000028068 - Upgrade of Cisco IDS version causes collection of data to stop

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000028068
Applies To

It seems that CS-MARS is currently using RDEP protocol to perform the Test Connectivity function to Cisco IDS/IPS devices. Starting in IPS v6.1 RDEP is now disabled by default (it was replaced with SDEE starting in IDS 5.0/IPS 5.1). The reason the functionality of it still worked is that CS-MARS uses SDEE to pull data not RDEP.

The CS-MARS BU has flag this issue and said the fix for it will be released in 6.0.1. As a work around you can just ignore the Test Connectivity button or simply enable RDEP. To enable RDEP do the following:

sensor# conf t
sensor(config)# service web-server
sensor(config-web)# configurable-service rdep-event-server
sensor(config-web-con)# enabled true
sensor(config-web-con)# exit
sensor(config-web)# exit Apply Changes?[yes]: yes
Warning: The RDEP event server is deprecated, but functional. Please migrate to SDEE as support for the event server will be removed in a future release.
sensor(config)# exit
sensor#

http://blog.crimsonsilo.com/2008/05/cs-mars-ips-61-bug-explaination/


RDEP
SDEE
IssueCisco MARS collection failing when using RDEP
Legacy Article IDa44250

Attachments

    Outcomes