Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

CS-MARS log exporting

Is there any way to export raw logs from CS-MARS or is the Query option (or the syslog relay) the only way to interrogate against any log data that is collected by CS-MARS?

So for instance, I wanted to dump either all (or part based on date/time range) logs to a flat file to parse into a more flexible and easier to use log analysis appliance.. is there an easy way to do this? Thanks in advance!

ray

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: CS-MARS log exporting

Under the Admin tab click System Maintenance in the second box you will see 'retrieve raw messages'. Click that and tell it what you want

2 REPLIES
New Member

Re: CS-MARS log exporting

Under the Admin tab click System Maintenance in the second box you will see 'retrieve raw messages'. Click that and tell it what you want

New Member

Re: CS-MARS log exporting

I am able to pull out the raw messages for the Cisco IDSM events that are stored on CS-MARS however the text has a lot of junk characters and does not seem to use standard delimeters. Although a lot of the text is readable it is littered with random ASCII characters as delimeters and when deleted/replaced it delets ports of the message data.

Has anyone run into a similar issue? I am running MARS 4.3.2. The IDS blades are running 6.x E3.

Thanks in advance!

555
Views
0
Helpful
2
Replies
CreatePlease to create content