Hi all,
I am new to MARS, just started the deployment. I have some querries,
- Will a minimum of SNMP RO community and log diversion from a reporting device be enough for the MARS to build incidents and sessions. Or is it that we have to provide telnet/ssh session to the MARS
- I have added some devices using the RO community (switches and routers). I am seeing this message (inactive cs-mars reporting device) although from one of the device I am sending netflow events that are appearing on the MARS.
- How can I verify that a particular device is sending logging information to the MARS.
Thanks in advance.