mars syslog

Answered Question
Nov 22nd, 2009
User Badges:

I am working with customer with MARS and

never had much support for the product. I set up snmp trap syslog on an ios router that I did a discover on and an activate on MAR. But when I go to query and put the ip address of the gatway and ask for all raw messages.  I get nothing. Any idea of what I am doing wrong or can it not be obtained ths way

Correct Answer by Farrukh Haroon about 7 years 6 months ago

You are on the right track here


SSH to the MARS box, but try the username 'pnadmin' instead of 'admin'. This is the default username (Unless someone changed it)

You can set the time/time zone from the CLI once you login.


Regards

Farrukh

Correct Answer by Farrukh Haroon about 7 years 6 months ago

You do not need SNMP traps configured no the router, setup syslogging and other details on your router using the following guide:


http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgRtrSw.html


Regards


Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (5 ratings)
Loading.
whanson Mon, 11/23/2009 - 03:06
User Badges:

thanks I added that but what do I need to do to see the raw syslog entries in MARS?

Farrukh Haroon Mon, 11/23/2009 - 04:54
User Badges:
  • Red, 2250 points or more

Go to Query, Change the Query Type to : Event Raw  Messages ranked by Time, Real Time(raw events)


Then click on the "DEVICE" (which is default ANY) and select your ROUTER there.


Then click 'Submit'


Please rate if helpful.


Regards


Farrukh

whanson Mon, 11/23/2009 - 17:43
User Badges:

beautiful...thanks. I finally got something. Last issue. The time is wrong on the MARS box.

I can't see any way to change it on the gui. The credentials I was given are admin. I tried ssh and I am prompted for an id and password but everything I have tried has failed. How do I recover to get the time straightened out?  thx again

Correct Answer
Farrukh Haroon Mon, 11/23/2009 - 19:09
User Badges:
  • Red, 2250 points or more

You are on the right track here


SSH to the MARS box, but try the username 'pnadmin' instead of 'admin'. This is the default username (Unless someone changed it)

You can set the time/time zone from the CLI once you login.


Regards

Farrukh

whanson Tue, 11/24/2009 - 05:27
User Badges:

Thanks for your help. Tried pnadmin no go. I guess will have to figure out how to recover it. Thx again

eegilbert Thu, 12/17/2009 - 14:07
User Badges:

I had always though that there was no way to recover the pnadmin password. Turns out, according to TAC that you can do this if you log into the GUI with another Admin level user. The other caveat is that you have to be using local password authentication, not something like RADIUS.


I can't verify this since we're using RADIUS to log in to MARS.

Farrukh Haroon Fri, 12/18/2009 - 22:38
User Badges:
  • Red, 2250 points or more

You can recover the pnadmin password (or any other admin account password) if you have another admin account avaialble. To do this, you would login to the MARS ssh console via the alternate admin account and run the unlock or  passwd command (depending on the scenario) , as mentioned here:


http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/command/reference/cref1.html#wp1141308


If the account you want to unlock is a non-admin account, you can even use the GUI, as described here:


http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/user/guide/combo/authen.html#wp715359


If there is no alternate admin account available, then the only way to reset the password is to re-image the box (AFAIK).


Please rate if helpful


Regards


Farrukh

whanson Sat, 12/19/2009 - 04:38
User Badges:

thanks for all your help. This is what I discovered.

Even though I had a second admin account with the username admin, I could not ssh with the admin user. However, as you say, I just went into the

gui with the admin user and changed the password on the p account and all was well. thanks aga

in

Mykola Srebnyuk Mon, 01/18/2010 - 07:12
User Badges:

Because access to CS-MARS over SSH have only administrator with account: pnadmin.



"""


MARS supports local authentication of MARS users; user credentials are stored the MARS Appliance in SHA-1 cryptographic hash format. Each MARS Appliance only has one Administrative account that is named


pnadmin. This is the only account with privileges to access the command line interface via SSH or direct console connection.

""""

First paragraph of Chapter: User Management.

I hope it will help you.

Actions

This Discussion