Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
273
Views
0
Helpful
1
Replies

incident : inactive cs-mars reporting device

ciscoguy
Level 1
Level 1

‎11-20-2007 08:54 AM - edited ‎03-09-2019 07:26 PM

Hi all,

I am new to MARS, just started the deployment. I have some querries,

- Will a minimum of SNMP RO community and log diversion from a reporting device be enough for the MARS to build incidents and sessions. Or is it that we have to provide telnet/ssh session to the MARS

- I have added some devices using the RO community (switches and routers). I am seeing this message (inactive cs-mars reporting device) although from one of the device I am sending netflow events that are appearing on the MARS.

- How can I verify that a particular device is sending logging information to the MARS.

Thanks in advance.

Labels:
0 Helpful
1 Reply 1

acomiskey
Level 10
Level 10

‎11-26-2007 01:52 PM

You should be able to get the raw logs from

Admin -> System Maintenance -> Retrieve Raw Messages

Select the device and the time range and click Submit.

0 Helpful
Customers Also Viewed These Support Documents