Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

CS-Mars... understaing

Hi, being new to the concept of correlation and deep packet inspection, i have few design related (to CS-MARS) questions.

- How isthe incident analyzed? I have only 1 incident "Inactive CS-MARS reporting device".. What does this mean, and how to go through complications in order to understand.

- I have enable netflow in a reouter, and getting it on another machine running a 3rd party netflow analyzer succesffuly. But when i redirect the netflow to MARS,(and configure the device in Netflow config, it does not seems to be acceptign the flows as it doesn not show any received netflow event. Where can i check and resolve this issue?

2 REPLIES
Silver

Re: CS-Mars... understaing

Error message "Inactive CS-MARS reporting device" means that the MARS has not received syslog information from the configured device within the past one hour. Configure the device in order to accept administrative sessions from MARS and also ensure that the device being monitored is configured to publish its event to MARS. On MARS , provide the administrative connection information in order to define the device being monitored.

New Member

Re: CS-Mars... understaing

Can you please explain a bit for me?

1- What configuration is required to do on the device to accept administrative sessions from MARS?

2- How can this be assured that the device being monitored is configured to publish its events to MARS?

3- Where to provide administrative connection information on MARS in order to define the device?

Please help as i'm new to this

142
Views
5
Helpful
2
Replies
CreatePlease to create content