02-21-2010 07:19 AM
Hi All,
We have two cisco 6513 switches and four IDSSM, two in each switch. I have added the the IDSSM to MARS but i can't find the commands on the IDSSM to allow it to send all the logs to MARS. So, Could you please help me on knowing how to configure IDSSM to send all its logs to MARS?
Thanks in advance.
Solved! Go to Solution.
02-28-2010 11:43 AM
No need to, if the IDSMs are properly configured in the CS-MARS, with the correct login and password, the CS-MARS will poll the IDSMs for events. Not the other way around.
Regards
Fredrik
02-28-2010 11:43 AM
No need to, if the IDSMs are properly configured in the CS-MARS, with the correct login and password, the CS-MARS will poll the IDSMs for events. Not the other way around.
Regards
Fredrik
02-28-2010 01:14 PM
Thanks Fredrik for your reply.
I have already added IDSSM to MARS with SSL access type (it's by default in MARS) and it's successfuly discovered by MARS but no logs or incidents are appeared in MARS, can you help me on knowing the reason?
03-01-2010 12:02 AM
Are you seeing any events in the IME? While you are tweaking it would be a good idea to enable one or two ICMP rules on the IDSMs or any other rule that would generate alot of alerts, just to have something to look at.
/Fredrik
03-04-2010 04:05 AM
Hi Fredrik,
There are alot of events on the IDSSM but these events aren't appeared on MARS although IDSSM is successfully discovered by MARS. That's also happened with Cisco NAC appliance which i added it to MARS but there are no incidents for it on MARS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide