I have a MARS 50, and i tried to add a Linux to send syslog messages to it. I added it, i can see the linux int the topology window.
I run a nmap scan on the linux, i get a lot of syslog messages on the linux console because of the nmap scanning, but the MARS doesn't show me any incidents.
I added the Linux host under Admin->Security and Monitor Devices -> Add -> Device Type: Add SW security apps on new host. Then i configured the ip, i chose Linux as the operating system and "Rceive" at the Logging Info.
I also configured the Linux to send syslog messages to MARS:
i added in the /etc/syslog.conf file, the next line:
I sounds like you're doing everything right, it's just that Mars hasn't been configured to parse and understand those particular log entires. They will get parsed as "generic linux event". If you aren't even seeing the events in Mars, then something else is going on and we can help you with that too, just let us know.
The way to test this is to run a "real-time" query in Mars for the Linux box(query type = all matching events). See:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :