I'm new to CS-MARS and I'm using CS-MARS 100 version 4.3.6 (2841).
After I add a reporting device (a Cisco's switch), I tried to query to check whether the reporting device sending its logs to MARS, but all I get is Generic IOS Syslog message. Is it mean that I get the logs or what? Cause I don't know what should I get on CS-MARS. Btw, I'm using the Event Types ranked by Sessions, 0h:10m for querying.
There is also a problem with a Cisco's router that I have added to CS-MARS. After add using the device type of Cisco IOS 12.2 (the same version as the IOS used on the router), I tried to query it and get the same message as above, which I think it works, then saving the configuration changes on the router and leave it for like an hour. After that I tried to query it again using the same condition on MARS, but I don't any message at all. I checked the configuration there's still logging command reffering to the MARS's IP on the router's configuration. What is happening?
How did you define the switch on MARS and what version of IOS is it running? It should be defined as a "Cisco IOS Switch" for proper parsing. Even then there are messages that are not parsed but the ones related to ports up/down and security events are.
What logging level are you doing on the router? If you are running something higher than informational then you won't get very many log messages.
Have you run a report for unknown events to see if there's a possible misconfiguration?
It is using IOS version 12.2(18)SXF11, and the device type at MARS is IOS 12.2.
And for the router, what it will be appears as result after querying? is it supposed to be a Generic IOS Syslog message too or not? The same thing also happen to the router, using the same commands as above, but the query only appears for the first time only. It is using the IOS version 12.2(8)T5.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...