Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
544
Views
4
Helpful
3
Replies

Is MARS a syslog server??

cplatt01
Level 1
Level 1

‎09-13-2006 01:55 PM - edited ‎03-10-2019 03:13 AM

Can MARS replace Kiwi as our syslog collection?

Labels:
0 Helpful
3 Replies 3

a.kiprawih
Level 7
Level 7

‎09-13-2006 02:27 PM

You can use CS-MARS as syslog server, but the display of the log entries will not be the same as Kiwi or other syslog server, .i.e 3CDaemon.

Common syslog server will display live event log received from devices (depend on log level), while CS-MARS won't. No live event is displayed. You have to manually retrieve the data/log.

This is because CS-MARS is designed to receive log (plus betflow and snmp) and store it in its database for log analysis, scan for any sign of misuse or pattern matching for violation signatures.

Overall, CS-MARS is funtioned as integrated analysis, monitoring and reporting tool to help you monitor your network.

BTW, you can also forward your syslog entry from your existing syslog server to CS-MARS. This may help you to see live event log and at the same time, send all those data to CS-MARS for analysis. It support Kiwi syslog as well.

http://www.cisco.com/en/US/products/ps6241/products_user_guide_chapter09186a00804f1622.html#wp1252321

Pls rate any helpful post(s).

Rgds,

AK

mhellman
Level 7
Level 7
In response to a.kiprawih

‎09-14-2006 05:05 AM

the latest version of csmars does have the ability to show raw events in "real time". Supposedly it's a separate data stream (i.e. not pulled from DB). I've tested it and it does appear to work.

result type = all matching events.

filter by time = real time (raw events)

0 Helpful

pmccubbin
Level 5
Level 5
In response to a.kiprawih

‎09-20-2006 07:58 AM

As AK noted, if you have a Kiwi Syslog server it integrates very well with MARS. MARS will parse the messages from the Kiwi server only for the devices configured in MARS.

From my experience with implementations of MARS this would be a preferred method, rather than having syslogs sent directly to MARS or having MARS poll the devices.

There is also has the added benefit of not having to make alot of changes to production devices, that is, adding a statement that sends syslog messages to MARS. These sort of minor changes sometimes require an outage and have to be scheduled well in advance.

Just my 2 cents.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card