MARS Windows Application Logs

Unanswered Question
smahbub Thu, 01/15/2009 - 14:54
User Badges:
  • Silver, 250 points or more

Once you've prepared the Microsoft Windows host, you must identify that host in MARS and identify whether the push or pull method is being used on that host.


To configure the MARS Appliance to either pull or receive logs, follow the steps in the below URL:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/5.2/user/guide/local_controller/cfghost.html#wp1160788

rajett Tue, 01/20/2009 - 07:09
User Badges:
  • Cisco Employee,

Personally, I would recommend the snare agent and push method for handling the Windows logs. By doing this you can filter out which events you want to send from the different Event Logs and avoid sending extraneous events.

Actions

This Discussion