MARS and AIP-SSM

Unanswered Question
Feb 15th, 2008
User Badges:

I am working on a MARS appliance and have devices reporting to it. I also have an ASA with the AIP-SSM installed. I have added the ASA and AIP to MARS and from MARS I can SSH to the AIP module. But If I run a report I do not see anything coming from teh AIP module. I can SSH to the SIP from MARS and run the "show events" and I see events. Any ideas on why I will not be seeing those events in MARS? The AIP is running 6.0.3 S315, MARS is running 4.3.2(2627) S315. Thank you, James

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
fashour Tue, 02/19/2008 - 10:26
User Badges:

Make sure the AIP is configured to send events to the MARS IP.

jkeddington_2 Tue, 02/19/2008 - 14:59
User Badges:

Not sure if this had anything to do with it but for some reason someone had configured the AIP-SSM to send SNMP traps to MARS. I removed that and the next day I was able to see events in MARS from the AIP-SSM.

vinil.sudhir Wed, 02/20/2008 - 15:48
User Badges:

I have a similar issue as well. SNMP is not configured at all though on the AIP. Do i need to configure anyhting else on the Semsor - like define CS-MARS as a external product on it or anything.

jkeddington_2 Thu, 02/21/2008 - 05:32
User Badges:

In order to get events in MARS for any Cisco IDS/IPS sensor you will need to create a "Viewer" account on the sensor for MARS to login and grab them. You will also need to configure MARS to be able to SSH to the sensor as well. To test the SSH you can SSH to MARS and then SSH out to the sensor.

ssh "username"@"ip_address_sensor"

Actions

This Discussion