CS-MARS log exporting

Answered Question
Jan 9th, 2009
User Badges:

Is there any way to export raw logs from CS-MARS or is the Query option (or the syslog relay) the only way to interrogate against any log data that is collected by CS-MARS?


So for instance, I wanted to dump either all (or part based on date/time range) logs to a flat file to parse into a more flexible and easier to use log analysis appliance.. is there an easy way to do this? Thanks in advance!


ray


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
redray8 Wed, 01/21/2009 - 18:55
User Badges:

I am able to pull out the raw messages for the Cisco IDSM events that are stored on CS-MARS however the text has a lot of junk characters and does not seem to use standard delimeters. Although a lot of the text is readable it is littered with random ASCII characters as delimeters and when deleted/replaced it delets ports of the message data.


Has anyone run into a similar issue? I am running MARS 4.3.2. The IDS blades are running 6.x E3.


Thanks in advance!


Actions

This Discussion