We use Microsoft Forefront for our Antivirus/antispyware in our organization. I would like to create a custom package/event/device in MARS. I would like to have the ability for MARS to see if there is a virus infection or if it's spreading inside out network.
I've been talking with our server admin, and he says that the Forefront program logs everything to a SQL database and probably can export syslog info.
I've looked through the MARS documentation (v 6.02) and have the 2 Cisco MARS books, but I find it's still complicated.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...