CS-MARS : Inactive User-Defined Rules/Drop Rules/False Positive

Unanswered Question
Mar 30th, 2006
User Badges:
  • Gold, 750 points or more


I have created dummy rules to drop any events that is rated as normal activities such as when switch interface status changed to up/down everytime users on/off their PCs, or when firewall translation is expired once the connectivity/sessions is terminated. Same goes to false positives where MARS will either drop or logged the events for any events matched with the customized rules.

However, when I changed the dummy rules to 'inactive' so that MARS will log and display everything back to normal, the status displayed on the main page under "Drop" is still increased. Now, no events are displayed on the main screen like before.

Any suggestions/help?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
a.kiprawih Tue, 05/23/2006 - 02:15
User Badges:
  • Gold, 750 points or more

This was due to a bug (CSCsc31386) in CS-MARS database on v3.4.1. It was fixed by loading v4.1.1.



a.kiprawih Tue, 05/23/2006 - 20:18
User Badges:
  • Gold, 750 points or more

Correction - it was v4.1.2, not v4.1.1


This Discussion