cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4909
Views
15
Helpful
10
Replies

mars syslog

whanson
Level 2
Level 2

I am working with customer with MARS and

never had much support for the product. I set up snmp trap syslog on an ios router that I did a discover on and an activate on MAR. But when I go to query and put the ip address of the gatway and ask for all raw messages.  I get nothing. Any idea of what I am doing wrong or can it not be obtained ths way

2 Accepted Solutions

Accepted Solutions

Farrukh Haroon
VIP Alumni
VIP Alumni

You do not need SNMP traps configured no the router, setup syslogging and other details on your router using the following guide:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgRtrSw.html

Regards

Farrukh

View solution in original post

You are on the right track here

SSH to the MARS box, but try the username 'pnadmin' instead of 'admin'. This is the default username (Unless someone changed it)

You can set the time/time zone from the CLI once you login.

Regards

Farrukh

View solution in original post

10 Replies 10

Farrukh Haroon
VIP Alumni
VIP Alumni

You do not need SNMP traps configured no the router, setup syslogging and other details on your router using the following guide:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgRtrSw.html

Regards

Farrukh

thanks I added that but what do I need to do to see the raw syslog entries in MARS?

Go to Query, Change the Query Type to : Event Raw  Messages ranked by Time, Real Time(raw events)

Then click on the "DEVICE" (which is default ANY) and select your ROUTER there.

Then click 'Submit'

Please rate if helpful.

Regards

Farrukh

beautiful...thanks. I finally got something. Last issue. The time is wrong on the MARS box.

I can't see any way to change it on the gui. The credentials I was given are admin. I tried ssh and I am prompted for an id and password but everything I have tried has failed. How do I recover to get the time straightened out?  thx again

You are on the right track here

SSH to the MARS box, but try the username 'pnadmin' instead of 'admin'. This is the default username (Unless someone changed it)

You can set the time/time zone from the CLI once you login.

Regards

Farrukh

Thanks for your help. Tried pnadmin no go. I guess will have to figure out how to recover it. Thx again

I had always though that there was no way to recover the pnadmin password. Turns out, according to TAC that you can do this if you log into the GUI with another Admin level user. The other caveat is that you have to be using local password authentication, not something like RADIUS.

I can't verify this since we're using RADIUS to log in to MARS.

You can recover the pnadmin password (or any other admin account password) if you have another admin account avaialble. To do this, you would login to the MARS ssh console via the alternate admin account and run the unlock or  passwd command (depending on the scenario) , as mentioned here:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/command/reference/cref1.html#wp1141308

If the account you want to unlock is a non-admin account, you can even use the GUI, as described here:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/user/guide/combo/authen.html#wp715359

If there is no alternate admin account available, then the only way to reset the password is to re-image the box (AFAIK).

Please rate if helpful

Regards

Farrukh

whanson
Level 2
Level 2

thanks for all your help. This is what I discovered.

Even though I had a second admin account with the username admin, I could not ssh with the admin user. However, as you say, I just went into the

gui with the admin user and changed the password on the p account and all was well. thanks aga

in

Mykola Srebnyuk
Level 1
Level 1

Because access to CS-MARS over SSH have only administrator with account: pnadmin.

"""

MARS supports local authentication of MARS users; user credentials are stored the MARS Appliance in SHA-1 cryptographic hash format. Each MARS Appliance only has one Administrative account that is named

pnadmin. This is the only account with privileges to access the command line interface via SSH or direct console connection.

""""

First paragraph of Chapter: User Management.

I hope it will help you.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: