The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document answers a specific question about Cisco Adaptive Security Appliance (ASA) syslog messages.
What does the Cisco Intrusion Prevention System (IPS) message "IPS Security Services Processor (SSP) application reloading IPS" mean?
These syslog messages appear on the ASA:
ASA5585-SSP-IPS20 Module in slot 1, application up "IPS", version "7.1(1)E4" Normal Operation ASA5585-SSP-IPS20 Module in slot 1, application reloading "IPS", version "7.1(1)E4" Config Change
The ASA does not failover, and the IPS does not show as "failed." What is the impact of this message? What does it mean? Should I be concerned about this message?
These messages are generated during some, but not all, of the Global Correlation (GC) updates that are attempted every five minutes. This message is also generated during an IPS signature update. This message is expected behavior.
A GC check occurs every five minutes, but updates might not be available. This GC check is why the message can appear every hour or so during normal operation. When a GC update actually takes place or a signature update starts, the IPS sends a message to the ASA that indicates that a configuration change is underway.
The application does not actually reload as an ASA would if the reload command was issued. The IPS adjusts the Analysis Engine and notifies the ASA of the change. This operation can occur at the same time that the IPS goes into bypass mode while it processes the updates. Again, this is normal operation, and there is no functional impact to the IPS or the ASA performance.
Cisco bug ID CSCub28854 was filed to resolve or document this issue from the IPS side.
Cisco bug ID CSCts98836 was filed to resolve the message on the ASA.
Data channel down messages might display on an ASA failover during IPS signature or GC updates. This ASA bug addresses this situation: