Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4366
Views
5
Helpful
4
Replies

Retrieve Raw Data from Mars

ssweehinlew
Level 1
Level 1

‎06-22-2011 05:22 AM

Is there any ways to retrieve Raw data by using cmd (putty, winscp), scripts rather than GUI method from Mars? By using GUI method, I can only retrieve raw data within short period of time at one time and require a lot of user intervention.

Labels:
0 Helpful
4 Replies 4

Justin Teixeira
Level 1
Level 1

‎06-22-2011 05:31 AM

Hi Ssweehinlew,

    You can get a composite of all of the raw messages the MARS receives, arranged chronologically, by configuring the archiving on the device.  Once archiving has been configured, check the archiving location to find a list of folders which are named with a date - each folder represents one day of archiving.  Within each folder you will find another folder named "ES" and in that folder you will find one or more gzip files beginning with the letters "rm".  These zip files contain flat files with all of the raw messages received for the particular day of the parent folder. Copy these gzip files to another location before opening them.

Other than this method and the GUI, there is no way to retrieve raw messages from the MARS.

-JT

ssweehinlew
Level 1
Level 1
In response to Justin Teixeira

‎11-17-2011 10:49 PM

I have configured the Windows NFS server according to the guide under the link 

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/5.3/installation/guide/admin.html#wp1182700

but it is keep showing Error: Invalid Remote Directory Permission Setting, unable to write.

Based on the NFS Activity log,

task= mount result=success

task=unmount result=success

within 1 second

Any idea?

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to ssweehinlew

‎11-20-2011 01:42 AM

Hello

Can you please recheck all the steps mentioned in the documented you posted?

A screenshot of the NTFS permissions page for your archive folder and the output of the below command would also help

cd C:\archive 

cacls MARSBackups

Please replace the above with the directory in your environment.

Regards

Farrukh
0 Helpful

ssweehinlew
Level 1
Level 1
In response to Farrukh Haroon

‎12-04-2011 11:41 PM

Hi,

I have re-created the new folder with c:\marsdata. It is still showing me the same result. 

Task = Mount success

Task = UMount success 

within 1 second.....

Is there any other ways to troubleshoot?

0 Helpful
Customers Also Viewed These Support Documents