I'm new to CS-MARS and I'm using CS-MARS 100 version 4.3.6 (2841).
After I add a reporting device (a Cisco's switch), I tried to query to check whether the reporting device sending its logs to MARS, but all I get is Generic IOS Syslog message. Is it mean that I get the logs or what? Cause I don't know what should I get on CS-MARS. Btw, I'm using the Event Types ranked by Sessions, 0h:10m for querying.
There is also a problem with a Cisco's router that I have added to CS-MARS. After add using the device type of Cisco IOS 12.2 (the same version as the IOS used on the router), I tried to query it and get the same message as above, which I think it works, then saving the configuration changes on the router and leave it for like an hour. After that I tried to query it again using the same condition on MARS, but I don't any message at all. I checked the configuration there's still logging command reffering to the MARS's IP on the router's configuration. What is happening?