Advertisement
Error Messages
Table B-1
csiosips
cswin
pnmac
device_monitor
DbIncidentLoaderSrv
pnesloader
process_event_srv
process_query_srv
Error Messages
"Error ./pnarchiver Thread 2051:PN-0102:SQL error: ORA-01005: null password given; logon denied"
Issue: Problem with archiving to NFS server. The directories for the archiving are properly created on
the server but those directories remain empty.
Workaround: An interoperability issue exists between MARS and CygWin NFS server running on
Windows 2003 server. To work around such interoperability issues, replace the NFS server with
Microsoft Windows Services for Unix. For more information, see
Windows, page
Page cannot be found.
Issue: Upon logging in to the web interface, user receives a "Page cannot be found." error and the URL
in the address bar is of the format: https://<IP_address>/j_security_check.
Install and Setup Guide for Cisco Security MARS
B-14
MARS Services and Processes Descriptions (continued)
This backend process uses SDEE to pull alerts from IOS IPS
devices using SDEE. The alerts pulled are then processed and
passed on to pnparser from where they enter the system as all other
events do. This process, introduced in version 4.2.2, replaces the
former process named pniosips_srv.
This backend process uses MS-RPC to pull alerts alerts from
Windows devices. The alerts pulled are then processed and passed
on to pnparser from where they enter the system as all other events
do. This process was introducted in version 4.2.2.
This backend process retrieves the mac addresses for the IP
addresses found in sessions and incidents. It uses the STP
information provided by the switches to which the sources and
destinations are connected. MARS uses this data to perform port
blocks or suggest the CLI commands required to block traffic from
these MAC addresses.
This process uses SNMP to monitor the resources usage on the
reporting devices and raises device anomalies (MARS events) when
the usage exceeds the defined thresholds. The resources studied
include CPU, memory, number of connections, and bandwidth used.
This process stores event/session data for fired incidents into the
database after process_postfire_srv has performed false positive
analysis.
This process stores event and session data in the database after
pnparser has parsed and sessionized the recoeved data.
This process is the rule processing engine. Compiles rules, receives
events, computes the incidents that need to be fired and passes them
on for notification and false positive analysis to
process_postfire_srv.
This process computes the results for multi-lined queries (queries
that look like multi-line rules. For example, X followed by Y).
6-24.
Appendix B
Troubleshooting
Configure the NFS Server on
OL-14672-01
Advertisement
Chapters
Troubleshooting
