Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
232
Views
5
Helpful
1
Replies

CSMars Data Question

jfriedman
Level 1
Level 1

‎09-18-2007 07:57 AM - edited ‎03-09-2019 06:50 PM

Hi,

Does anyone know what MARS does with data that does not match a signature.

Thank you,

Joel Friedman

Labels:
0 Helpful
1 Reply 1

pmccubbin
Level 5
Level 5

‎09-18-2007 10:06 AM

MARS stores system messages such as syslogs and SNMP traps generated by reporting devices in its databases. This action occurs even if the event doesn't match a rule condition.

When writing data to its databases MARS uses a First-in First-out (FIFO) approach.

When the storage limit is reached in a particular model of MARS, it wipes out the oldest day of event data. This data is lost if you are not doing archiving.

Hope this helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents