the mars polls events from the IPS normally , &no problem with that.
but my issue : i configured some P2P signatures in the IPS with the actions (deny packet inline , produce alert , log pair packets). in the IPS device manager i can see in the events tap that the these flows dropped by the IPS as i need , & in the IP Logging tap i can see the dropped packets logs which is normal,
but my issue is that "i want a report or query from the MARS to show me the denied packets by the IPS " .
This rule detects resource issues with the CS-MARS device, e.g. dropped events or netflow, etc.
Resource Issues: CS-MARS - All Events.
This report lists event details for all events related to resource issues with the CS-MARS device, e.g. dropped events or netflow, etc.
MARS is able to pull the IP log data from Cisco IDS and IPS devices, however, this operation is system intensive. Therefore, you should select the set of signatures that generate IP log data carefully.
When configuring the active signatures on a Cisco IDS or IPS device, you must specify the alert action and the action that generates the desired data.
To view IP logs, you must enable the alert or "produce-verbose-alert" action and the "log-pair-packets" action. "
It seems that the "log-pair-packets" is only an option to give you "IPlog" information on the MARS.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...