01-16-2009 04:13 AM
I've been asked to look at adding vmware and netapp servers into MARS 4.3.
I've never worked on either OS, apart from vmware on windows. What issues if any should I be aware of?
Am I limited to receiving syslog data only, assuming these OS's will generate such data.
01-20-2009 07:08 AM
You are limited to syslog data only unless it's a Window's platform. There you can use the snare agent to send information that is kept in one of the Windows Event Logs supported by snare.
Beware that you will need to configure custom parsing as those are not natively supported systems. If running on Windows or generic Linux, use MARS 6.0.1 or newer as the new DSF (Device Support Framework) functions now allow for extending native parsers with custom parser entries.
01-21-2009 02:23 AM
Thanks, as I've not worked on MARS for a while I wasnt sure if there was any other way of supporting these OS's. I'm just going through the upgrade to 6.2 process, so may look at using the DSF functions.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide