Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

MARS & Netflow

I am going to implement MARS to monitor my network and i want to monitor the internet traffic but i have some questions:

_is it enough to configure SNMP & Syslog in all devices to report to MARS or i need to send netflow traffic also?

_if i need Netflow which devices will be the best devices to report Netflow to MARS?

i have internet router access,distribution and core switches and some security devices.

Everyone's tags (3)
Cisco Employee

Re: MARS & Netflow


  CS-MARS primarliy makes use of syslog, SNMP traps and IPS events for incident generation.  By confgiuring your various security devices (firewalls, IPS devices, AAA servers, Windows domain controllers, etc) CS-MARS can effectively inform you of potential security incidents within your network.

  By adding netflow data to the CS-MARS it is now possible for CS-MARS to provide anomaly-based incidents that can alert you to changes in traffic patterns on your network.  In most instances, you do not need netflow being sent from every netflow-capable device in your network.  By configuring devices in locations that have the best "view" into the traffic on your network, the CS-MARS should be able to successfully detect these anomalous changes.  You can read more in the user guide here:


CreatePlease to create content