Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual page 465

Appendix C Troubleshooting
Diagnosing IDSM-2 Problems
Use the following list to diagnose IDSM-2 problems:
•
•
•
•
•
•
•
If you have confirmed that IDSM-2 does not suffer from any of the problems listed above and yet it
appears unresponsive, for example, you cannot log in through SSH or Telnet, nor can you session to the
switch, determine if IDSM-2 responds to pings and if you can log in through the service account. If you
can log in, obtain a cidDump and any core files and contact TAC.
Switch Commands for Troubleshooting
The following switch commands help you troubleshoot IDSM-2:
•
•
•
78-16527-01
The ribbon cable between IDSM-2 and the motherboard is loose.
During physical handling of the module, the connector can come loose from the base card, and cause
the daughter card and the base card to lose contact with each other. A loose ribbon cable connector
causes an on-line diagnostic error on ports 7 and 8. The module cannot operate when this condition
exists.
For more information see
Some IDSM-2s were shipped with faulty DIMMs.
For the procedure for checking IDSM-2 for faulty memory see the
The hard-disk drive fails to read or write.
When the hard-disk drive has been in constant use for extended periods of time (for more than 2
weeks), multiple symptoms, such as the following, can occur:
– An inability to log in
– I/O errors to the console when doing read/write operations (the ls command)
– Commands do not execute properly (cannot find the path to the executable)
The switch reports that the module is ok, but if you log in to the Service account and try to execute
commands, you see that the problem exists. The 4.1(4) service pack alleviates this problem, but if
you reimage IDSM-2 with the 4.1(4) application partition image, you must apply the 4.1(4b) patch.
For more information see CSCef12198.
SensorApp either crashes or takes 99% of the CPU when IP logging is enabled for stream-based
signatures (1300 series). See
IDSM-2 appears to lock up and remote access is prohibited (SSH, Telnet, IDM, Event Server,
Control Transaction Server, and IP log Server).
This defect is related to using SWAP. IDSM-2 responds to pings. Apply the 4.1(4) service pack to
resolve this issue. For more information see CSCed54146.
Shortly after you upgrade IDSM-2 or you tune a signature with VMS, IDSM-2 becomes
unresponsive and often produces a SensorApp core file. Apply the 4.1(4b) patch to fix this issue.
Confirm that IDSM-2 has the supported configurations.
For more information refer to "Supported IDSM-2 Configurations," in
Prevention System Appliances and Modules
show module (Cisco Catalyst Software and Cisco IOS Software)
show version (Cisco Catalyst Software and Cisco IOS Software)
show port (Cisco Catalyst Software)
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
Partner Field Notice 52816.
CSCed32093 for the workaround.
5.0.
Troubleshooting IDSM-2
Partner Field 52563.
Installing Cisco Intrusion
C-39