This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
CharlesBeierle
Beginner
Beginner
‎2010-06-23 10:15 AM

Cisco IOS device issue

First of all I do have a ticket open on this, but it is still unresolved so I am reaching out to my IC folks.

 

Two months ago I realized I was unable to update the ciscorouter.xml file. If I update the xml via ESU message parsing fails for queries and reports. If I replace the updated xml with one from April and restart the envision services everything begins to function again. I have confirmed checksums with support and provided the entire folder for testing. It is my belief that my ES itself has some sort of corruption that is not easily determined by logs. Any ideas on what to try or look at? I have worked with this product for years and never seen this.

0 Likes
Reply
2 Replies
AnkushBaveja
Employee
Employee
‎2010-06-24 10:10 PM

just a quick check .. recently i applied the june ESU wherein i saw something like content schema update for checkpoint. After this all my queries and reports for checkpoint stopped working.

While applying the ESU a pop up message read "you may need to change custom reports to read new sql tables after applying the content schema update".

The number of tables used in checkpoint are actually reduced, which i consider a good thing but still need to work on the reports issue. 

0 Likes
Reply
CharlesBeierle
Beginner
Beginner
In response to AnkushBaveja
‎2010-06-25 08:53 AM

What you described also recently occurred with Sidewinder firewalls - yes a very good thing as most of what I need is in the firewall table. However, in my case (ciscorouter.xml) it appears the header that was parsing my messages was actually removed. The core problem is a little bit more complex. Switches can also route packets and utilize basic acl's to permit/deny traffic. These devices in our enviroment have been detected as IOS Firewalls successfully until the change a few months ago. Taking a message sample and running it against the Cisco Switch xml succeeds in matching against a header but it is not even close to being a correct parsing. Sooooo one or the other has to be adjusted. My preference would be to put Header 003 back into ciscorouter.xml at the end of the header list so I don't have to mess with my environment a bunch.

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.