SRX

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Same Behavior with SRX340

    Posted 05-29-2024 11:12

    Hi All,

    I don't have IDP config in my template, could you suggest that another config should be removed in order to commit?

    output:

    # commit 
    /var/db/idpd/sec-download/detector-capabilities.xml:4637: parser error : Char 0x0 out of allowed range
                <Parent>N
                         ^
    /var/db/idpd/sec-download/detector-capabilities.xml:4637: parser error : Premature end of data in tag Parent line 4637
                <Parent>N
                         ^
    /var/db/idpd/sec-download/detector-capabilities.xml:4637: parser error : Premature end of data in tag Context line 4631
                <Parent>N
                         ^
    /var/db/idpd/sec-download/detector-capabilities.xml:4637: parser error : Premature end of data in tag Contexts line 382
                <Parent>N
                         ^
    /var/db/idpd/sec-download/detector-capabilities.xml:4637: parser error : Premature end of data in tag DetectorCapabilities line 2
                <Parent>N
                         ^
    <xnm:error xmlns="http://xml.juniper.net/xnm/1.1/xnm" xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm">
    <source-daemon>idpd</source-daemon>
    <edit-path>[edit groups junos-defaults security]</edit-path>
    <statement>idp</statement>
    <message>Please install the latest detector
    </message>
    </xnm:error>
    error: configuration check-out failed

    Thanks in advance.



    ------------------------------
    Juan Cuello
    ------------------------------


  • 2.  RE: Same Behavior with SRX340

    Posted 06-11-2024 17:32

    Sounds like something got corrupted, or there may be some old IDP files downloaded. It's complaining about the system default IDP configuration (check what that is with >show configuration groups junos-defaults security idp).

    You can try request security idp storage-cleanup commands to see if you can get the bad detector-capabilities.xml removed. You may be able to clean it up manually from a root shell, but that's a risk.



    ------------------------------
    Nikolay Semov
    ------------------------------