Intrusion Prevention
Reply
Visitor
baqarbeezee
Posts: 6
Registered: ‎01-26-2011
0
Accepted Solution

IDP Profiler starting issue in NSM 20091r1a11.

Hi,


I am unable to start IDP profiler although SNMPD service is running in NSM and IDP aldo.

i have shown exact error below, i.e. appear in NSM

Result:
      IDP Rules Updated Successfully.

Details:
  No Firewall rules can be updated for device in assigned policy 'Recommended'.
  Notice in IDP Policy "Recommended" Rule No. 1 (Rule ID: ):
    The above mentioned IDP rule will not be updated to the device, because
    there are no attacks in the rule currently applicable to this device.
  Notice in IDP Policy "Recommended" Rule No. 2 (Rule ID: ):
    The above mentioned IDP rule will not be updated to the device, because
    there are no attacks in the rule currently applicable to this device.
  Notice in IDP Policy "Recommended" Rule No. 7 (Rule ID: ):
    The above mentioned IDP rule will not be updated to the device, because
    there are no attacks in the rule currently applicable to this device.
 
    The following attacks/groups can not be updated (see "Reason Code" column below):

  IDP Attack/Group Name                         Attack Type            In Rules (I=Idp,E=Exempt)     Reason Code
  --------------------------------------------------------------------------------------------------------------
  [Recommended]IP - Minor                       predef dyn group       I-1                                  3
  [Recommended]TCP - Critical                   predef dyn group       I-1                                  3
  [Recommended]VIRUS - Critical                 predef dyn group       I-9                                  3
  [Recommended]VIRUS - Major                    predef dyn group       I-9                                  3
  [Recommended]IP - Critical                    predef dyn group       I-1                                  3
  [Recommended]POP3 - Major                     predef dyn group       I-7                                  3
  [Recommended]TCP - Minor                      predef dyn group       I-1                                  3
  [Recommended]TCP - Major                      predef dyn group       I-1                                  3
  [Recommended]POP3 - Critical                  predef dyn group       I-7                                  3
  [Recommended]POP3 - Minor                     predef dyn group       I-7                                  3
  [Recommended]IP - Major                       predef dyn group       I-1                                  3
  [Recommended]WORM - Critical                  predef dyn group       I-9                                  3
  [Recommended]DNS - Critical                   predef dyn group       I-5                                  3
  [Recommended]ICMP - Major                     predef dyn group       I-2                                  3
  [Recommended]ICMP - Minor                     predef dyn group       I-2                                  3
 
    Attack Platform Version: idp4.1.0

  Reason Codes:

  (3)    Attack Group currently has no members.  In the future when predefined
            attacks are defined in their respective categories, these attack groups
            will be updated to the device.  Also, if user defined attacks are created
            with the appropriate filter conditions, they will automatically become
            members of this group.  No further action is required in this case.
 

  Failed to update global configuration: Could not restart SNMPD
  Policy compiled successfully.
  Verifying rulebase 'Main'
  'Main' verified successfully.
  Failed to start profiler.Failed: profiler could not be started




When I start to IDP Profiler then below Error occured:


Error Code:

Error Text:
   Failed to start profiler.Failed: profiler could not be started


Error Details:
    No Details Available.

 
Thanks in Advance

Regards
Baqar

Contributor
WiserRonin
Posts: 19
Registered: ‎01-08-2010

Re: IDP Profiler starting issue in NSM 20091r1a11.

Hello, since you seem to be able to push a new policy to the device this probably due the fact the profiler DB is full and needs to be purged. This should happen by itself but my experience is that NSM does not always do this in a timely manner.

 

I usually end up deleting the profiler DB files under this catalog on the IDP itself:

 

/usr/idp/device/var/profile

 

delete all the DB files and then try to start the profiler again with NSM or the IDP CLI:

 

profiler.sh start

 

This could also be a problem with disk space on the IDP with /var/idp please check this first perhaps.

 

Regards

 

-John

Contributor
WiserRonin
Posts: 19
Registered: ‎01-08-2010
0

Re: IDP Profiler starting issue in NSM 20091r1a11.

Hello again, you could also check the profiler log in this catalog:

 

/usr/idp/device/var/sysinfo/logs/profiler.20110202

 

It should say why it failed to start

 

Regards

 

-John

Visitor
baqarbeezee
Posts: 6
Registered: ‎01-26-2011
0

Re: IDP Profiler starting issue in NSM 20091r1a11.

Hi John,

 

thanks for quick response.

 

i have delete all DB files from below mentioned Catalog on IDP then Run profiler from NSM.

 

/usr/idp/device/var/profile

 

Problem has been resolved.

 

Regards,

Baqar

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.