaging Appliances and Modules
  Reimaging the IDSM-2
  This section contains the following topics:
  • Catalyst Software, page 10-124
  • Cisco IOS Software, page 10-126
  Catalyst Software
  To reimage the application partition, follow these steps:
  Step 1 Obtain the application partition file from Software Center on Cisco.com and copy
  it to an FTP server.
  Step 2 Log in to the switch CLI.
  Step 3 Boot the IDSM-2 to the maintenance partition:
  cat6k> (enable) reset module_number cf:1
  Step 4 Log in to the maintenance partition CLI:
  login: guest
  Password: cisco
  Step 5 Reimage the application partition:
  [email protected]# upgrade ftp://user@ftp server IP/directory
  path/image file
  Step 6 Specify the FTP server password.
  After the application partition file has been downloaded, you are asked if you
  want to proceed:
  Upgrading will wipe out the contents on the hard disk. Do you want to
  proceed installing it [y|n]:
  Step 7 Type y to continue.
  When the application partition file has been installed, you are returned to the
  maintenance partition CLI.
  Step 8 Exit the maintenance partition CLI and return to the switch CLI.
  Step 9 Reboot the IDSM-2 to the application partition:
  cat6k> (enable) reset module_number hdd:1
  Step 10 When the IDSM-2 has rebooted, check the software version.
  Step 11 Log in to the application partition CLI and initialize the IDSM-2.
  See Initializing the Sensor, page 10-2, for the procedure.
  IF NOT, THEN IS THERE A SHORT CUT FROM 4.1 to 5.1 ?

  Just wanted to clarify some things.
  As Scott has already confirmed you can re-image using the method described and following Scott's advice on what additional updates to install.
  BUT understand that any configuration you have your 4.1 sensor will be lost during that method of re-imaging to 5.1.
  Another alternative is to first upgrade from 4.1(5)S225 to 5.0(1), and then to upgrade to 5.1(1).
  The upgrade to 5.0(1) will convert the 4.1 configuration into a compatible 5.0 format.
  I saw another post you made implying that you had to downgrade back to 4.1(5)S189 to do the 5.0(1) upgrade. This is not the case. You can upgrade directly from your current 4.1(5)S225 to 5.0(1).
  You can install the IPS-K9-maj-5.0-1-S149.rpm.pkg file directly on your current 4.1(5)S225 sensor.
  When S225 was installed on your 4.1(5) sensor, it also placed in storage the corresponding S225 update for your 5.0 sensor.
  So when IPS-K9-maj-5.0-1-S149.rpm.pkg is installed on the sensor it will detect that stored off S225 for 5.0 and install it at the same time.
  So once installed you will be immediately at 5.0(1)S225.
  Once at 5.0(1)S225, then you can upgrade directly to 5.1(1) using the IPS-K9-min-5.1-1d.pkg upgrade.
  (NOTE: 5.1-1d file was created to fix some upgrade bugs, but still installs the same 5.1(1) files as the original 5.1(1) upgrade package).
  So you will wind up at 5.1(1)S225.
  Now at this point I would recommend installing at least one later signature update (S226 or higher in your case) BEFORE installing the 5.1(1p1) patch.
  And AFTER the signature update, then install the 5.1(1p1) Engineering Patch (contact the TAC for this patch).
  Because of this specific upgrade path, the best way to avoid some issues is to install at least one signature update before installing the 5.1(1p1) patch. The signature update helps to ensure the sensor is ready for the 5.1(1p1) upgrade. Some of the files needed for the 5.1(1p1) upgrade have been seen to not get carried forward properly in the upgrade from 5.0(1) to 5.1(1), but a signature update corrects those issues.
  NOTE: This precaution of installing the signature update BEFORE the 5.1(1p1) is only needed when upgrading from 5.0(1) to 5.1(1). If imaging directly to 5.1(1) using the maintenance partition, then the 5.1(1p1) can be installed before a signature update without an issue.
  Once 5.1(1p1) is up and running and monitoring packets and generating alarms, then additional signature updates can be installed afterwards.

• Upgrade IDSM2 from 4.1(5)S225 to 5.0 not going well

  UPGRADING FROM 4.1 to 5.1. I know I have to got to 5.0 before I go to 5.1
  I have tried to upgrade from 4.1 to 5.0 and am failing. I upgraded the Maintenance Partition to 2.1(2) as you can see from the show ver command output.
  When I go to upgrade using the file IPS-K9-maj-5.0-1-S149.rpm.pkg i get the error messages to the console. they are included in the command line dump that follows..........
  Cisco Systems Intrusion Detection Sensor, Version 4.1(5)S225
  OS Version 2.4.18-5-phoenix
  Platform: WS-SVC-IDSM2-BUN
  Using 970657792 out of 1979682816 bytes of available memory (49% usage)
  Using 5.1G out of 17G bytes of available disk space (32% usage)
  MainApp 2005_Sep_01_21.30 (Release) 2005-09-01T21:30:35-0500 Running
  AnalysisEngine 2005_Sep_01_21.30 (Release) 2005-09-01T21:30:35-0500 Running
  Authentication 2005_Sep_01_21.30 (Release) 2005-09-01T21:30:35-0500 Running
  Logger 2005_Sep_01_21.30 (Release) 2005-09-01T21:30:35-0500 Running
  NetworkAccess 2005_Sep_01_21.30 (Release) 2005-09-01T21:30:35-0500 Running
  TransactionSource 2005_Sep_01_21.30 (Release) 2005-09-01T21:30:35-0500 Running
  WebServer 2005_Sep_01_21.30 (Release) 2005-09-01T21:30:35-0500 Running
  CLI 2005_Aug_02_10.53 (Release) 2005-08-02T10:25:35-0500
  Upgrade History:
  IDS-sig-4.1-5-S225.rpm.pkg 14:40:27 UTC Thu Apr 20 2006
  Maintenance Partition Version 2.1(2)
  THESE ARE THE ERROS I AM GETTING DURING THE UPGRADE WHICH FAILES.
  /signatures/[sig-id=11027,subsig-id=0]/engine/ -- the union does not have a member selected
  /signatures/[sig-id=11211,subsig-id=1]/engine/ -- the union does not have a member selected
  /signatures/[sig-id=11245,subsig-id=0]/engine/ -- the union does not have a member selected
  /signatures/[sig-id=11245,subsig-id=1]/engine/ -- the union does not have a member selected
  /signatures/[sig-id=11246,subsig-id=0]/engine/ -- the union does not have a member selected
  /signatures/[sig-id=11247,subsig-id=0]/engine/ -- the union does not have a member selected
  /signatures/[sig-id=11248,subsig-id=0]/engine/ -- the union does not have a member selected
  /signatures/[sig-id=11249,subsig-id=0]/engine/ -- the union does not have a member selected
  /signatures/[sig-id=11250,subsig-id=0]/engine/ -- the union does not have a member selected
  /signatures/[sig-id=11251,subsig-id=0]/engine/ -- the union does not have a member selected
  /signatures/[sig-id=12024,subsig-id=0]/engine/ -- the union does not have a member selected
  /signatures/[sig-id=12025,subsig-id=0]/engine/ -- the union does not have a member selected
  /signatures/[sig-id=12025,subsig-id=1]/engine/ -- the union does not have a member selected
  /signatures/[sig-id=12026,subsig-id=0]/engine/ -- the union does not have a member selected
  /signatures/[sig-id=12027,subsig-id=0]/engine/ -- the union does not have a member selected
  Any help would be great!
  gary price

  The combination of tcp-reset on some UDP signatures in 4.x. was not invalidated. 5.0 is stricter and enforces this. It might be the best to disable reset for all signatures and then proceed with the upgrade.

• Error upgrading IDSM2 5.1(4) past s261

  I have a 6500 IDSM2 at 5.1(4) + S261. When I attempt to upgrade to S267 or S268, I get the error msg:
  Error: execUpgradeSoftware : Error status returned with status str Internal Error.
  I have rebooted the IDS - no difference. I'm using "upgrade http:" with http sw which has always worked in the past. What should I look at?

  Further info: I reimaged the sensor to v6. Same error.
  It appears that UPGEADE HTTP: is no longer supported for sig application. As soon as I tried an UPGRADE FTP:, everything works.

• Upgrading IDSM2 and IDS 4235

  I have 12 IDSM2 and 4 IDS 4235 managed through VMS, I configured automatic download of signature updates but I notice that S189 was missed.
  Is it possible to apply the last Service Pack 4.1.5 from VMS? If yes do I simply have to download the file in the correct directory and apply it as a normal signature update or what method shall I use? I need to manage the update process centrally because my IDS systems are all remote.
  Thanks for your help,
  Chiara

  I tried. There is no way to do it. VMS returns a bad file type and effectively the service pack is .rpm.pkg while files managed during updates by VMS are .zip containing .rpm.pkg and other files.
  I manually did the update on every IDS by ftp and command line and where the update succeeded I had to re-import the sensor on VMS, otherwise the version was not aligned.
  Is this the power of a central management platform?

• IDSM2 license upgrade issue

  Hi folks,
  i have to buy IPS license for my 2 IDSM-2 mosules in order to upgrade them from IDS to IPS.
  I take a look to Cisco pricing list and i found 2 software code and i don't know what is the correct one: could you help me ?
  1)CON-SU1-WS-IDS2K9
  2)CON-SU1-WSIDSXLK9
  3)CON-SU1-WIDSBNK9
  What is the difference between them ?
  I need to purchase IPS license for my IDSM-2 and signature update.
  Thanks in advance,
  regards,
  MArco

  You can apply the IPS-sig-S202-minreq-5.0-1.pkg Signature Update and all following signature updates to all 5.0(x) versioned sensors as well as the newly released 5.1(1) version.
  These signature updates contain new signature definition parameters to support the new version 5.1(1) sensors. These new signature definition parameters are also seen on version 5.0(x) sensors, but are ignored if configured on version 5.0(x) sensors.
  The sensorApp binary on the 5.0(x) sensors is updated during the signature update so that the new sensorApp can read in, and properly ignore those new signature update parameters. This was done so that a single IPS signature update file can be used across all version 5.x sensors.
  The new signature definition parameters have been added in version 5.1(1) and are ignored if configured on version 5.0(x) sensors. Any signatures requiring these parameters do trigger on version 5.0(x) sensors.
  Be aware of the following installation caveats:
  You can apply the IPS-sig-S202-minreq-5.0-1.pkg Signature Update and all following signature updates to version 5.0(1), 5.0(2), 5.0(3), 5.0(4), 5.0(5), and 5.1(1) sensors.
  However if you apply any of the signature updates to a 5.0(1) sensor, then you should not upgrade to the 5.0(2) or 5.0(3) Service Packs. Similarly, if you apply the signature update to a 5.0(2) sensor, you should not upgrade to the 5.0(3) Service Pack. The 5.0(2), and 5.0(3) Service Pack installations scripts do not carry forward the new sensorApp binary (CSCsb49911). Upgrading to 5.0(2) or 5.0(3) results in sensorApp generating errors while trying to read the new configuration, and prevents sensorApp from monitoring for attacks. For this reason the 5.0(2) and 5.0(3) Service Packs have been removed from CCO.
  If you apply the signature update to a 5.0(1) sensor, you should upgrade to either 5.0(4) or 5.0(5) Service Packs, or 5.1(1) Minor Update. They do not have the CSCsb49911 issue.

• Idsm-2 problem: sensor upgrade from 4.1 to 5 or higher

  Hi all,
  I have a problem with my IDSM-2 module. I'm trying to sensor upgrade from IDS to IPS software (from 4.1 version to 5.x or higher).
  If I do this from sensor under "admin user" and use major patch - IPS-K9-maj-5.0-1e-S149.rpm.pkg then I receive error:
  "Error: idsPackageMgr: digital signature of the update file was not valid, use CCO to replace corrupted file ".
  But file "IPS-K9-maj-5.0-1e-S149.rpm.pkg" is NOT corrupted. I cheked it under "service user" with md5sum utility - checksum is correct.
  If I try to upgrade from maintance mode (ie re-image with wipe all information in application partition) then I receive:
  "Application image upgrade complete. You can boot the image now.
  Partition upgraded successfully"
  Next, I'm reboot IDSM-2 module and receive:
  "000133: Sep 7 15:10:18.622 MSK/MDD: %HA_EM-6-LOG: Mandatory.go_bootup.tcl: GOLD EEM TCL policy for boot up diagnostic
  000134: Sep 7 15:10:18.290 MSK/MDD: %DIAG-SP-3-MAJOR: Module 4: Online Diagnostics detected a Major Error. Please use 'show diagnostic result <target>' to see test results.
  000135: Sep 7 15:10:18.294 MSK/MDD: %CONST_DIAG-SP-3-BOOTUP_TEST_FAIL: Module 4: TestPCLoopback failed on port(s) 3-4
  000136: Sep 7 15:10:19.170 MSK/MDD: %OIR-SP-3-LC_FAILURE: Module 4 has Major online diagnostic failure, Card will be reset to re-run diagnostic. Please check sup-bootflash diaginfo file for previous detailed diagnostic result.
  000137: Sep 7 15:10:19.170 MSK/MDD: %OIR-SP-3-PWRCYCLE: Card in module 4, is being power-cycled 'off (Diagnostic Failure)'
  000138: Sep 7 15:10:19.170 MSK/MDD: %C6KPWR-SP-4-DISABLED: power to module in slot 4 set off (Diagnostic Failure)"
  ie module go to the "PwrDown" state.
  I try to upgrade for next firmware:
  IPS-K9-maj-5.0-1e-S149.rpm.pkg
  IPS-IDSM2-K9-sys-1.1-a-7.0-5a-E4.bin.gz
  IPS-K9-7.0-5a-E4.pkg
  IPS-K9-maj-5.0-1e-S149.rpm.pkg
  WS-SVC-IDSM2-K9-sys-1.1-a-5.0-1.bin.gz
  and did not get success
  chassis - 6509-e, sup - VS-S720-10G + VS-F6K-PFC3C, ios - s72033-adventerprisek9_wan-mz.122-33.SXI6.bin
  maintance software for IDSM-2 module - 3.4(2)m
  Could you please help me? Thanks in advance!

  I have a problem with my IDSM-2 module. I'm trying to sensor upgrade from IDS to IPS software (from 4.1 version to 5.x or higher). If I do this from sensor under "admin user" and use major patch - IPS-K9-maj-5.0-1e-S149.rpm.pkg then I receive error: "Error: idsPackageMgr: digital signature of the update file was not valid, use CCO to replace corrupted file ". But file "IPS-K9-maj-5.0-1e-S149.rpm.pkg" is NOT corrupted. I cheked it under "service user" with md5sum utility - checksum is correct.
  It has been a long time since I've seen a sensor running 4.1 or an upgrade to 5.0(1e) . If I recall correctly, there were some issues with upgrading if you were running a release from the 4.1 train earlier than 4.1(4). Additionally, the upgrade from 4.1 -> 5.0 includes a configuration conversion (due to differences between the software trains), which was prone to failure depending on the presence of certain configuration options.
  Unless you absolutely need to keep the existing configuration, you would save yourself time and effort by simply re-imaging the sensor directly to the desired release. Modern (supported) releases would be either 7.0(5a)E4 or 6.2(3)E4.
  Next, I'm reboot IDSM-2 module and receive:"000133: Sep 7 15:10:18.622 MSK/MDD: %HA_EM-6-LOG: Mandatory.go_bootup.tcl: GOLD EEM TCL policy for boot up diagnostic000134: Sep 7 15:10:18.290 MSK/MDD: %DIAG-SP-3-MAJOR: Module 4: Online Diagnostics detected a Major Error. Please use 'show diagnostic result ' to see test results.000135: Sep 7 15:10:18.294 MSK/MDD: %CONST_DIAG-SP-3-BOOTUP_TEST_FAIL: Module 4: TestPCLoopback failed on port(s) 3-4000136: Sep 7 15:10:19.170 MSK/MDD: %OIR-SP-3-LC_FAILURE: Module 4 has Major online diagnostic failure, Card will be reset to re-run diagnostic. Please check sup-bootflash diaginfo file for previous detailed diagnostic result.000137: Sep 7 15:10:19.170 MSK/MDD: %OIR-SP-3-PWRCYCLE: Card in module 4, is being power-cycled 'off (Diagnostic Failure)'000138: Sep 7 15:10:19.170 MSK/MDD: %C6KPWR-SP-4-DISABLED: power to module in slot 4 set off (Diagnostic Failure)"
  I would try re-imaging the sensor once more using the IPS-IDSM2-K9-sys-1.1-a-7.0-5a-E4.bin.gz System Recovery Image file found here, following the procedure described here. If the module still fails to boot after that (still citing a Diagnostic Failure), try moving it to another slot in the chassis (if possible).
  What color is the IDSM-2 Status LED (on front of module) when it is in this state? An RMA may be necessary to resolve this.

• IPSMC & Secmon no longer work after upgrade to 2.1

  During the installation, I got the error:
  Interactive SQL
  "C:\PROGRA~1\CSCOpx\MDC\bin\ids\patch\2_1_SP1\CSCsb19306.sql" at Table 'sys_typedel_default' not found.
  After continuing the upgrade, when I load the IPSMC, I get:
  Problem with File /WEB-INF/screens/devices.jsp!!!Unable to compile C:\Program Files\CSCOpx\MDC\tomcat\work\DEFAULT\ids-config\WEB_0002dINF\screens\devices_1.java:174: Method getIDS5SignatureLevel() not found in class com.cisco.nm.mdc.ids.config.DevicesForm. out.write(myForm.getIDS5SignatureLevel()); ^ 1 error

  I hope this will help you in the problem .You can apply the IPS-K9-maj-5.0-1-S149.rpm.pkg major update to the following IDS & IPS
  version 4.1 sensors:
  - IPS-42xx Cisco Intrusion Prevention System (IPS) sensors
  - IDS-42xx Cisco Intrusion Detection System (IDS) sensors (except for the
  IDS-4220 and the IDS-4230 series)
  - WS-SVC-IDSM2 series Intrusion Detection System Module (IDSM-2)
  - NM-CIDS IDS Network Module for Cisco 26xx, 3660, and 37xx Router Families
  It is not compatible with the IDS-4220 and IDS-4230 series IDS sensors, the
  NRS-xx series IDS sensors, or the WS-X6381-IDS series Intrusion Detection System Module
  (IDSM).
  You must upgrade version 4.0 and earlier sensors to 4.1(1)S47 or later before
  applying the 5.0(1)S149 major update. Refer to "Obtaining Software," in Cisco
  Intrusion Detection System Appliance and Module Installation and Configuration
  Guide Version 4.1 for instructions on upgrading version 4.0 IDS-42xx sensors
  to 4.1(1)S47 found at this URL:
  http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/hwguide/
  index.htm

• How to upgrade IPS Signature

  Can anyone help me with the steps of upgrading the IPS signature for the platform ASA SSM-20, IDS 4215, WV-SVC-IDSM-2 via IDM and IME. All the sensors are already upgraded with Engine E4 with signature S480.
  Can I upgrade the signature directly from S480 to S507? Please let me know the file which I need to download. Is there any impact while updating the signture like reboot?

  Hi Gangadaran,
  We can apply the same package on all the mentioned platforms. It can be applied to all below platforms:
  - IPS-42xx Cisco Intrusion Prevention System (IPS) sensors
  - IDS-42xx Cisco Intrusion Detection System (IDS) sensors (except the IDS-4220, and IDS-4230)
  - WS-SVC-IDSM2 series Intrusion Detection System Module (IDSM2)
  - NM-CIDS IDS Network Module for Cisco 26xx, 3680, and 37xx Router Families.
  - ASA-SSM-10 Cisco ASA Advanced Inspection and Prevention Security Services Module (Requires ASA)
  - ASA-SSM-20 Cisco ASA Advanced Inspection and Prevention Security Services Module (Requires ASA)
  - ASA-SSM-40 Cisco ASA Advanced Inspection and Prevention Security Services Module (Requires ASA)
  - AIM-IPS Cisco Advanced Integration Module for ISR Routers
  Refer the readme for all details:
  http://www.cisco.com/web/software/282549755/37074/IPS-sig-S507.readme.txt
  All the best!!
  Thanks,
  Prapanch

• IDSM-2 upgrade process questions.

  Hello,
  I started a new job and have been tasked with looking into what we can do with the IDSM-2 module we have in our 6509. The company has not been using the module so it hasn't been updating in a few years. I do not have a current license so I know I cannot install new signature updates, but what I would like to do is upgrade the software to version 7.0(5a)E4. Once I have it upgraded I would like to configure it in our environment and then see about getting a signature license.
  I have a few questions regarding the upgrade process, and could use some assistance.
  First the IDSM is currently running version 5.1(3)S256.0. From what I have read I don't believe I can go directly to 7.0(5a)E4 so my Planned Upgrade Path is: 5.1(3)S256.0 -> 5.1(8)E3 -> 7.0(5a)E4.
  Am I able to upgrade this way or is there another recommended way that I should do this upgrade?
  The files I have for this are below, will they be enough or am I missing any?
  Do I apply them in the order listed?
  Can I apply all of these files from the IDM GUI?
  IPS-K9-5.1-8-E3.pkg
  IPS-engine-E3-req-5.1-8.pkg <--- Is this included in the above file?
  IPS-K9-r-1.1-a-5.1-8-E3.pkg
  IPS-K9-7.0-5a-E4.pkg
  IPS-K9-r-1.1-a-7.0-5a-E4.pkg
  I plan on backing up my configuration first just in case, but should this process have any affect on the configuration?
  I also saw that the upgrade will convert the configuration, so should I back it up a second time between the 5.1(8)E3 and 7.0(5a)E4 step?
  Will there be any effect on network traffic or downtime during this process?
  Is there any thing else I need to be aware of or that I'm missing?
  Thanks in advance,
  Will

  Hi Will. Since you indicated that this sensor has not been in-use, it would be quickest/easiest to simply re-image it directly to the desired version (7.0(5a)E4). Additional benefits of doing this are that the sensor's filesystem will be created clean, OS/binaries cleanly installed, no potential config conversion issues, etc.
  Step-by-step instructions for doing this can be found here.
  And, the System Recovery Image file you will need ('IPS-IDSM2-K9-sys-1.1-a-7.0-5a-E4.bin.gz') can be downloaded here.
  Will there be any effect on network traffic or downtime during this process?
  That depends on whether the sensor is configured in Promiscuous Mode or Inline [VLAN Pair] Mode. You can determine this from the Catalyst config. If the sensor is installed in Inline [VLAN Pair] Mode, then certainly the re-image (and even just upgrade) could be traffic-impacting (if there is no alternative/backup path for traffic to take), as in both scenarios, the sensor is rebooted and not available for ~10 minutes (during which time, it would not be forwarding traffic (if it were installed Inline)). Additionally, since re-imaging results in a clean/default config, if the sensor were configured Inline, that portion of the config would have to be re-input post-reimage so that the sensor would know to forward traffic accordingly again. Details about the modes can be found here.

• Verifying Compatibility of VS-S2T-10G (Sup2T) with IDSM-2 (IDSM2)

  I am preparing to do an upgrade from Sup720 to Sup2T on a Catalyst 6509E.
  I am not seeing compatibility of the Sup2T with the IDSM2 in the release notes.
  Could someone verify if the IDSM2 is compatibility with the Sup2T (running s2t54-ipservicesk9-mz.SPA.150-1.SY3.bin)
  If not, is there a follow-on product?

  Hi Kbyrd,
  the IDSM2 seems to be incompatible with the SUP2T.
  Software and Hardware Requirements
  The following are the IDSM-2 software and hardware requirements:
  •Catalyst software release 7.5(1) or later with Supervisor Engine 1A with MSFC2
  •Catalyst software release 7.5(1) or later with Supervisor Engine 2 with MSFC2 or PFC2
  •Cisco IOS software release 12.2(14)SY with Supervisor Engine 2 with MSFC2
  •Cisco IOS software release 12.1(19)E or later with Supervisor Engine 2 with MSFC2
  •Cisco IOS software release 12.1(19)E1 or later with Supervisor Engine 1A with MSFC2
  •Cisco IOS software release 12.2(14)SX1 with Supervisor Engine 720
  •Cisco IDS software release 4.0 or later
  Tried to configure the products within 6509 chassis, but that confirms the above info
  I will check if any similar module will be available soon.
  Regards,
  Marco

• MARS and IDSM2 logs

  Hi All,
  I have MARS version 6.0.3 (3188) 32, when i try to add IDSM2 to it as a device i can't find the version of the IDSM2 in the MARS.
  version of IDSM2 is  7.0.4(E4).
  can anyone help me in this issue please.
  Thanks in advance,
  Ayman

  Ayman;
  CS-MARS will successfully parse signature events for your IDSM-2
  running 7.0 software. However, CS-MARS will have no understanding of
  the global correlation details which are new to the 7.0 release. If you
  wish to be able to query/report on global correlation details within
  CS-MARS, you will need to upgrade.
  Once you upgrade, you can simply select the IDSM-2 in the 'Security
  and Monitor Devices' list and click the "Change Version" button.
  Scott

• Upgrading from v4.1 to v6.0

  I have an IDSM-2 that I want to upgrade. Would there be a problem if I upgraded my IPS from 4.1 to 6.0, CONSIDERING that i'm willing to blow away any old configurations. Basically, I want to start from scratch on the IDSM with the 6.0. If that's the case, i'm assuming I can just go ahead and jump to install 6.0?
  Jason

  Your question comes down to terminology.
  An "upgrade" in IPS terminology involves the conversion of configuration from the lower version to the higher version.
  The IPS 6.0(2)E1 upgrade file (the latest 6.0 version you should use) is: IPS-K9-6.0-2-E1.pkg available from this link:
  http://www.cisco.com/cgi-bin/tablebuild.pl/ips6
  BUT the IPS 6.0(2)E1 upgrade file can NOT upgrade a sensor from 4.1 to 6.0(2)E1.
  Instead if you were worried about conversion of your configuration you would have to first upgrade to 5.0(1e). And then from 5.0(1e) you CAN upgrade directly to 6.0(2)E1 using the file I mentioned above.
  But by saying that you are not concerned with conversion of your 4.1 configuration, then you open yourself to another alternative that we refer to as "System Re-imaging".
  With System Re-imaging everything on the sensor will be wiped out (including configuration) and a fresh manufacturing image will be installed on the sensor.
  System Re-imaging can be done to Any version (any version that has a System Image) from Any version.
  There are no version requirements because it first erases everything on the sensor.
  To do a System Re-image to 6.0(2)E1 you will need to download the 6.0(2)E1 System Image file specifically for the IDSM-2:
  WS-SVC-IDSM2-K9-sys-1.1-a-6.0-2-E1.bin.gz
  from this link:
  http://www.cisco.com/cgi-bin/tablebuild.pl/ips6-cat6500-idsm2-sys
  Follow these steps:
  http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids13/cliguide/cliimage.htm#wp1031426

• Upgrading from v1.1 to v2.0

  We recently purchased the upgrade to CW v2.0. I tried to load a Visual
  Basic 6 project that was done with CW v1.1 and ran into errors during
  loading. It complained that all of the controls were not a loaded
  class. Worse yet, is that VB replaced all fo the CW controls on the
  form with a picturebox control of the same name.
  Has anyone else had problems upgrading from v1.1 to v2.0 ?

  Your question comes down to terminology.
  An "upgrade" in IPS terminology involves the conversion of configuration from the lower version to the higher version.
  The IPS 6.0(2)E1 upgrade file (the latest 6.0 version you should use) is: IPS-K9-6.0-2-E1.pkg available from this link:
  http://www.cisco.com/cgi-bin/tablebuild.pl/ips6
  BUT the IPS 6.0(2)E1 upgrade file can NOT upgrade a sensor from 4.1 to 6.0(2)E1.
  Instead if you were worried about conversion of your configuration you would have to first upgrade to 5.0(1e). And then from 5.0(1e) you CAN upgrade directly to 6.0(2)E1 using the file I mentioned above.
  But by saying that you are not concerned with conversion of your 4.1 configuration, then you open yourself to another alternative that we refer to as "System Re-imaging".
  With System Re-imaging everything on the sensor will be wiped out (including configuration) and a fresh manufacturing image will be installed on the sensor.
  System Re-imaging can be done to Any version (any version that has a System Image) from Any version.
  There are no version requirements because it first erases everything on the sensor.
  To do a System Re-image to 6.0(2)E1 you will need to download the 6.0(2)E1 System Image file specifically for the IDSM-2:
  WS-SVC-IDSM2-K9-sys-1.1-a-6.0-2-E1.bin.gz
  from this link:
  http://www.cisco.com/cgi-bin/tablebuild.pl/ips6-cat6500-idsm2-sys
  Follow these steps:
  http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids13/cliguide/cliimage.htm#wp1031426

• IDSM-2 - upgrade issue - 5.x to 6.x

  Hello All,
  I have an issue upgrading the IDSM-2 module I'm playing with.
  It is currently running version 5.0(2).
  The thing is when I try to upgrade the image to the latest 6.x version using the .bin.gz file, I get the follwing error message :
  The filename IPS-IDSM2-K9-sys-1.1-a-6.1-2-E3.bin.gz is not a valid upgrade file type.
  Continue with upgrade? []:
  There is no image file that is not .bin.gz on the download section of the website. Only recovery images have the .pkg extension.
  Does anybody how to troubleshoot this simple(I guess) upgrade issue?
  Regards,
  Thibault.

  You are trying to "upgrade" using a "System Image" (-sys-) file instead of an Upgrade file.
  The upgrade file for the IDSM-2 is the standard upgrade file used across almost all IPS/IDS models:
  IPS-K9-6.1-2-E3.pkg
  It can be downloaded here:
  http://www.cisco.com/cgi-bin/tablebuild.pl/ips6