Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

MARS and Symantec AV Corp

A few MARS questions regarding SAV CE.

1. Can someone explain why MARS would need to import a list of the SAV clients? Why does it need to store each host as a reporting device when the traps are coming from the SAV server?

2. If my SAV admin adds new clients in the future then I would have to manually do a diff and import the new ones?

3. How do I select multiple reporting devices and hide them in the cloud? By default, MARS is showing all 2500 SAV clients as individual host in the topology map. (What a mess, and so useless)

Thanks in advance,

Ryan

3 REPLIES
Silver

Re: MARS and Symantec AV Corp

Are you attempting to load the CSV file from Admin -> Security and Monitor Devices?

New Member

Re: MARS and Symantec AV Corp

Yep. I used these instructions listed in the user guide: http://www.cisco.com/en/US/products/ps6241/products_user_guide_chapter09186a00804f711a.html#wp1033094

The SAV administrator for our campus provided the exported CSV file from the SAV server.

Apparently, MARS has very little compatibility with SAV 10.x. I was hoping MARS would be able to parse some of the alerts but no luck so far. I guess my previous questions are moot now. I would still be interested in the details of the need for the SAV client list.

Regards,

Ryan

New Member

Re: MARS and Symantec AV Corp

Thanks for the note about SAV 10.x. Probably would have found out the same thing here soon.

Apparently the Symantec CSV import has a known bug (you cannot repeat the import process again later on - which is a real problem - what happens if/when the AV client landscape changes - how would you tell MARS about the new layout without a re-import?)

According to Cisco TAC, MARS 4.2.1 is supposed to be able to learn the Symantec AV structure now (no need to import anything). I have not been able to test this since there are so many problems on the Symantec side here (AMS, etc.).

AV reporting in MARS in general could use a lot of work - and hopefully Cisco will extend this beyond Symantec to other AV providers (e.g. Trend).

-randy

84
Views
0
Helpful
3
Replies
CreatePlease to create content