Mars inquiries

Unanswered Question
Sep 7th, 2010

Hello,

I have two questions regarding Mars:

1- Does MARS track modifications on text files on workstations or servers through SNARE agent or any other agent

2- How can I monitor Mars processes using snmp?

Regards

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mikecrowe4ICS_2 Tue, 09/07/2010 - 17:52

>> 1- Does MARS track modifications on text files on workstations or servers through SNARE agent or any other agent

In theory, yes, it CAN track that kind of activity.  However, it would probably require setting up a custom logging event on the host and in SNARE.  Then, you would also need to configure a custom parser and related events in MARS.

>> 2- How can I monitor Mars processes using snmp?

This is not a supported feature in MARS.  The issue was covered in a recent thread on this same forum:

https://supportforums.cisco.com/message/3168241#3168241

Hope that helps.  Good luck!

k.abillama Tue, 09/07/2010 - 22:41

Thx for the anserws, can you please be more specific regarding answer one, so you're sure it can be done only having snare agent on th machine? from where do I set it?

mikecrowe4ICS_2 Wed, 09/08/2010 - 00:07

Well, I can't say if it's possible to trigger a log event via MS-RPC, as I haven't used that particular method of management.  It merely seemed logical that SNARE would be a possible solution.  But, no, I can't really explain it in detail, as I don't have any time actually using the SNARE client.  I'm done implementations where a few devices were reporting via SNARE, but that's about it.

I was really basing my comment off of the general nature of what you were looking for - changing a single text file seems fairly specific, innocuous, and usually insignificant that I wouldn't imagine a pre-defined event would exist for it.  I would imagine that even if one did, it would at least have to be tuned to point at the specific text file that needs to be monitored.  Probably best to check the SNARE documentation at the client's website:

Guide to Snare for Windows and Windows Vista (intersectalliance.com - PDF document)

Best of luck.

k.abillama Fri, 10/22/2010 - 04:38

DEar Micheal

Thanks for your answers! Concerning the monitoring of MARS processes, and since snmp is not a supported monitoring way, isn't there another way.

One of our customer's box services are down and he needs a way to monitor the service.

I thought of monitoring the ports of each service; After manually shutting the service via CLI and bringing it up I noticed that the udp port 1500 and above are used for some of the services but it didn't work. any hints?

Regards

Actions

This Discussion