We have two cisco 6513 switches and four IDSSM, two in each switch. I have added the the IDSSM to MARS but i can't find the commands on the IDSSM to allow it to send all the logs to MARS. So, Could you please help me on knowing how to configure IDSSM to send all its logs to MARS?
I have already added IDSSM to MARS with SSL access type (it's by default in MARS) and it's successfuly discovered by MARS but no logs or incidents are appeared in MARS, can you help me on knowing the reason?
Are you seeing any events in the IME? While you are tweaking it would be a good idea to enable one or two ICMP rules on the IDSMs or any other rule that would generate alot of alerts, just to have something to look at.
There are alot of events on the IDSSM but these events aren't appeared on MARS although IDSSM is successfully discovered by MARS. That's also happened with Cisco NAC appliance which i added it to MARS but there are no incidents for it on MARS.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...