MARS: Anyway to easily delete monitoring devices (All IOS)?

Unanswered Question
Mar 15th, 2007

I let MARS auto discover a large chunk of my network. In doing so, the reporting interfaces of those devices is not what I want them to be (it added them with the Ethernets not the Loopbacks which it uses as source-interface for logging etc.) I was wondering if there is an easy way to delete large chunks from that table or the entire table to start fresh with a seed file? (or easily change the devices that need changing.. approx 125 all IOS based) The appliance is very new and I don?t mind starting from a clean slate for the reporting/monitoring devices (I have had netflow reporting to the appliance for about 2 weeks but haven?t made any major modifications to the appliance as yet). Is there an easier way to do this then one by one from the GUI?

Thanks!

Ken

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mhellman Thu, 03/15/2007 - 10:40

You could do a pnreset, which "resets" the database to factory defaults.

kenneth.meyers Thu, 03/15/2007 - 11:10

After the pnreset, if I then load from the seed file, do I need to do anything besides "activate" it? The manual refers to "check it's connectivity or perform discovery".

Can I also take all networks out of the "Valid Networks" section of "Topology Discovery Information"? I only want discovery and auto updating of the devices that I place in the seed file (which will have Loopbacks as reporting interfaces).

Thanks!

Ken

mhellman Thu, 03/15/2007 - 11:26

"After the pnreset, if I then load from the seed file, do I need to do anything besides "activate" it?"

events should start being correctly parsed as soon as you activate the devices. However, you may need to manually configure some information. Will you enable "monitor resource usage"? For Cisco IPS sensors, you must add the monitored networks. there are some other device specific caveats. You will want to run a query that shows you reporting devices ranked by number of sessions to make sure all devices are reporting in.

"Can I also take all networks out of the "Valid Networks" section of "Topology Discovery Information"

You shouldn't need to. pnreset removes all configuration data from the database.

Actions

This Discussion