We have two cisco 6513 switches and four IDSSM, two in each switch. I have added the the IDSSM to MARS but i can't find the commands on the IDSSM to allow it to send all the logs to MARS. So, Could you please help me on knowing how to configure IDSSM to send all its logs to MARS?
No need to, if the IDSMs are properly configured in the CS-MARS, with the correct login and password, the CS-MARS will poll the IDSMs for events. Not the other way around.
No need to, if the IDSMs are properly configured in the CS-MARS, with the correct login and password, the CS-MARS will poll the IDSMs for events. Not the other way around.
I have already added IDSSM to MARS with SSL access type (it's by default in MARS) and it's successfuly discovered by MARS but no logs or incidents are appeared in MARS, can you help me on knowing the reason?
Are you seeing any events in the IME? While you are tweaking it would be a good idea to enable one or two ICMP rules on the IDSMs or any other rule that would generate alot of alerts, just to have something to look at.
There are alot of events on the IDSSM but these events aren't appeared on MARS although IDSSM is successfully discovered by MARS. That's also happened with Cisco NAC appliance which i added it to MARS but there are no incidents for it on MARS.
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
