I may be on the wrong route here, but I am setting up mars for the first time. Now that I have a couple of devices sending logs and netflow, how do I hide the hight traffic ports in reports that I know is regular traffic. Like in the system report, Destination Ports ranked by Sessions, port 1720 is all the voice traffic, which is 10x more than any other traffic on the network. Is there a way to hide that from the reports so that I can easily see irregular traffic? Or will that go away after MARS "baselines"?
If you make a drop rule for traffic coming to this port then it will stop showing in the report (but this will not really hide it). Like we have a FWSM sending level 7 syslogs to the MARS. We says a lot of 'sessions' were related to SNMP, Proxy 8080. So we just made a drop rule for both and this greatly reduced the load on our MARS, reducing I think about 2 million events per day.
Also just to 'hide', you can most probably edit the Query, click on destination port and add "NOT EQUAL" Port 1720. You can also filter by source IP/Destination (for example exclude traffic directed/sourced from the IPT server).
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...