Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

CS-MARS : Inactive User-Defined Rules/Drop Rules/False Positive

Hi,

I have created dummy rules to drop any events that is rated as normal activities such as when switch interface status changed to up/down everytime users on/off their PCs, or when firewall translation is expired once the connectivity/sessions is terminated. Same goes to false positives where MARS will either drop or logged the events for any events matched with the customized rules.

However, when I changed the dummy rules to 'inactive' so that MARS will log and display everything back to normal, the status displayed on the main page under "Drop" is still increased. Now, no events are displayed on the main screen like before.

Any suggestions/help?

Thanks

AK

3 REPLIES
Bronze

Re: CS-MARS : Inactive User-Defined Rules/Drop Rules/False Posit

Hey, check the link for "HOW QUERY, REPORTS, AND RULES WORK" this will provide a idea

http://www.cisco.com/en/US/products/ps6241/products_qanda_item0900aecd802b7c6b.shtml

Re: CS-MARS : Inactive User-Defined Rules/Drop Rules/False Posit

This was due to a bug (CSCsc31386) in CS-MARS database on v3.4.1. It was fixed by loading v4.1.1.

Rgds,

AK

Re: CS-MARS : Inactive User-Defined Rules/Drop Rules/False Posit

Correction - it was v4.1.2, not v4.1.1

258
Views
0
Helpful
3
Replies
CreatePlease to create content