cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
493
Views
20
Helpful
4
Replies

question about mars

jmmartina
Level 1
Level 1

We got a MARS 25r with 2 5510 failover, i think i got logging setup as in the dashboard of the mars i see logs from the firewall persay but not truelogs? we were under the impression that mars would serve as a place we could archive firewall logs for like pci compliance , if it can do this how do i do this???

4 Replies 4

mohsin.khan
Level 3
Level 3

What do you mean by true logs? If you are looking for ALL the events from your firewall to show on MARS, goto ADMIN -> Retrieve Raw Messages, and select your desired timings..

I believe that MARS is more than a logs archival agent, in simple words, it takes the logs from whatever devices you configure on it, studys them and filters the more frequent/similar events, and display to you only the ones that you should worry about. Instead of going through mutliple devices, and different seraching techinques, sitting on a single interface, and looking at only severe incidents is real fun :)..

Mohsin

Goto Query >> Edit the 'Query Type' >> Select "All Matching Event Raw Messages" Change the time as as appropriate, and click on Apply.

Then Edit the "Device" field to only the selected device. This will show you the 'raw events' (true as referred by you).

Regards

Farrukh

MARS processes the logs and outputs things for you to look at. It does not show you the raw logs but they are there.

Do the query Farrukh listed and you will be able to see that the logs really are there "under the hood."

This query is the most commonly run query by users that are comfortable with viewing syslog messages directly. It helps with the comfort level for new users that are trying to figure out MARS.

Raymond

Thanks guys!!! what i needed

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: