NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > ISS> 2003-q2

[ISSForum] RealSecure sensor config

Gu1tarb0yaol.com
Date: Tue May 06 2003 - 10:11:19 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To All,

I just had to reinstall my WGM and EC machine. I have upgraded the WGM to 6.7 (My sensors are v 7.0). When I started my WGM, I got this error on SENSOR3 (but not on SENSOR2):

Event Name: EventCollector_Error
Date/Time: 2003/05/01 11:48:42
Source Addr: xxx.xxx.x.xx (the EC's address)
Destination Addr: xxx.xxx.x.xx (the ECs address)
Sensor Location: event_collector_1xxx.xxx.x.xx
AlertType: AssetStatus
AlertPriority: 1
AlertID: RQT84UE8RKWCNCGBF8SHFNMZ44
Message: (event_collector_1) - Error trying to connect to "SENSOR3" event
source:
WSAECONNREFUSED - Connection refused.
No connection could be made because the target machine actively refused it.
This usually results from trying to connect to a service that is inactive on
the foreign host - there is no server application running. [ID=10061]
Code: 28877088
Actions Taken:
Log To Database: Default:0

Since SENSOR2 was not generating errors, I eventullly deleted SENSOR3 component and daemon from the Network Assets list and re-installed it.

Under Event Collector => Properties => Event Sources => Event ports
SENSOR2 901
SENSOR3 901

This got rid of the previous connection error at WGM start-up but now I get the following error:

Event Name: EventCollector_Warning
Date/Time: 2003/05/06 10:53:56
Source Addr: xxx.xxx.x.xx
Destination Addr: xxx.xxx.x.xx
Sensor Location: event_collector_1xxx.xxx.x.xx
AlertType: AssetStatus
AlertPriority: 2
AlertID: DYGDLKCOPG9Q5X4HC65MHEI7N8
Message: (event_collector_1) - Error on connection to SENSOR3 event source: The heartbeat
request for the event channel could not be sent since the channel is closed or otherwise disabled. [ID=0xc7220066]
Code: 237717848
Actions Taken:
Log To Database: Default:0

Any ideas or any specific requirements regarding event ports to be monitored when configuring the EC to manage the two sensors?
Thanks in advance
Jim McFarlen
_______________________________________________
ISSForum mailing list
ISSForumiss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]