2 Replies Latest reply on Sep 9, 2011 2:00 AM by dmease729

    Signature status: present = yes, but version not listed

    dmease729

      Hi All,

       

      Not seen this one before.  Every time the signature status (from CLI 'status' output) has been shown as  present, the version is there.  Would there be any reason why the version would not be listed?  I will be applying a new sigset to see what happens, but even if this fixes it, I would like to know what the possible cause of this is, to ensure there are no underlying issues!  I am thinking that this is the main reason that the sensor is not initialized...

       

      Cheers,

       

      NOTE: Output below is from sensor that has been up for 20 minutes, and the NSM is currently not active.

       

      ===OUTPUT===

      intruShell@MYSENSOR> status
      [Sensor]
      System Initialized : no
      System Health Status : bad
      Layer 2 Status : normal (IDS/IPS)
      Installation  Status : complete
      IPv6 Status : Dont Parse and Allow Inline
      Reboot Status : Not Required
      Guest Portal Status: down
      Last Reboot reason : reboot issued from CLI


      [Signature Status]
      Present : yes
      Version :


      [Manager Communications]
      Trust Established : yes
      Alert Channel : error connecting to manager
      Log Channel : down
      Authentication Channel : down
      Current Status : unknown
      Last Error : Alert Channel - error connecting to manager
      Alerts Sent: 0        
      Logs Sent  : 0        

      [Peer Manager Communications]
      Alert Channel : error connecting to manager
      Log Channel : down
      Authentication Channel : down
      Current Status : unknown
      Last Error : Alert Channel - error connecting to manager
      Alerts Sent: 0        
      Logs Sent  : 0        

      [Alerts Detected]
      Signature : 0         Alerts Suppressed  : 0        
      Scan : 0         Denial of Service  : 0        


      [McAfee NAC Communication]
      Trust Status : No Trust
      Root Certificate : None

       

      Message was edited by: dmease729 on 30/08/11 12:55:09 CDT
        • 1. Re: Signature status: present = yes, but version not listed
          SGROSSEN

          dmease

          Some of your communication channels are down.  Make sure the Sensor and Manager can connection via port 8500 -8505.   You may try restarting the Manager system, or confirming you have Windows Firewall disabled on Manager OS.

           

          Alert Channel : error connecting to manager

          Log Channel : down

          Authentication Channel : down

          • 2. Re: Signature status: present = yes, but version not listed
            dmease729

            Hi,

             

            Please see original post: "and the NSM is currently not active.".  Due to ongoing issues with a number of sensors, I have had them in a lab environment and at the time the above output was taken the NSM connectivity was not present.  I can confirm from another sensor that the lack of connectivity to the NSM does not mean that the signature version is not listed - the below is taken from another sensor, also not connected to the NSM.

            Note that I have not given all the background to the issue here, so apologies if I have caused any confusion.  Essentially the 2 sensors that do not list the signature version (although the signature status is present) keep on rebooting themselves with the last reboot reason listed as 'internal sensor error'.  I am currently following this through with support also (part of which is a rebuild which is covered on my other thread you have answered :-) ), it was just this particular output that piqued my curiosity.

             

            Anyhoo, output from another sensor that is also not connected to the NSM but shows the sig version:

             

             

             

            intruShell@SENSOR2> status
            [Sensor]
            System Initialized : no
            System Health Status : uninitialized
            Layer 2 Status : normal (IDS/IPS)
            Installation  Status : complete
            IPv6 Status : Dont Parse and Allow Inline
            Reboot Status : Not Required
            Guest Portal Status: up
            Last Reboot reason : unknown                                ###note that this is fine, as I pulled the power, so this reason is expected.


            [Signature Status]
            Present : yes                                                            ###same as other sensor
            Version : 6.4.23.9                                                      ###...except this one presents the version
            Power up signature : good


            [Manager Communications]
            Trust Established : yes
            Alert Channel : error connecting to manager
            Log Channel : down
            Authentication Channel : down
            Current Status : unknown      
            Last Error : Alert Channel - error connecting to manager
            Alerts Sent: 0        
            Logs Sent  : 0        

            [Peer Manager Communications]
            Alert Channel : error connecting to manager
            Log Channel : down
            Authentication Channel : down
            Current Status : unknown
            Last Error : Alert Channel - error connecting to manager
            Alerts Sent: 0        
            Logs Sent  : 0        

            [Alerts Detected]
            Signature : 0         Alerts Suppressed  : 0        
            Scan : 0         Denial of Service  : 0        


            [McAfee NAC Communication]
            Trust Status : No Trust
            Root Certificate : None