HPE Community
Operating System - HP-UX
1827706 Members
2498 Online
109967 Solutions
New Discussion

Re: IDS

 
system administrator_15
Frequent Advisor

‎02-18-2004 10:02 PM

‎02-18-2004 10:02 PM

IDS

Hi guys
I have an issue with IDS, i have set up the IDS server and then 1client i am trying to set up a second client but even though the agent seems to be running ok the gui complains that the agent is not available.
processes on client are
ids 23366 23364 0 10:58:53 ? 0:00 idskerndsp -c 159 -o /var/opt/ids//ids_1004 -s 110 -q 16384
ids 23365 23364 253 10:58:53 ? 0:10 idscor -i /var/opt/ids//ids_1004 -o 156 -c 157 -s 158 -q 16384
ids 23364 1 0 10:58:49 ? 0:00 ./idsagent -a
i wondered whether i could try and rerun the IDSimportagentkeys to see if this resolvesd the issue.
any ideas,
regards
andy
0 Kudos
Reply
5 REPLIES 5
BSSG
Frequent Advisor

‎02-19-2004 08:24 AM

‎02-19-2004 08:24 AM

Re: IDS

I'm having a seemingly identical issue, having freshly installed IDS on two servers. The client server has a Status of Running, and is reporting alerts properly. The admin server has a status of Polling, and can't be activated. Both hosts have the idsagent, idskerndsp, and idscor daemons running.

--
Bob
0 Kudos
Reply
BSSG
Frequent Advisor

‎02-20-2004 08:08 AM

‎02-20-2004 08:08 AM

Re: IDS

The strange part is that even though the server remains in a Polling state and can't be stopped or activated, it's still racking up hundreds of alerts. All the alerts are filesystem changes, per the test schedule I set up.

I wonder if the IDS folks ever read this forum any more?
0 Kudos
Reply
Pierre Pasturel
Respected Contributor

‎02-25-2004 04:29 AM

‎02-25-2004 04:29 AM

Re: IDS

BSSG - Yes, we still monitor this forum :)
Andy - A quick check is to run the idsagent with the "-c 1" option to
print a communication debug trace to see if the agent accepts a
connection from the GUI and whether the SSL handshake succeeds. Let
me know of any errors you notice in the trace, which by default is sent to /var/opt/ids/error.log.

Pierre
0 Kudos
Reply
Pierre Pasturel
Respected Contributor

‎02-25-2004 04:43 AM

‎02-25-2004 04:43 AM

Re: IDS

BSSG - The agent status being stuck on "polling" is a known problem. The workaround is to manually sync the agent again.

This is the observation I noted in our defect database entry:

When there are several agents being monitored by the GUI and the GUI
comes up with the autostatus and autosync flags set and there are
numerous alerts to resync, some of the agents end up in the "Polling"
state. A subsequent status of these agents shows their correct state
(i.e., running, available, scheduled). The GUI has probably has timed
out trying to resync all the agents and the status of the agents never
get updated.

0 Kudos
Reply
BSSG
Frequent Advisor

‎02-26-2004 05:05 AM

‎02-26-2004 05:05 AM

Re: IDS

I had another look back at the status of the server host a week later and now it is in a Running state and seems to be operating normally. I was able to stop and start it again without a problem, applying modified filter rules. So it almost looks like waiting a few days will also resolve the problem.

Thanks.

--
Bob
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.