MARS SNMP alerts

Unanswered Question
Aug 20th, 2007

Hi - I'm not very familiar with MARS and I'm trying to get SNMP messages sent to a NetView box when MARS identifies a High/Red alert. I created a rule that says send any of these, from and to any device, to our NetView server but so far none have arrived. (We don't get many but there appears to be at least one Red alert/day.) Would it send the alert if it's Red but turns out to be a false positive? I also tried changing an existing rule that gets triggered a lot (ARP poisoning)just to see if it would send the snmp msg but that didn't work either. The communication is fine between the boxes. I don't know what else to check. Any help will be greatly appreciated! Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pmccubbin Tue, 08/21/2007 - 07:19

Thanks for the update. It confirms what I have found out from past experience with Cisco Security appliances:

When in doubt regarding a problem that you think you are approaching correctly, and if you have a Maintenance Window, a reboot is a good choice of action.

At minimum, once the reboot is complete you will know that a reboot was not the issue.

carolyncurtis Thu, 08/23/2007 - 05:05

I guess I thought it would behave better than this! for example, I changed a rule to send me xml notification and it wouldn't "stick" until I rebooted it. Not too impressive :)

Thanks for the feedback.

Actions

This Discussion