Troubleshooting
Troubleshooting
Starting the
Please wait....
In either case, you can try running the command again.
The solution is to apply the latest Software Distributor (SD) Cumulative Patch. For 11.0, install PHCO_25875 or a superseding patch, if any. For 11i and 11i version 1.6, install PHCO_25887 or a superseding patch, if any.
Large files in /var/opt/ids
❏The communication between idskerndsp and idscor uses a
❏If idsagent has a problem, the files may not be deleted normally. If no schedule is running on the agent, there should be no ids_n files. You can safely delete them with the rm command.
Log files are filling up
❏The log files on both the agent and the administration systems can grow without bounds. It’s a good idea to practise log file rotation. See “Log File Rotation” on page 205.
No Agent Available
❏The Status field for an agent on the System Manager screen shows No Agent Available. See also “Agent and System Manager cannot communicate with each other” on page 240.
1.Is the agent running? On the agent host, run ps
If there is no entry for idsagent, start the agent on the agent system, as in “Starting
Then, on the System Manager screen, click the Status button.
2.Is the IP address for the agent correct in the Host Manager screen? Test with nslookup.
3.Is the Domain Name Service (DNS) set up correctly? Test with nslookup.
4.Can the administration system communicate with the agent system? Test with ping.
5.Is the agent communicating correctly with the administration system? Check the entry for REMOTEHOST in the /etc/opt/ids/ids.cf agent configuration file. It must be set to the host name or IP address of the administration system. If the INTERFACE variable is set to an IP address (other than 0.0.0.0) in /opt/ids/bin/idsgui on the administration system, REMOTEHOST must be set to the same value. See “Configuring a Multihomed Administration System” on page 27 and “Setting Up the
page 20“Setting Up the
246 | Appendix G |
