|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [ISSForum] The policy file is newer than issues.csv
From: Duncanson, Robert (robert.duncanson
gb.unisys.com)
Date: Fri Oct 15 2004 - 07:42:06 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This means that the policy contains rules/settings for an event that the sensor has no support for. Usually, this simply translates to the policy being of a higher (newer) XPU than the sensor.
As a first step, apply the latest XPU's to the sensor and see if it solved the problem. Otherwise, I'd recommend a clean install, which is so simple that I've never bothered to restore a sensor backup anyway. Just install the IPSO NS7 package (get it from ISS download site), don't borrow anything from another box except for TRONS rules and user-defined files - this should take ~10 minutes.
Manage the sensor and temporarily apply a blank policy to keep the noise down. Apply XPU's until you're current (usually three: one each of 20.x, 21.x and 22.x). Finally, edit your properties/settings and apply your production policy and response. Note: I find that doing many PAM settings through the GUI is slow and it's usually a lot easier to cut & paste PAM settings from another sensor or a template configuration file. Just make sure to stop/start the sensor when you're editing.
Cheers,
Robert
-----Original Message-----
From: issforum-bouncesiss.net [mailto:issforum-bouncesiss.net]
Sent: 14 October 2004 21:13
To: issforumiss.net
Subject: [ISSForum] The policy file is newer than issues.csv
Hi everyone,
I´m having trouble with a 7.0 network sensor that runs in a IPSO Box. I had to change the box due to a hardware problem. When I restored the old files (from another sensor couse my back-up was corrupted) It stoped sending the responses (e-mail, log DB).
The only error it shows is in /var/log/messages, like this:
Oct 12 18:24:37 ids4 [LOG_WARNING] ISS[23346]: (network_sensor_1) - Policy event name (NAME_OF_EVENT) could not be found in issues.csv. The policy file is newer than issues.csv
I checked that issues.csv has the same size in the other sensors.
Anyone has any idea?
Thank´s a lot!
_______________________________________________
ISSForum mailing list
ISSForumiss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforumiss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
_______________________________________________
ISSForum mailing list
ISSForumiss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforumiss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]