Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CiscoWorks VMS Event Viewer usage compared with MARS

I've been using VMS Security Monitor Event Viewer to monitor IPS sensors for the past few years. I'm used to the workflow of reviewing events in Event Viewer and then resolving them and sometimes removing them from the grid.

I'm beginning to use MARS and I'd like to know what the equivalent of resolving and removing from grid in MARS is or is this something you don't do in MARS and you work differently with the events in MARS?

Thanks in advance

1 REPLY

Re: CiscoWorks VMS Event Viewer usage compared with MARS

The actual replacement for the IDS Event Viewer is the IPS Manager Express (IME) and not MARS. If you are looking for real-time monitoring and filtering of events for upto 5 sensors, then IME is the way to go. MARS is more of a SIM/SEM tool that collects logs from 'various' devices and 'correlates' those events into meaningful 'incidents'. It does the same for IPS devices. But you won't see 'every' event in the MARS Incidents page (as every event is not an incident). You have to run a query for that (Historical or real-time).

Regards

Farrukh

104
Views
0
Helpful
1
Replies