08-05-2009 10:08 AM
I'm trying to find out how I can manage the severity levels of incidents that are generated from different event generators on the network.
Any assistance would be appreciated.
08-11-2009 02:28 PM
You can change the logging severity level of the required system log messages or turn off specific system log messages using the logging message command.
Verify that all the Syslog event severity levels that need to be sent to MARS are configured. Verify which Syslog severity levels that are enabled by selecting Configuration > Report Settings > Log Settings.
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/csmars.pdf
08-22-2009 12:04 AM
Hello Chris
You cannot control the severity level for events bult-in to MARS, you can only do this for the custom event types you create (Parser).
You can tune out the incidents you don't like why the 'False Positive Tuning' feature (Drop Rules).
REgards
Farrukh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: