Information Technology Reference
In-Depth Information
•
CiscoSecure Scanner version
Troubleshooting CiscoSecure Intrusion Detection System
(NetRanger)
The main objective of this section is to help diagnose problems that may occur when running
CiscoSecure Intrusion Detection System (IDS). There are three parts to the IDS: the Director, and the
Sensor, and the Post Office. The Sensor discussed in this section is the appliance, not the feature that is
now available in the IOS. The Post Office is the communication backbone that allows NetRanger
services and hosts to communicate with each other. All communication is supported by a proprietary,
connection-based protocol that can switch between alternate routes to maintain point-to-point
connections.
Commands That Can Be Used to Troubleshoot the Application
CiscoSecure IDS comes with several commands and logs that are highly valuable when troubleshooting
a problem with the software. This section gives a brief description of each command and each log file,
followed by an example. Later sections discuss when to use each command.
The following commands are used when troubleshooting:
•
nrvers
—Used to extract the version number of each of the processes running. This is especially
helpful after upgrading the software.
netrangr@director>
nrvers
Application Versions for director.rtp
postofficed v2.2.1 (release) 99/07/19-22:30
loggerd v2.2.1 (release) 99/07/19-22:31
packetd v2.2.1 (release) 99/07/19-22:44
managed v2.2.1 (release) 99/07/19-22:29
configd v2.2.1 (release) 99/07/19-22:29
sapd v2.2.1 (release) 99/07/19-22:31
fileXfer v2.2.1 (release) 99/07/19-22:36
•
nrstatus
—Used to find the current status of all daemons. The command displays all daemons that
are currently running on the system.
netrangr@director>
nrstatus
netrangr 28906 1 99 Feb 05 ? 8295:01 /usr/nr/bin/nr.managed
netrangr 28921 1 0 Feb 05 ? 0:04 /usr/nr/bin/nr.configd
netrangr 28948 1 0 Feb 05 ? 0:09 /usr/nr/bin/nr.fileXferd
netrangr 28936 1 0 Feb 05 ? 0:04 /usr/nr/bin/nr.sapd
netrangr 28877 1 0 Feb 05 ? 0:29 /usr/nr/bin/nr.loggerd
netrangr 28891 1 0 Feb 05 ? 6:17 /usr/nr/bin/nr.packetd
netrangr 28217 1 0 Feb 05 ? 6:47 /usr/nr/bin/nr.postofficed
