Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
968
Views
0
Helpful
2
Replies

CS-MARS log exporting

Go to solution
redray8
Level 1
Level 1

‎01-09-2009 05:49 AM

Is there any way to export raw logs from CS-MARS or is the Query option (or the syslog relay) the only way to interrogate against any log data that is collected by CS-MARS?

So for instance, I wanted to dump either all (or part based on date/time range) logs to a flat file to parse into a more flexible and easier to use log analysis appliance.. is there an easy way to do this? Thanks in advance!

ray

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cweatherford
Level 1
Level 1

‎01-09-2009 11:45 AM

Under the Admin tab click System Maintenance in the second box you will see 'retrieve raw messages'. Click that and tell it what you want

View solution in original post

0 Helpful
2 Replies 2

Go to solution
cweatherford
Level 1
Level 1

‎01-09-2009 11:45 AM

Under the Admin tab click System Maintenance in the second box you will see 'retrieve raw messages'. Click that and tell it what you want

0 Helpful

Go to solution
redray8
Level 1
Level 1
In response to cweatherford

‎01-21-2009 06:55 PM

I am able to pull out the raw messages for the Cisco IDSM events that are stored on CS-MARS however the text has a lot of junk characters and does not seem to use standard delimeters. Although a lot of the text is readable it is littered with random ASCII characters as delimeters and when deleted/replaced it delets ports of the message data.

Has anyone run into a similar issue? I am running MARS 4.3.2. The IDS blades are running 6.x E3.

Thanks in advance!

0 Helpful
Customers Also Viewed These Support Documents