Guest

Cisco Security Monitoring, Analysis and Response System

Field Notice: *Expired* FN - 62505 - MARS-20/50/100(E)/200/GC(M) Full Listener.log File May Prevent New Logins from the CS-MARS GUI - Need to Apply Patch


Revised September 17, 2007

August 17, 2006

NOTICE:

THIS FIELD NOTICE HAS BEEN ARCHIVED AND IS NO LONGER MAINTAINED OR UPDATED BY CISCO.

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE, WARRANTY OR SUPPORT. USE OF THE INFORMATION ON THIS FIELD NOTICE OR MATERIALS LINKED FROM THIS FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.


Products Affected

Product

Top Assembly Part Number

CS-MARS-100-K9

74-3854-02 -B0

CS-MARS-100E-K9

74-3853-02 -B0

CS-MARS-20-K9

74-3851-02 -B0

CS-MARS-200-K9

74-3855-02 -B0

CS-MARS-50-K9

74-3852-02 -B0

CS-MARS-GC-K9

74-3857-02 -B0

CS-MARS-GCM-K9

74-3856-02 -B0

Problem Description

The CS-MARS uses the listener.log file for logging purposes. Once this file reaches the operating system limit of 2 GB, the listener stops working. Consequently, no new Oracle connections can be established and CS MARS will lose some of its functionality, including the ability to establish new logins via the GUI.

Background

Starting with 4.2.1 (2249), more logging information is written to the log so that its maximum size of 2 GB can be reached within 4-6 weeks of upgrading to 4.2.1. Once this happens, no new Oracle connections can be established, which may prevent new logins via the MARS GUI. This issue is documented in Cisco DDTS CSCse99322. Version 4.1.5 and earlier are not affected.

Problem Symptoms

When the MARS appliance enters into this state, the user will no longer be able to log in using the GUI. The Cisco logo will also be absent from the MARS GUI login page. However, SSH should still function as normal.

You can check to see if you are affected by attempting to run a simple command from the CLI, such as pnstatus .

For example, SSH to the CS-MARS, log in as pnadmin and issue the command pnstatus . If you see the following output, you are affected:

# pnstatus 
Program aborted due to: ORA-12541: TNS:no listener 

fn62505_j3zzhu.jpe

Workaround/Solution

  1. Check to verify that you are currently running version 4.2.1 (2249).

    MARS GUI HELP-> About-> Product version

  2. Only if there are no TNS:no listener errors can you download and apply the patch yourself to prevent the issue from occurring. The patch will truncate the listener.log file for you before you encounter the issue.

    CS-MARS Supplementary File Software Download Page (registered customers only)

    Patch Name: csmars-4.2.1-patch.pkg

    CS-MARS 4.2.1(2249) to 4.2.1(2251) patch

    Date: 15-AUG-2006

  3. If you are aleady experiencing the TNS:no listener issue, then you need to open a TAC service request. TAC can log into the CS-MARS and manually truncate the Listener.log file and load a patch which will automatically truncate the lister.log file in the event that it approaches 2 GB.

  4. It should take about 2-3 minutes to apply this patch.

  5. After upgrading, verify that the version is CS-MARS 4.2.1(2251).

If you have not yet loaded version 4.2.1, then you can skip loading the patch and directly load the version of 4.2.1 which contains this patch, version 4.2.1(2251), posted on 11-AUG-2006.

It can be downloaded at the Cisco CS-MARS Software Download (registered customers only) page.

Filename: csmars-4.2.1.pkg

Date: 11-AUG-2006

After upgrading, verify that the version is CS-MARS 4.2.1(2251)

MARS GUI HELP-> About-> Product version

The patch will be included in the forthcoming 4.2.2 release.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCse99322 (registered customers only)

MARS stops functioning after listener.log reaches 2 GB in size

How To Identify Hardware Levels

All CS-MARS models have the listener.log file and are vulnerable to this potential issue. These models include the MARS-20/50/100(e)/200/GC(m).

Revision History

Revision

Date

Comment

1.1

17-SEP-2007

Expired Field Notice

1.0

17-AUG-2006

Initial Public Release

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.