The taskflow for configuring MARS to monitor the security appliance includes the following steps:
1. Configure the security appliance to accept administrative sessions from MARS to discover settings. Configure this setting in the admin context.
2. Configure the security appliance to publish its system log messages to MARS. Configure this setting for the admin context and for each security context defined.
Note: Each context requires a unique, routable IP address for sending system log messages to MARS, and each context must have a unique name (usually in the hostname.domain name format).
3. To enable MARS to accept system log message event data and to collect configuration settings from the security appliance, perform the following tasks:
-Enable logging for one or more interfaces.
-Select the logging facility and queue size.
-Specify the logging severity level as debugging (7) or indicate the desired severity level.
-Identify the target MARS appliance, and the protocol and port pair on which it listens.
4. Within the MARS web interface, perform the following steps:
-Define the security appliance by providing the administrative connection information.
-Define security contexts.
-Add discovered contexts.
-Edit discovered contexts.