Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
578
Views
0
Helpful
3
Replies

MARS and Symantec AV Corp

rsumidacisco
Level 1
Level 1

‎08-08-2006 03:45 PM - edited ‎03-09-2019 03:50 PM

A few MARS questions regarding SAV CE.

1. Can someone explain why MARS would need to import a list of the SAV clients? Why does it need to store each host as a reporting device when the traps are coming from the SAV server?

2. If my SAV admin adds new clients in the future then I would have to manually do a diff and import the new ones?

3. How do I select multiple reporting devices and hide them in the cloud? By default, MARS is showing all 2500 SAV clients as individual host in the topology map. (What a mess, and so useless)

Thanks in advance,

Ryan

Labels:
0 Helpful
3 Replies 3

sbilgi
Level 5
Level 5

‎08-14-2006 07:15 AM

Are you attempting to load the CSV file from Admin -> Security and Monitor Devices?

0 Helpful

rsumidacisco
Level 1
Level 1
In response to sbilgi

‎08-14-2006 09:42 AM

Yep. I used these instructions listed in the user guide: http://www.cisco.com/en/US/products/ps6241/products_user_guide_chapter09186a00804f711a.html#wp1033094

The SAV administrator for our campus provided the exported CSV file from the SAV server.

Apparently, MARS has very little compatibility with SAV 10.x. I was hoping MARS would be able to parse some of the alerts but no luck so far. I guess my previous questions are moot now. I would still be interested in the details of the need for the SAV client list.

Regards,

Ryan

0 Helpful

randytoni
Level 1
Level 1
In response to rsumidacisco

‎08-31-2006 08:56 AM

Thanks for the note about SAV 10.x. Probably would have found out the same thing here soon.

Apparently the Symantec CSV import has a known bug (you cannot repeat the import process again later on - which is a real problem - what happens if/when the AV client landscape changes - how would you tell MARS about the new layout without a re-import?)

According to Cisco TAC, MARS 4.2.1 is supposed to be able to learn the Symantec AV structure now (no need to import anything). I have not been able to test this since there are so many problems on the Symantec side here (AMS, etc.).

AV reporting in MARS in general could use a lot of work - and hopefully Cisco will extend this beyond Symantec to other AV providers (e.g. Trend).

-randy

0 Helpful
Customers Also Viewed These Support Documents