I have a client that desires to stream the raw logs collected by CS-MARS out to another SEM system. I have reviewed the documentation and have found no reference to this functionality. I see that you can send alerts per rule to a 3rd party device, but that is "Alerts" not the raw logs. If anyoneif this is possible I would appreciate your help.
This functionality does not yet exist. The only way to do this would be to use the XML export function added during 4.2.1. This e-mails an XML attachment to a user. I wrote a script to parse a POP3 inbox and download the attachments, parse the XML, and then generate an e-mail with detailed incident information. Part of the XML file does have the raw message in it. You could take this same premise and create a parser to export incidents to another system. Hope this helps.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...