Intrusion Prevention

  • 1.  IDP Profiler starting issue in NSM 20091r1a11.

    Posted 02-01-2011 23:13

    Hi,


    I am unable to start IDP profiler although SNMPD service is running in NSM and IDP aldo.

    i have shown exact error below, i.e. appear in NSM

    Result:
          IDP Rules Updated Successfully.

    Details:
      No Firewall rules can be updated for device in assigned policy 'Recommended'.
      Notice in IDP Policy "Recommended" Rule No. 1 (Rule ID: 😞
        The above mentioned IDP rule will not be updated to the device, because
        there are no attacks in the rule currently applicable to this device.
      Notice in IDP Policy "Recommended" Rule No. 2 (Rule ID: 😞
        The above mentioned IDP rule will not be updated to the device, because
        there are no attacks in the rule currently applicable to this device.
      Notice in IDP Policy "Recommended" Rule No. 7 (Rule ID: 😞
        The above mentioned IDP rule will not be updated to the device, because
        there are no attacks in the rule currently applicable to this device.
     
        The following attacks/groups can not be updated (see "Reason Code" column below):

      IDP Attack/Group Name                         Attack Type            In Rules (I=Idp,E=Exempt)     Reason Code
      --------------------------------------------------------------------------------------------------------------
      [Recommended]IP - Minor                       predef dyn group       I-1                                  3
      [Recommended]TCP - Critical                   predef dyn group       I-1                                  3
      [Recommended]VIRUS - Critical                 predef dyn group       I-9                                  3
      [Recommended]VIRUS - Major                    predef dyn group       I-9                                  3
      [Recommended]IP - Critical                    predef dyn group       I-1                                  3
      [Recommended]POP3 - Major                     predef dyn group       I-7                                  3
      [Recommended]TCP - Minor                      predef dyn group       I-1                                  3
      [Recommended]TCP - Major                      predef dyn group       I-1                                  3
      [Recommended]POP3 - Critical                  predef dyn group       I-7                                  3
      [Recommended]POP3 - Minor                     predef dyn group       I-7                                  3
      [Recommended]IP - Major                       predef dyn group       I-1                                  3
      [Recommended]WORM - Critical                  predef dyn group       I-9                                  3
      [Recommended]DNS - Critical                   predef dyn group       I-5                                  3
      [Recommended]ICMP - Major                     predef dyn group       I-2                                  3
      [Recommended]ICMP - Minor                     predef dyn group       I-2                                  3
     
        Attack Platform Version: idp4.1.0

      Reason Codes:

      (3)    Attack Group currently has no members.  In the future when predefined
                attacks are defined in their respective categories, these attack groups
                will be updated to the device.  Also, if user defined attacks are created
                with the appropriate filter conditions, they will automatically become
                members of this group.  No further action is required in this case.
     

      Failed to update global configuration: Could not restart SNMPD
      Policy compiled successfully.
      Verifying rulebase 'Main'
      'Main' verified successfully.
      Failed to start profiler.Failed: profiler could not be started




    When I start to IDP Profiler then below Error occured:


    Error Code:

    Error Text:
       Failed to start profiler.Failed: profiler could not be started


    Error Details:
        No Details Available.

     
    Thanks in Advance

    Regards
    Baqar



  • 2.  RE: IDP Profiler starting issue in NSM 20091r1a11.
    Best Answer

    Posted 02-02-2011 05:00

    Hello, since you seem to be able to push a new policy to the device this probably due the fact the profiler DB is full and needs to be purged. This should happen by itself but my experience is that NSM does not always do this in a timely manner.

     

    I usually end up deleting the profiler DB files under this catalog on the IDP itself:

     

    /usr/idp/device/var/profile

     

    delete all the DB files and then try to start the profiler again with NSM or the IDP CLI:

     

    profiler.sh start

     

    This could also be a problem with disk space on the IDP with /var/idp please check this first perhaps.

     

    Regards

     

    -John



  • 3.  RE: IDP Profiler starting issue in NSM 20091r1a11.

    Posted 02-02-2011 05:02

    Hello again, you could also check the profiler log in this catalog:

     

    /usr/idp/device/var/sysinfo/logs/profiler.20110202

     

    It should say why it failed to start

     

    Regards

     

    -John



  • 4.  RE: IDP Profiler starting issue in NSM 20091r1a11.

    Posted 02-02-2011 07:16

    Hi John,

     

    thanks for quick response.

     

    i have delete all DB files from below mentioned Catalog on IDP then Run profiler from NSM.

     

    /usr/idp/device/var/profile

     

    Problem has been resolved.

     

    Regards,

    Baqar