01-09-2009 05:49 AM
Is there any way to export raw logs from CS-MARS or is the Query option (or the syslog relay) the only way to interrogate against any log data that is collected by CS-MARS?
So for instance, I wanted to dump either all (or part based on date/time range) logs to a flat file to parse into a more flexible and easier to use log analysis appliance.. is there an easy way to do this? Thanks in advance!
ray
Solved! Go to Solution.
01-09-2009 11:45 AM
Under the Admin tab click System Maintenance in the second box you will see 'retrieve raw messages'. Click that and tell it what you want
01-09-2009 11:45 AM
Under the Admin tab click System Maintenance in the second box you will see 'retrieve raw messages'. Click that and tell it what you want
01-21-2009 06:55 PM
I am able to pull out the raw messages for the Cisco IDSM events that are stored on CS-MARS however the text has a lot of junk characters and does not seem to use standard delimeters. Although a lot of the text is readable it is littered with random ASCII characters as delimeters and when deleted/replaced it delets ports of the message data.
Has anyone run into a similar issue? I am running MARS 4.3.2. The IDS blades are running 6.x E3.
Thanks in advance!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide