While the reason for me getting involved with this ASA 5510 module is of less interest (client was getting notification message " LogServer has recently stopped on InterScan for CSC SSM" , more about that at the end of the post) , the module itself looks cute , so I bring here some output to give you a taste what it is.- General status of the module from ASA CLI prompt.
See that some traffic actually gets redirected to the module.policy-map global_policyclass inspection_defaultinspect dns preset_dns_mapinspect ftpinspect h323 h225inspect h323 rasinspect rshinspect rtspinspect esmtpinspect sqlnetinspect skinnyinspect sunrpcinspect xdmcpinspect sipinspect netbiosinspect tftpinspect ip-optionsclass global-classcsc fail-open
show service-policy
Class-map: global-classCSC: packet sent 324010194CSC: packet received 359600712show module 1 det
Getting details from the Service Module, please wait...ASA 5500 Series Content Security Services Module-10Model: ASA-SSM-CSC-10-K9Hardware version: 1.0Serial Number: JAF777777Firmware version: 1.0(11)5Software version: CSC SSM 6.3.1172.4MAC Address Range: c333.7333.b333 to c333.7333.b333App. name: CSC SSMApp. Status: UpApp. Status Desc: CSC SSM scan services are availableApp. version: 6.3.1172.4Data plane Status: UpStatus: UpHTTP Service: UpMail Service: UpFTP Service: UpActivated: YesMgmt IP addr: 192.168.21.119Mgmt web port: 8443show module all
Mod Card Type Model Serial No.--- -------------------------------------------- ------------------ -----------0 ASA 5510 Adaptive Security Appliance ASA5510 JMX3333331 ASA 5500 Series Content Security Services Mo ASA-SSM-CSC-10-K9 JAF333333Mod MAC Address Range Hw Version Fw Version Sw Version--- --------------------------------- ------------ ------------ ---------------0 3333.3333.3333 to 3333.3333.3333 2.0 1.0(11)5 8.2(3)1 3333.3333.3333 to 3333.3333.3333 1.0 1.0(11)5 CSC SSM 6.3.1172.4Mod SSM Application Name Status SSM Application Version--- ------------------------------ ---------------- --------------------------1 CSC SSM Up 6.3.1172.4Mod Status Data Plane Status Compatibility--- ------------------ --------------------- -------------0 Up Sys Not Applicable1 Up Up- Now let's enter the module itself
session 1
Opening command session with slot 1.Connected to slot 1. Escape character sequence is 'CTRL-^X'.login: ciscoPassword:***NOTICE***This product contains cryptographic features and is subject to United Statesand local country laws governing import, export, transfer and use. Deliveryof Cisco cryptographic products does not imply third-party authority to import,export, distribute or use encryption. Importers, exporters, distributors andusers are responsible for compliance with U.S. and local country laws. By usingthis product you agree to comply with applicable laws and regulations. If youare unable to comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlIf you require further assistance please contact us by sending email toexport@cisco.com.Trend Micro InterScan for Cisco CSC SSM Setup Main Menu---------------------------------------------------------------------1. Network Settings2. Date/Time Settings3. Product Information4. Service Status5. Password Management6. Restore Factory Default Settings7. Troubleshooting Tools8. Reset Management Port Access Control List9. Ping10. Exit ...Enter a number from [1-10]:- Are all services are actually running ?
Enter a number from [1-10]: 4Service Status---------------------------------------------------------------------The CSC SSM RegServer service is runningThe CSC SSM URLFD service is runningThe CSC SSM ScanServer service is runningThe CSC SSM HTTP service is runningThe CSC SSM FTP service is runningThe CSC SSM Notification service is runningThe CSC SSM Mail service is runningThe CSC SSM GUI service is runningThe CSC SSM SysMonitor service is runningThe CSC SSM Failoverd service is runningThe CSC SSM LogServer service is runningThe CSC SSM SyslogAdaptor service is runningThe CSC SSM Syslog-ng service is runningThe CSC SSM TMCM-Agent service is not enabled- Troubleshooting information is rather overwhelmingEnter a number from [1-7]: 2Troubleshooting Tools - Show System Information---------------------------------------------------------------------1. Show System Information on Screen2. Upload System Information3. Return to Troubleshooting Tools MenuEnter a number [1-3]: 1++++++++++++++++++++++Thu Feb 17 08:04:17 IST 2011 (2)System is : Up#@ Product InformationTrend Micro InterScan for Cisco CSC SSMVersion: 6.3.1172.4Upgrade History: 6.3.1172.4Engineering Build:SSM Model: SSM-10SSM S/N: JAF7777777#@ Scan Engine and Pattern InformationVirus Scan Engine: 9.2.1012 (Updated: 2010-10-14 07:51:11)Virus Pattern: 7.841.00 (Updated: 2011-02-17 05:51:23)Spyware/Grayware Pattern: 1.151.00 (Updated: 2011-02-17 06:51:20)AntiSpam Engine: 6.5.1024 (Updated: 2010-10-14 07:51:54)AntiSpam Rule: 17960 (Updated: 2011-02-16 16:53:55)IntelliTrap Pattern: 0.151.00 (Updated: 2011-02-01 09:07:20)IntelliTrap Exception Pattern: 0.631.00 (Updated: 2011-02-15 08:51:15)#@ License InformationProduct:Base LicenseLicense profile host info check OK.Version:StandardActivation Code:PX-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxSeats:000100Status:ActivatedExpiration date:10/6/2011Product:Plus LicenseLicense profile host info check OK.Version:StandardActivation Code:PX-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxStatus:ActivatedExpiration date:10/6/2011Daily Node Count: 221Current Node Count: 85#@ Kernel InformationLinux ssm 2.6.17.8 #13 PREEMPT Fri Nov 6 06:32:00 PST 2009 i686 unknownASDP Driver 1.1(0) is UP:Total Connection Records: 159623Connection Records in Use: 156Free Connection Records: 159467------ Shared Memory Segments --------key shmid owner perms bytes nattch status0x00003186 4653056 root 666 2621440 10x00000000 4456449 root 600 16 2 dest0x00000000 4620290 root 600 1000000 1 dest0x00000000 4685827 root 600 1048576 1 dest0x00000000 4718596 root 600 1048576 1 dest0x00000000 4325381 isvw 600 24632 22 dest------ Semaphore Arrays --------key semid owner perms nsems0x000207fb 0 root 777 20x00020823 32769 root 777 20x00020802 65538 root 777 20x000207db 98307 root 777 20x00020fa1 131076 root 777 20x9abbcf71 1277957 root 660 20x325cb3f2 1310726 root 660 20x000207d3 229383 root 777 20x9abbceae 262152 root 660 20x001503cf 327689 root 777 20x929c6e9c 360458 isvw 660 20x0012040e 393227 isvw 777 20x000e039b 425996 isvw 777 20x00020863 458765 isvw 777 20x00020fe4 1048590 root 777 2------ Message Queues --------key msqid owner perms used-bytes messages#@ Disk InformationFilesystem 1k-blocks Used Available Use% Mounted on/dev/hda2 223843 166878 45407 79% /mnt/rw/dev/hda2 223843 166878 45407 79% /dev/dev/hda2 223843 166878 45407 79% /etc/dev/hda2 223843 166878 45407 79% /home/dev/hda2 223843 166878 45407 79% /lib/modules/dev/hda2 223843 166878 45407 79% /optnone 256000 0 256000 0% /opt/trend/isvw/tempnone 50176 22844 27332 46% /opt/trend/isvw/lognone 4096 0 4096 0% /opt/trend/isvw/quarantinenone 5120 0 5120 0% /opt/trend/isvw/queuenone 103424 4912 98512 5% /opt/trend/isvw/tmpfsnone 101376 18032 83344 18% /opt/trend/isvw/lib/mail/cachenone 100352 0 100352 0% /coredumpnone 8192 180 8012 2% /var/dev/boot 19067 8401 9682 46% /bootnone 205824 40 205784 0% /tmpFilesystem Inodes Used Available Use% Mounted on/dev/hda2 58000 2503 55497 4% /mnt/rw/dev/hda2 58000 2503 55497 4% /dev/dev/hda2 58000 2503 55497 4% /etc/dev/hda2 58000 2503 55497 4% /home/dev/hda2 58000 2503 55497 4% /lib/modules/dev/hda2 58000 2503 55497 4% /optnone 126902 5 126897 0% /opt/trend/isvw/tempnone 126902 36 126866 0% /opt/trend/isvw/lognone 126902 9 126893 0% /opt/trend/isvw/quarantinenone 126902 11 126891 0% /opt/trend/isvw/queuenone 126902 58 126844 0% /opt/trend/isvw/tmpfsnone 126902 21 126881 0% /opt/trend/isvw/lib/mail/cachenone 126902 1 126901 0% /coredumpnone 126902 71 126831 0% /var/dev/boot 4944 25 4919 1% /bootnone 126902 12 126890 0% /tmpDetail file listing:
@ File Descriptor Information
file: 829 0 98926inode: 7949 0@ Memory Information
Detail (meminfo):
MemTotal: 1015216 kBMemFree: 451272 kBBuffers: 12344 kBCached: 233652 kBSwapCached: 0 kBActive: 421388 kBInactive: 113212 kBHighTotal: 131072 kBHighFree: 240 kBLowTotal: 884144 kBLowFree: 451032 kBSwapTotal: 0 kBSwapFree: 0 kBDirty: 24 kBWriteback: 0 kBMapped: 318252 kBSlab: 22296 kBCommitLimit: 507608 kBCommitted_AS: 2035636 kBPageTables: 3396 kBVmallocTotal: 114680 kBVmallocUsed: 1812 kBVmallocChunk: 112736 kBHugePages_Total: 0HugePages_Free: 0HugePages_Rsvd: 0Hugepagesize: 4096 kB# Reported to ASDM:mem_unknown=61440mem_cached=233644mem_total=1015216mem_est_free=591156mem_buffers=12344mem_free=452608mem_used=424060mem_tmpfs=46000#@ Process Informationtop - 08:04:18 up 8 days, 11:49, 1 user, load average: 0.08, 0.07, 0.03Tasks: 68 total, 2 running, 65 sleeping, 0 stopped, 1 zombieCpu(s): 0.5%us, 1.9%sy, 2.2%ni, 93.5%id, 0.1%wa, 0.0%hi, 1.8%si, 0.0%stMem: 1015216k total, 563944k used, 451272k free, 12344k buffersSwap: 0k total, 0k used, 0k free, 233652k cachedPID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND10541 root 20 5 697m 85m 5528 S 11.8 8.7 1:02.42 iwss-process8125 isvw 16 0 2992 1276 1108 S 3.9 0.1 74:01.21 sysmonitor1 root 16 0 2364 520 444 S 0.0 0.1 0:01.28 init2 root 34 19 0 0 0 R 0.0 0.0 0:01.34 ksoftirqd/03 root 10 -5 0 0 0 S 0.0 0.0 0:00.11 events/04 root 10 -5 0 0 0 S 0.0 0.0 0:00.01 khelper5 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 kthread7 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 kblockd/08 root 20 -5 0 0 0 S 0.0 0.0 0:00.00 kseriod67 root 15 0 0 0 0 S 0.0 0.0 0:00.00 pdflush69 root 25 0 0 0 0 S 0.0 0.0 0:00.00 kswapd070 root 11 -5 0 0 0 S 0.0 0.0 0:00.00 aio/0205 root 11 -5 0 0 0 S 0.0 0.0 0:10.24 kjournald7718 root 11 -5 0 0 0 S 0.0 0.0 0:00.00 kjournald7965 root 23 5 11244 5524 1164 S 0.0 0.5 0:00.39 urlfd7967 isvw 16 0 26060 3596 2024 S 0.0 0.4 0:30.17 regserver8040 root 16 0 2364 572 484 S 0.0 0.1 0:00.17 crond8066 root 16 0 2372 588 504 S 0.0 0.1 0:00.01 getty8069 root 17 0 2368 584 504 S 0.0 0.1 0:00.00 getty8072 root 16 0 2368 588 508 S 0.0 0.1 0:00.00 getty8077 root 16 0 2368 596 508 S 0.0 0.1 0:00.00 klogd8078 root 0 -20 52456 1316 1056 S 0.0 0.1 0:15.75 servmod8079 root 16 0 2080 988 824 S 0.0 0.1 0:00.02 bash8118 root 16 0 2048 952 820 S 0.0 0.1 0:00.00 issyslog8124 root 16 0 2368 716 596 S 0.0 0.1 0:03.36 top2ini8127 root 21 0 3764 1396 1200 S 0.0 0.1 0:00.20 sshd8128 root 15 0 2368 564 476 S 0.0 0.1 0:08.42 telnetd8143 root 16 0 3144 1440 1092 S 0.0 0.1 0:01.23 issyslog.exe8147 root 16 0 1652 528 444 S 0.0 0.1 0:00.20 vmstat8213 root 16 0 9448 1132 932 S 0.0 0.1 0:00.13 failoverd8237 root 15 0 1760 764 588 S 0.0 0.1 0:00.15 syslog-ng8262 isvw 21 0 383m 112m 17m S 0.0 11.3 1:15.03 java10404 isvw 16 0 0 0 0 Z 0.0 0.0 0:00.00 cat23838 root 16 0 13564 2256 1832 S 0.0 0.2 0:00.02 isdelvd23975 root 20 5 52700 35m 6132 S 0.0 3.6 0:08.88 imssd24041 root 20 5 52700 32m 3024 S 0.0 3.3 0:00.04 imssd24042 isvw 20 5 53280 35m 5644 S 0.0 3.6 0:00.77 imssd24043 isvw 20 5 53216 35m 5680 S 0.0 3.6 0:00.74 imssd24044 isvw 20 5 53152 35m 5564 S 0.0 3.6 0:00.69 imssd24045 isvw 20 5 53332 35m 5708 S 0.0 3.6 0:00.95 imssd24046 isvw 20 5 53244 35m 5728 S 0.0 3.6 0:01.09 imssd24047 isvw 20 5 53280 35m 5672 S 0.0 3.6 0:01.02 imssd24048 isvw 20 5 53152 35m 5636 S 0.0 3.6 0:00.69 imssd24049 isvw 20 5 53280 35m 5672 S 0.0 3.6 0:01.15 imssd24050 isvw 20 5 53152 35m 5636 S 0.0 3.6 0:00.94 imssd24051 isvw 20 5 53152 35m 5608 S 0.0 3.6 0:00.77 imssd24052 isvw 20 5 53328 35m 5716 S 0.0 3.6 0:01.06 imssd24053 isvw 20 5 53152 35m 5680 S 0.0 3.6 0:01.03 imssd24054 isvw 20 5 53244 35m 5720 S 0.0 3.6 0:00.93 imssd24055 isvw 20 5 53292 35m 5624 S 0.0 3.6 0:00.76 imssd24056 isvw 20 5 53252 35m 5684 S 0.0 3.6 0:00.79 imssd24057 isvw 20 5 53284 35m 5736 S 0.0 3.6 0:00.83 imssd24058 isvw 20 5 53152 35m 5608 S 0.0 3.6 0:00.69 imssd24059 isvw 20 5 53152 35m 5640 S 0.0 3.6 0:00.87 imssd24060 isvw 20 5 53292 35m 5624 S 0.0 3.6 0:00.84 imssd24061 isvw 20 5 53152 35m 5616 S 0.0 3.6 0:00.97 imssd25989 isvw 25 0 7676 1432 928 S 0.0 0.1 0:00.01 tmlogserv8575 root 21 5 22812 2776 2312 S 0.0 0.3 0:00.00 isftpd8585 root 21 5 35308 3360 2580 S 0.0 0.3 0:00.66 isftpd10351 root 15 0 0 0 0 S 0.0 0.0 0:00.00 pdflush10476 root 20 5 53824 48m 3804 S 0.0 4.9 0:01.63 scanserver12539 root 15 0 2072 928 676 S 0.0 0.1 0:00.00 login12569 root 16 0 2912 1884 868 S 0.0 0.2 0:00.82 setup.bin14363 root 16 0 2212 1128 832 S 0.0 0.1 0:00.00 sh14364 root 16 0 2368 452 380 S 0.0 0.0 0:00.00 more14365 root 24 0 2268 752 400 S 0.0 0.1 0:00.00 sh14491 root 24 0 2268 692 340 S 0.0 0.1 0:00.00 sh14492 root 21 0 1992 836 652 R 0.0 0.1 0:00.00 top#@ Hardware InformationSSM-IPS10-K9field 0x00 type 0x0040 CONTROLLER TYPE 1177field 0x01 type 0x0041 HW REV 1.0field 0x02 type 0x00CB PID ASA-SSM-CSC-10-K9field 0x03 type 0x0089 VID V02field 0x04 type 0x0087 TOP 68 LEVEL PN 22-444-02field 0x05 type 0x0082 PCB 73 LEVEL PN 22-444-02field 0x06 type 0x0042 PCB REV 65.48field 0x07 type 0x00C1 PCB SN JAF7777777field 0x08 type 0x00C2 CHASSIS SN JAF7777777field 0x09 type 0x0088 NEW DEVIATION NUM 00000000field 0x0A type 0x00C4 MFG TEST INFO 0000000000000000field 0x0B type 0x0081 RMA NUM 00000000field 0x0C type 0x0004 RMA HIST INFO 00field 0x0D type 0x00C6 CLEI CODES COUCAB5CABfield 0x0E type 0x00DA DESC ASA 5500 Series Content Security Services Module-10field 0x0F type 0x00C3 CHASSIS MAC ADDR C8:4C:33:33:33:03field 0x10 type 0x0043 MAC ADDR_BLK SZ 1field 0x11 type 0x008C UNKNOWN TYPE 01000B05#@ Ethernet Interface Informationcisco_asd Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00UP MTU:1496 Metric:1RX packets:0 errors:0 dropped:0 overruns:0 frame:0TX packets:0 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)dummy0 Link encap:Ethernet HWaddr 0E:66:36:3C:B8:59BROADCAST NOARP MTU:1500 Metric:1RX packets:0 errors:0 dropped:0 overruns:0 frame:0TX packets:0 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)eth0 Link encap:Ethernet HWaddr 00:00:00:02:00:02UP BROADCAST RUNNING MULTICAST MTU:1796 Metric:1RX packets:219824061 errors:0 dropped:0 overruns:0 frame:0TX packets:239771533 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000RX bytes:2266716309 (2.1 GiB) TX bytes:2448412682 (2.2 GiB)Base address:0xcc00 Memory:f8100000-f8120000eth1 Link encap:Ethernet HWaddr C8:4C:33:33:33:03inet addr:192.168.21.119 Bcast:192.168.255.255 Mask:255.255.0.0UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1RX packets:7022387 errors:0 dropped:0 overruns:0 frame:0TX packets:2435439 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:100RX bytes:1155121379 (1.0 GiB) TX bytes:510057499 (486.4 MiB)Base address:0xbc00 Memory:f8200000-f8220000eth2 Link encap:Ethernet HWaddr 00:00:00:02:00:01inet addr:127.0.2.1 Bcast:127.0.255.255 Mask:255.255.0.0UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1RX packets:757828 errors:0 dropped:0 overruns:0 frame:0TX packets:196896 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000RX bytes:84163835 (80.2 MiB) TX bytes:18269211 (17.4 MiB)Interrupt:169 Memory:f8300000-f8300ffflo Link encap:Local Loopbackinet addr:127.0.0.1 Mask:255.255.255.255UP LOOPBACK RUNNING MTU:16436 Metric:1RX packets:116078 errors:0 dropped:0 overruns:0 frame:0TX packets:116078 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0RX bytes:14822499 (14.1 MiB) TX bytes:14822499 (14.1 MiB)#@ Connection Informationsockets: used 271TCP: inuse 231 orphan 2 tw 395 alloc 233 mem 40UDP: inuse 2RAW: inuse 0FRAG: inuse 0 memory 0Active Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTENtcp 0 0 127.0.0.1:5060 0.0.0.0:* LISTENtcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:110 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:80 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:1812 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:21 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:65014 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:22 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:23 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:7000 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:25 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTENudp 0 0 127.0.0.1:32792 0.0.0.0:*Active UNIX domain sockets (only servers)Proto RefCnt Flags Type State I-Node Pathunix 2 [ ACC ] STREAM LISTENING 11391777 /var/run/isvw/sshttp.sockunix 2 [ ACC ] STREAM LISTENING 11391785 /var/run/isvw/ssptnupdt.sockunix 2 [ ACC ] STREAM LISTENING 11391778 /var/run/isvw/ssftp.sockunix 2 [ ACC ] STREAM LISTENING 11391779 /var/run/isvw/sssmtp.sockunix 2 [ ACC ] STREAM LISTENING 11391780 /var/run/isvw/sspop3.sockunix 2 [ ACC ] STREAM LISTENING 11391781 /var/run/isvw/ssfiletype.sockunix 2 [ ACC ] STREAM LISTENING 11253560 /dev/logunix 3 [ ACC ] STREAM LISTENING 2257 /var/run/log.sockunix 2 [ ACC ] STREAM LISTENING 2259 /var/run/log.sock2unix 2 [ ACC ] STREAM LISTENING 1530 /var/run/urlf.sockActive Internet connections (w/o servers)Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 209.26.19.126:80 192.168.1.31:42573 TIME_WAITtcp 0 0 194.18.243.10:80 192.168.2.54:4818 FIN_WAIT2tcp 0 0 134.11.14.127:80 192.168.1.125:3274 TIME_WAITtcp 0 0 150.127.24.146:80 192.168.2.54:4840 FIN_WAIT2References:
Product data sheet - CSC module datasheet
And about the error message - it is a known bug that will be fixed in the next release of the firmware for the module . Still, I opened the ticket with TAC and they provided interim patch to take care of this restartin gLogServer service. Also , they (Cisco) say it is harmless bug not causing any outage.
Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.
