CiscoWorks Monitoring Center for Security

Field Notice: CiscoWorks Management Center for IDS Sensors (IDS MC) and Security Monitor (SecMon) 2.0 Upgrade Interruption Will Result in Database Corruption

December 13, 2004

Products Affected




Version 2.0 (Windows and Solaris)

Security Monitor

Version 2.0 (Windows and Solaris)

Problem Description

The upgrade to CiscoWorks Management Center for IDS Sensors and Security Monitor 2.0 for both Windows and Solaris can cause the database to become corrupted and all configuration and alarms to be lost.


The upgrade to CiscoWorks Management Center for IDS Sensors and Security Monitor 2.0 may take a very long time depending on the number of events. A database with two million events will take approximately seven hours and the time for the upgrade will increase linearly with the number of events. In addition, the upgrade does not display upgrade progress to the user. If the upgrade is interrupted either by termination or VMS getting launched manually or through a cron job, the database will become corrupted and all data will be lost.

If only a small number of alarms are present in the database then the upgrade should not take as long and is more likely to complete successfully. If the upgrade does complete successfully, the database will not be corrupted.

The failure has not occurred with a freshly installed database.

Problem Symptoms

If an IDS MC and SecMon 2.0 upgrade is performed and is not allowed to complete, then the database will become corrupted and all configurations and event data will be lost. The database will be unuseable and all data will be unretrievable.


The IDS MC and SecMon 2.0 Software has been removed from CCO. Version 2.0.1 will be availble upon completion of quality testing. The version 2.0.1 installer will prompt the user to backup the database, so if the upgrade fails, the user can revert to the backed up database. The upgrade will also archive the event data to disk. The event data will not be upgraded during the installation. The archived event data can be converted upon demand immediately after the upgrade or at any time in the future. This field notice will be updated when the new software is posted to

If you have already downloaded the software and have not yet performed the upgrade, then Cisco recommends that you wait until version 2.0.1 is posted and upgrade at that time.

If you have already performed the 2.0 upgrade, and it was succesful, then you are not at risk.

Cisco recommends that you always back up your database prior to an upgrade.


To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.



CSCeg51162 (registered customers only)

Upgrade from 1.2.3 to 2.0 fails to convert database correctly

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.