MARS and AIP-SSM

jkeddington_2 · ‎02-15-2008

I am working on a MARS appliance and have devices reporting to it. I also have an ASA with the AIP-SSM installed. I have added the ASA and AIP to MARS and from MARS I can SSH to the AIP module. But If I run a report I do not see anything coming from teh AIP module. I can SSH to the SIP from MARS and run the "show events" and I see events. Any ideas on why I will not be seeing those events in MARS? The AIP is running 6.0.3 S315, MARS is running 4.3.2(2627) S315. Thank you, James

fashour · ‎02-19-2008

Make sure the AIP is configured to send events to the MARS IP.

jkeddington_2 · ‎02-19-2008

Not sure if this had anything to do with it but for some reason someone had configured the AIP-SSM to send SNMP traps to MARS. I removed that and the next day I was able to see events in MARS from the AIP-SSM.

vinil.sudhir · ‎02-20-2008

I have a similar issue as well. SNMP is not configured at all though on the AIP. Do i need to configure anyhting else on the Semsor - like define CS-MARS as a external product on it or anything.

jkeddington_2 · ‎02-21-2008

In order to get events in MARS for any Cisco IDS/IPS sensor you will need to create a "Viewer" account on the sensor for MARS to login and grab them. You will also need to configure MARS to be able to SSH to the sensor as well. To test the SSH you can SSH to MARS and then SSH out to the sensor.

ssh "username"@"ip_address_sensor"