Is there any way to add the logs entries that is included in a report/incident in an emailed alert. In other words, instead of just having the link to the mars emailed in the alert, have the actual data that the user will see once they enter the mars.
I have been working on this one for a few months now. Out of the box, no, there is not. There was a feature request added into 6.0.3 that was supposed to add this functionality but it got left out because it was going to be a lot of work. I have opened a new case with TAC (611170537) and the guy confirmed that the engineers added some data to the email alerts that was already being processed and wouldnt need much additional coding.
I have filed a new feature request with my local Cisco team but I do not know the bug id yet. Basically what i want is the ability to create an email template which will have the ability to include variables in the email, so the raw message or matched event ID can be included. I was told by the guy at TAC that when he brought up this idea to the developers, they werent too excited because it seemed like a lot of work and there didnt seem to be a business case for it. So if anyone wants to see this feature added, please contact your local account team and include my latest case #. I will include the bug id once I get one. The only way to get this feature added is to request it.
Thanks for the information. I will let my local Cisco reps know about this and see what they can do. That bugs me that the developers think "it's too much work." That's there job. Some people that get these alerts want to just see what the raw data is and not a link to access the Mars. It would be especially helpful for someone that is not onsite that gets the alert with the raw data in it so they can act faster on the issue.
I've been asking for same thing for some time now, but recently I've begun harping on it a lot. I got the same response from TAC that you all got -- basically that the change requests were already filed and that development declined to make the changes. MARS is such a powerful box; why shouldn't the notifications be detailed enough to be able to babysit while away from the office? Many other software packages have had detailed notifications for the last decade. Why was this left out in the first place???
It's good to know that there are more of us out there wanting this feature. The client that I installed the most current one at is now threatening to return the device because they have a server with a custom written application that can produce better alerts then the MARS. I have contacted my Cisco rep and other engineers to try to get this pushed harder, but I am not sure what will happen. I will try to reply to this thread when I hear more.
The guy I am working with at TAC has issued bug ID CSCsz44136 for the request. He is actively working with the developers on this and is hoping to have it in an upcoming release. The more requests they get for this bug ID, the faster it will be put into a release.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :