09-07-2010 06:46 AM
Hello,
I have two questions regarding Mars:
1- Does MARS track modifications on text files on workstations or servers through SNARE agent or any other agent
2- How can I monitor Mars processes using snmp?
Regards
09-07-2010 05:52 PM
>> 1- Does MARS track modifications on text files on workstations or servers through SNARE agent or any other agent
In theory, yes, it CAN track that kind of activity. However, it would probably require setting up a custom logging event on the host and in SNARE. Then, you would also need to configure a custom parser and related events in MARS.
>> 2- How can I monitor Mars processes using snmp?
This is not a supported feature in MARS. The issue was covered in a recent thread on this same forum:
https://supportforums.cisco.com/message/3168241#3168241
Hope that helps. Good luck!
09-07-2010 10:41 PM
Thx for the anserws, can you please be more specific regarding answer one, so you're sure it can be done only having snare agent on th machine? from where do I set it?
09-08-2010 12:07 AM
Well, I can't say if it's possible to trigger a log event via MS-RPC, as I haven't used that particular method of management. It merely seemed logical that SNARE would be a possible solution. But, no, I can't really explain it in detail, as I don't have any time actually using the SNARE client. I'm done implementations where a few devices were reporting via SNARE, but that's about it.
I was really basing my comment off of the general nature of what you were looking for - changing a single text file seems fairly specific, innocuous, and usually insignificant that I wouldn't imagine a pre-defined event would exist for it. I would imagine that even if one did, it would at least have to be tuned to point at the specific text file that needs to be monitored. Probably best to check the SNARE documentation at the client's website:
Guide to Snare for Windows and Windows Vista (intersectalliance.com - PDF document)
Best of luck.
10-22-2010 04:38 AM
DEar Micheal
Thanks for your answers! Concerning the monitoring of MARS processes, and since snmp is not a supported monitoring way, isn't there another way.
One of our customer's box services are down and he needs a way to monitor the service.
I thought of monitoring the ports of each service; After manually shutting the service via CLI and bringing it up I noticed that the udp port 1500 and above are used for some of the services but it didn't work. any hints?
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide