Is it possible to forward all MARS logs to another server. Issue is that we already have cisco mars and now we have implememted splunk. So instead of change logging device on all equipments i need to forward logs to splunk server.
It's possible to configure MARS to act as a syslog relay, but there are some limitations. The relay feature is covered in Chapter 3 of the "User Guide for CS-MARS Local and Global Controllers".
Specifically, check the section titled "Syslog Relay Support". Some of the information that starts the section:
The Local Controller can now act as a relay; it processes the incoming syslog messages locally before it forwards them to the designated collector. The destination port number is 514 for incoming and relayed syslog messages. MARS adheres to RFC 3164: The BSD syslog Protocol while relaying the syslog messages with the following exceptions:
•MARS can only forward to a single collector IP address.
•Because MARS supports exactly one collector, you cannot specify that events originating from one device address be forwarded to one collector while those originating from a different device address are forwarded to a different collector. All events are forwarded to the same collector.
•Forwarded syslog can be up to 1024 bytes in length. Logs longer than 1024 bytes are truncated.
It also mentions that the configuration has to be done through the CLI, not the web GUI.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :