Cisco IOS device issue
First of all I do have a ticket open on this, but it is still unresolved so I am reaching out to my IC folks.
Two months ago I realized I was unable to update the ciscorouter.xml file. If I update the xml via ESU message parsing fails for queries and reports. If I replace the updated xml with one from April and restart the envision services everything begins to function again. I have confirmed checksums with support and provided the entire folder for testing. It is my belief that my ES itself has some sort of corruption that is not easily determined by logs. Any ideas on what to try or look at? I have worked with this product for years and never seen this.
just a quick check .. recently i applied the june ESU wherein i saw something like content schema update for checkpoint. After this all my queries and reports for checkpoint stopped working.
While applying the ESU a pop up message read "you may need to change custom reports to read new sql tables after applying the content schema update".
The number of tables used in checkpoint are actually reduced, which i consider a good thing but still need to work on the reports issue.
What you described also recently occurred with Sidewinder firewalls - yes a very good thing as most of what I need is in the firewall table. However, in my case (ciscorouter.xml) it appears the header that was parsing my messages was actually removed. The core problem is a little bit more complex. Switches can also route packets and utilize basic acl's to permit/deny traffic. These devices in our enviroment have been detected as IOS Firewalls successfully until the change a few months ago. Taking a message sample and running it against the Cisco Switch xml succeeds in matching against a header but it is not even close to being a correct parsing. Sooooo one or the other has to be adjusted. My preference would be to put Header 003 back into ciscorouter.xml at the end of the header list so I don't have to mess with my environment a bunch.