Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

question about mars

We got a MARS 25r with 2 5510 failover, i think i got logging setup as in the dashboard of the mars i see logs from the firewall persay but not truelogs? we were under the impression that mars would serve as a place we could archive firewall logs for like pci compliance , if it can do this how do i do this???

New Member

Re: question about mars

What do you mean by true logs? If you are looking for ALL the events from your firewall to show on MARS, goto ADMIN -> Retrieve Raw Messages, and select your desired timings..

I believe that MARS is more than a logs archival agent, in simple words, it takes the logs from whatever devices you configure on it, studys them and filters the more frequent/similar events, and display to you only the ones that you should worry about. Instead of going through mutliple devices, and different seraching techinques, sitting on a single interface, and looking at only severe incidents is real fun :)..


Re: question about mars

Goto Query >> Edit the 'Query Type' >> Select "All Matching Event Raw Messages" Change the time as as appropriate, and click on Apply.

Then Edit the "Device" field to only the selected device. This will show you the 'raw events' (true as referred by you).



Cisco Employee

Re: question about mars

MARS processes the logs and outputs things for you to look at. It does not show you the raw logs but they are there.

Do the query Farrukh listed and you will be able to see that the logs really are there "under the hood."

This query is the most commonly run query by users that are comfortable with viewing syslog messages directly. It helps with the comfort level for new users that are trying to figure out MARS.


New Member

Re: question about mars

Thanks guys!!! what i needed

CreatePlease to create content