Cisco Security MARS is placed on a TCP/IP network where it can send and receive syslog messages and Simple Network Management Protocol (SNMP) traps, and can establish secure sessions with deployed network and security devices through standard secure or vendor-specific protocols.
Syslog Forwarding support in Cisco Security MARS will allow Cisco Security MARS to forward syslog messages it receives from syslog sources to another syslog receiver. In earlier Cisco Security MARS releases support for receiving syslog messages from a syslog Relay device was added. Therefore the syslog forwarding feature set in this release enhances support for syslog within Cisco Security MARS, and allows for the insertion of Cisco Security MARS into an already established syslog architecture.
Just to confirm the MARS does (can) retain all of the original Syslog information - which (i) can be viewed using the option 'view raw event messages', (ii)can be 'relayed' to another Syslog server as already mentioned, and can (iii) even be directly viewed or manipulated when archived off to external disk (following the format set out in the doc files).....
Finally I would note that we use the 'drop' ability to not have the MARS process information we do not want to respond to, but DO want to retain. This allows us to tune what the MARS rules receive to be different from what the MARS appliance receives and stores.
I hope the above makes sense and answers your question.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...