You can use CS-MARS as syslog server, but the display of the log entries will not be the same as Kiwi or other syslog server, .i.e 3CDaemon.
Common syslog server will display live event log received from devices (depend on log level), while CS-MARS won't. No live event is displayed. You have to manually retrieve the data/log.
This is because CS-MARS is designed to receive log (plus betflow and snmp) and store it in its database for log analysis, scan for any sign of misuse or pattern matching for violation signatures.
Overall, CS-MARS is funtioned as integrated analysis, monitoring and reporting tool to help you monitor your network.
BTW, you can also forward your syslog entry from your existing syslog server to CS-MARS. This may help you to see live event log and at the same time, send all those data to CS-MARS for analysis. It support Kiwi syslog as well.
As AK noted, if you have a Kiwi Syslog server it integrates very well with MARS. MARS will parse the messages from the Kiwi server only for the devices configured in MARS.
From my experience with implementations of MARS this would be a preferred method, rather than having syslogs sent directly to MARS or having MARS poll the devices.
There is also has the added benefit of not having to make alot of changes to production devices, that is, adding a statement that sends syslog messages to MARS. These sort of minor changes sometimes require an outage and have to be scheduled well in advance.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...