Hi,

If i don't have NFS or SFTP server, is there any ways to make sure the configuration is still there after reboot? Is there any commands like "#write me" (save configuration on cisco router and cisco switch) on Cisco Mars?

There is no equivalent on the CS-MARS to the IOS "wr mem" command.  By submitting and activating changes via the CS-MARS GUI, the configuration will be stored and reloaded post-reboot.

Data archiving/exporting are available to restore to a known good point should hardware be replaced via RMA.  I would recommend making the time/effort investment in establishing data archiving on your CS-MARS.

Scott

Hi Scott,

Is the anyway to download the signature update for Cisco mars from Cisco website? Do you have the link? Does it require downtime when upload the signature update to the Mars device?

You can configure CS-MARS to retrieve the IPS signature updates directly from cisco.com as outlined here:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/chIpsCisoc6x.html#wp440709

If you want to host the IPS signature updates on your own server, you can download them here:

http://www.cisco.com/cgi-bin/tablebuild.pl/mars-ips-sigup

The same link provided above describes hosting the signature updates on a local server.

Scott

Hi,

I would like to do the update from Local Server. Any ideas how to setup the local server? Do I need to setup the server with IIS (Internet Information Services) ?

You will need to setup a web server of some type, IIS is one potential option.  From the previous link I provided:

"You can specify a local server using the following example https://myserver.com/cs-mars-ips.zip"

Scott

The example cannot be downloaded. Can email to me? Thank you very much.

That example is from the configuration guide, it is not intended to download; it is only showing the possible URL you would configure in your CS-MARS.  You need to setup all of the requisite server components within your network.

Scott

1 more question.  Does it require downtime when upload the signature update to the Mars device?

IPS signature updates applied to the CS-MARS do not require a reboot of the CS-MARS system.

Scott

Hi,

Is there any ways to check the retention period for the log and file size that store in Cisco Mars for each network devices?

All received events are stored in the CS-MARS database.

From the CS-MARS CLI, you can check the current status of the database, as well as when data will be purged by issuing the following command

[pnadmin]$ pndbusage

Scott

Hello,

How many event logs Cisco Mars is able to capture per sec?

Under the the Mars CLI with command "diskusage", which filesystem is used to store the raw data?

File system                               Mount On

/dev/hda2                                  /

/dev/hda1                                  /boot  

none                                         /dev/shm                     

/dev/sda5                                  /opt

/dev/sda6                                  /log

/dev/sda7                                  /pnarchive

/dev/sda8                                  /tmp

/dev/sda9                                  /u01

/dev/sda11                                /u02                             

/dev/sda10                                /u03