Hi!! Thanks in advance for your help.
I'm working in the integration of the subject. I'm working with SM ver. 3.3.1; MARS6.0.4; FWSM 4.0(2); IDM-2 ver 7.0(2). I have followed the document "Security Manager Policy Table Lookup from a MARS Event" at http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/user/guide/combo/monidiag.html#wp837959.
I am having the following problems (by the moment... i am starting my tests):
1- events are sent from IDSM-2 to MARS, but when i click in the icon of the SM, i get the following error message:"An error occurred while querying policies from Cisco Security Manager. There may be a temporary connectivity problem with Cisco Security Manager device. Retry the operation after 1-2 minutes. " I never can get to SM from MARS. There is connectivity ( the events in IDSM-2 are shown in MARS)
2- In FWSM i have configured a rule to test (an ACE with the log keyword). I can see the event in the ASDM, but not in MARS. If i navigate in SM, ->select device (FWSM context)->access rules->select the rule->(right click on rule)show events->real time->matching this rule The MARS window open and i can see the rule in MARS. But there are no ocurrences.
The logging configuration in FWSM context is as follows:
The ACE is : access-list inside extended deny tcp host 10.228.228.53 host 10.228.228.11 eq telnet log emergencies
ssh 10.228.228.67 255.255.255.255 inside To allow acces from MARS.
FWSM#sh runn | in logging
logging buffer-size 8092
logging console debugging
logging monitor warnings
logging buffered errors
logging trap debugging
logging asdm informational
logging device-id ipaddress inside
logging host insidet 10.228.228.67 (IP mars address)
logging class ip trap informational
logging message 111111 level informational
I hope somebody can provide me with a hint to solve this.