Q: When I make any Interface settings changes, on the DC, all of the interfaces stop seeing traffic. How do I fix this?

A:

Sourcefire is working on fixing this problem, where all of the sensing interfaces on an IS stop seeing traffic after the interfaces settings page has been accessed on the DC. The current workaround is to restart the detection engines on the sensors. It's not necessary to reboot the entire sensor; just do this on the IS: /etc/rc.d/init.d/controlde stopall /etc/rc.d/init.d/controlde startall

Q: How do I determine the version numbers of the software I am running?

A:

On the DC console, Operations > Help > About give a bunch of software version info. The Sourcefire tech support people seem to be interested in the SEU version; this is the only place I have been able to find it.

Q: How do I generate "troubleshoot:" files to send to Sourcefire support?

A:

Update! Here's an easier way: just log in as root, run sf_troubleshoot.pl, then look for the results file in /var/tmp

It's in the "Defense Center User Guide", but the requests for troubleshoot files are so frequent that having the answer here will save time. (Also, the process is arcane!)

1. On the DC, select Operations > Monitoring > Health.
2. Mess with the little arrows until the appliance you are interested is visible in the list.
3. In the Sensors column of the appliance list, click the name of the appliance for which you want to view details in the health monitor toolbar.
4. Click "Generate Troubleshooting Files". This submits the generation job.
5. Select Operations > Monitoring > Task Status and find the job entry. When the job is complete you can download the file to your PC from there.