Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Installation And Configuration Manual page 419

Appendix B Troubleshooting
Issues With Automatic Update
Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1
78-15597-02
For example, the software updates are dependent on one another:
• To install IDS-maj-5.0-1-S90.rpm.pkg requires that the sensor be at version
4.x(y)Sz
• To install IDS-min-4.2-1-S90.rpm.pkg requires that the sensor be at version
4.0(y)Sz or 4.1(y)Sz
• To install IDS-sp-4.0-3-S90.rpm.pkg requires that the sensor be at version
4.0(1)Sz or 4.0(2)Sz
• To install IDS-sig-4.0-3-S81.rpm.pkg requires that the sensor be at version
4.0(3)Sz where the z is smaller than 81
The following list provides suggestions for troubleshooting automatic update:
• Run tcpDump
Create a service account. Su to root and run tcpDump on the command
–
and control interface to capture packets between the sensor and the FTP
server.
See Creating the Service Account, page
Use the upgrade command to manually upgrade the sensor.
–
See Reimaging Appliances and Modules, page
– Look at the tcpDump output for errors coming back from the FTP server.
Make sure the sensor is in the correct directory.
•
The directory must be specified correctly. This has caused issues with
Windows FTP servers. Sometimes an extra "/" or even two "/" are needed in
front of the directory name.
To verify this, use the same FTP commands you see in the tcpDump output
through your own FTP connection.
• Make sure you have not modified the FTP server to use custom prompts.
If you modify the FTP prompts to give security warnings, for example, this
causes a problem, because the sensor is expecting a hard-coded list of
responses.
Troubleshooting the 4200 Series Appliance
10-12, for the procedure.
10-110, for the procedure.
B-41