Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

mars syslog

I am working with customer with MARS and

never had much support for the product. I set up snmp trap syslog on an ios router that I did a discover on and an activate on MAR. But when I go to query and put the ip address of the gatway and ask for all raw messages.  I get nothing. Any idea of what I am doing wrong or can it not be obtained ths way

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: mars syslog

You do not need SNMP traps configured no the router, setup syslogging and other details on your router using the following guide:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgRtrSw.html

Regards

Farrukh

Re: mars syslog

You are on the right track here

SSH to the MARS box, but try the username 'pnadmin' instead of 'admin'. This is the default username (Unless someone changed it)

You can set the time/time zone from the CLI once you login.

Regards

Farrukh

10 REPLIES

Re: mars syslog

You do not need SNMP traps configured no the router, setup syslogging and other details on your router using the following guide:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgRtrSw.html

Regards

Farrukh

New Member

Re: mars syslog

thanks I added that but what do I need to do to see the raw syslog entries in MARS?

Re: mars syslog

Go to Query, Change the Query Type to : Event Raw  Messages ranked by Time, Real Time(raw events)

Then click on the "DEVICE" (which is default ANY) and select your ROUTER there.

Then click 'Submit'

Please rate if helpful.

Regards

Farrukh

New Member

Re: mars syslog

beautiful...thanks. I finally got something. Last issue. The time is wrong on the MARS box.

I can't see any way to change it on the gui. The credentials I was given are admin. I tried ssh and I am prompted for an id and password but everything I have tried has failed. How do I recover to get the time straightened out?  thx again

Re: mars syslog

You are on the right track here

SSH to the MARS box, but try the username 'pnadmin' instead of 'admin'. This is the default username (Unless someone changed it)

You can set the time/time zone from the CLI once you login.

Regards

Farrukh

New Member

Re: mars syslog

Thanks for your help. Tried pnadmin no go. I guess will have to figure out how to recover it. Thx again

New Member

Re: mars syslog and password recovery

I had always though that there was no way to recover the pnadmin password. Turns out, according to TAC that you can do this if you log into the GUI with another Admin level user. The other caveat is that you have to be using local password authentication, not something like RADIUS.

I can't verify this since we're using RADIUS to log in to MARS.

Re: mars syslog and password recovery

You can recover the pnadmin password (or any other admin account password) if you have another admin account avaialble. To do this, you would login to the MARS ssh console via the alternate admin account and run the unlock or  passwd command (depending on the scenario) , as mentioned here:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/command/reference/cref1.html#wp1141308

If the account you want to unlock is a non-admin account, you can even use the GUI, as described here:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/user/guide/combo/authen.html#wp715359

If there is no alternate admin account available, then the only way to reset the password is to re-image the box (AFAIK).

Please rate if helpful

Regards

Farrukh

New Member

Re: mars syslog

thanks for all your help. This is what I discovered.

Even though I had a second admin account with the username admin, I could not ssh with the admin user. However, as you say, I just went into the

gui with the admin user and changed the password on the p account and all was well. thanks aga

in

New Member

Re: mars syslog

Because access to CS-MARS over SSH have only administrator with account: pnadmin.

"""

MARS supports local authentication of MARS users; user credentials are stored the MARS Appliance in SHA-1 cryptographic hash format. Each MARS Appliance only has one Administrative account that is named

pnadmin. This is the only account with privileges to access the command line interface via SSH or direct console connection.

""""

First paragraph of Chapter: User Management.

I hope it will help you.

4115
Views
15
Helpful
10
Replies
CreatePlease login to create content