mars syslog

Answered Question
Nov 22nd, 2009

I am working with customer with MARS and

never had much support for the product. I set up snmp trap syslog on an ios router that I did a discover on and an activate on MAR. But when I go to query and put the ip address of the gatway and ask for all raw messages.  I get nothing. Any idea of what I am doing wrong or can it not be obtained ths way

I have this problem too.
0 votes
Correct Answer by Farrukh Haroon about 7 years 1 month ago

You are on the right track here

SSH to the MARS box, but try the username 'pnadmin' instead of 'admin'. This is the default username (Unless someone changed it)

You can set the time/time zone from the CLI once you login.

Regards

Farrukh

Correct Answer by Farrukh Haroon about 7 years 1 month ago

You do not need SNMP traps configured no the router, setup syslogging and other details on your router using the following guide:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgRtrSw.html

Regards

Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (5 ratings)
Loading.
whanson Mon, 11/23/2009 - 03:06

thanks I added that but what do I need to do to see the raw syslog entries in MARS?

Farrukh Haroon Mon, 11/23/2009 - 04:54

Go to Query, Change the Query Type to : Event Raw  Messages ranked by Time, Real Time(raw events)

Then click on the "DEVICE" (which is default ANY) and select your ROUTER there.

Then click 'Submit'

Please rate if helpful.

Regards

Farrukh

whanson Mon, 11/23/2009 - 17:43

beautiful...thanks. I finally got something. Last issue. The time is wrong on the MARS box.

I can't see any way to change it on the gui. The credentials I was given are admin. I tried ssh and I am prompted for an id and password but everything I have tried has failed. How do I recover to get the time straightened out?  thx again

Correct Answer
Farrukh Haroon Mon, 11/23/2009 - 19:09

You are on the right track here

SSH to the MARS box, but try the username 'pnadmin' instead of 'admin'. This is the default username (Unless someone changed it)

You can set the time/time zone from the CLI once you login.

Regards

Farrukh

whanson Tue, 11/24/2009 - 05:27

Thanks for your help. Tried pnadmin no go. I guess will have to figure out how to recover it. Thx again

eegilbert Thu, 12/17/2009 - 14:07

I had always though that there was no way to recover the pnadmin password. Turns out, according to TAC that you can do this if you log into the GUI with another Admin level user. The other caveat is that you have to be using local password authentication, not something like RADIUS.

I can't verify this since we're using RADIUS to log in to MARS.

Farrukh Haroon Fri, 12/18/2009 - 22:38

You can recover the pnadmin password (or any other admin account password) if you have another admin account avaialble. To do this, you would login to the MARS ssh console via the alternate admin account and run the unlock or  passwd command (depending on the scenario) , as mentioned here:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/command/reference/cref1.html#wp1141308

If the account you want to unlock is a non-admin account, you can even use the GUI, as described here:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/user/guide/combo/authen.html#wp715359

If there is no alternate admin account available, then the only way to reset the password is to re-image the box (AFAIK).

Please rate if helpful

Regards

Farrukh

whanson Sat, 12/19/2009 - 04:38

thanks for all your help. This is what I discovered.

Even though I had a second admin account with the username admin, I could not ssh with the admin user. However, as you say, I just went into the

gui with the admin user and changed the password on the p account and all was well. thanks aga

in

Mykola Srebnyuk Mon, 01/18/2010 - 07:12

Because access to CS-MARS over SSH have only administrator with account: pnadmin.

"""

MARS supports local authentication of MARS users; user credentials are stored the MARS Appliance in SHA-1 cryptographic hash format. Each MARS Appliance only has one Administrative account that is named

pnadmin. This is the only account with privileges to access the command line interface via SSH or direct console connection.

""""

First paragraph of Chapter: User Management.

I hope it will help you.

Actions

This Discussion