I have run the pnstatus and all services are running, except syslog. I can also see a service named securesyslog, but when I am doing a port scan on the MARS IP I can't see the port 514 open. And during the discovery process MARS discovered the devices, but all the devices that I have added in MARS is shown as "Inactive CS-MARS reporting device".

> all services are running, except syslog

Well, there's no service actually named "syslog" on a running MARS appliance.  I think that incoming syslogs are handled by the "pnparser" process.  You can read more details in the "MARS Initial Configuration and Upgrade Guide", under "List of Backend Services and Processes".

Can you upload the output of the pnstatus command from your appliance?

> a service named securesyslog

This is the process that handles encrypted syslogs, say for an ASA.  This is essentially standard syslog, but encrypted in transport using certificates.  The port for secure syslog is TCP/1470.

> doing a port scan on the MARS IP I can't see the port 514 open

That's normal.  On a standard scan, the only port that will be reported "open" is TCP/22 for SSH.

*edited to change command to "pnstatus", not "pnparser", but you figured that out already

I have used the following CLI commands in a router to enable syslog, please let me know if I am missing anything. I have done this based on the MARS documentation:

logging host

logging trap

logging on

Did you also enter the command:

(config)# logging source-interface

The IP address of the interface specified should match the device's "Reporting IP" configured in MARS.

Yes, I forgot to mentioned that I have configured the logging source interface and it is matching with the Reporting IP configured in MARS. Is there any limititation for the local controller to process syslog messages? I am not having the global controller at all.