I defined the device and checked the receive box. I assume I don't have to put username password as I am receiving. Anyway, to prove it was working I thought I could query on raw events like you can from say a cisco switch. Am I on the right track? Right now I see nothing.
I can't say I understand what you mean at all but here goes.
I defined a windows 2003 server to MARS. I set the logging option to receive as the server is pushing the event logs to MARS using snare. I did not set a username and password as I am not pulling the event logs only "receiving" them. I would like to know that MARS is really seeing anything from the server, so I was asking what query I could perform to see the raw events. As an example, I can do a query on a defined ASA and see the streaming syslog from the ASA. Is there a query I can do to make sure MARs is getting the events from the Windows 2003. Clear?
I would suggest logging in and out of the server before running a report, to guarantee that some events will be generated
In addition to what has been mentioned, be sure to set the "DEVICE" field of the report to be only the server you are looking for.
While creating the report, click on "ANY" in the "DEVICE" column. You'll be shown a box to select which devices on the right side, with selected devices on the left. That should first show "ANY". In the box on the right, in the "All Variables" drop down box, choose "Device Type: Microsoft Windows 2003". From the list that gets loaded, choose the server you previously added as a security device. Press the arrows that look like <<==, which will move it into the left box.
Make sure the report is set to something like "All matching events", and change the "Filter By Time" to something larger like 30 minutes or an hour. This will cover the possibility that the server hasn't sent any logs for a little while.
Given that you just logged in and out of the server, you should see SOMEthing.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...