Is it possible to forward all MARS logs to another server. Issue is that we already have cisco mars and now we have implememted splunk. So instead of change logging device on all equipments i need to forward logs to splunk server.
It's possible to configure MARS to act as a syslog relay, but there are some limitations. The relay feature is covered in Chapter 3 of the "User Guide for CS-MARS Local and Global Controllers".
Specifically, check the section titled "Syslog Relay Support". Some of the information that starts the section:
The Local Controller can now act as a relay; it processes the incoming syslog messages locally before it forwards them to the designated collector. The destination port number is 514 for incoming and relayed syslog messages. MARS adheres to RFC 3164: The BSD syslog Protocol while relaying the syslog messages with the following exceptions:
•MARS can only forward to a single collector IP address.
•Because MARS supports exactly one collector, you cannot specify that events originating from one device address be forwarded to one collector while those originating from a different device address are forwarded to a different collector. All events are forwarded to the same collector.
•Forwarded syslog can be up to 1024 bytes in length. Logs longer than 1024 bytes are truncated.
It also mentions that the configuration has to be done through the CLI, not the web GUI.
GeneralWhich Cisco Secure products include access to SecureX?What are the SecureX data retention/privacy policies?What is SSE?How can I unlink my smart account from SSE and link it to a new account?Do I have to use the same SSE region as the SecureX regio...
More people are working remotely, and this increases the risk of security breaches and the difficulty in defending remote workers where they work and securing the devices they use.
Learn about Cisco Remote Secure Worker solutions that verify workers, secu...
GeneralWhich Cisco Secure products include access to SecureX?What are the SecureX data retention/privacy policies?What is SSE?How can I unlink my smart account from SSE and link it to a new account?Do I have to use the same SSE region as the Secur...
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr...