Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2037
Views
5
Helpful
5
Replies

MARS Support for Windows 2008 Server

Go to solution
pmccubbin
Level 5
Level 5

‎12-15-2008 08:41 AM

Does anyone have any experiences they could share regarding Win 2008 server and MARS 6.0.1?

I know it is not part of any drop down menus in MARS but am interested if we can go ahead and use the Win2003 drop down selection.

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
krir
Level 4
Level 4
In response to pmccubbin

‎12-15-2008 09:17 AM

Hi Paul

You can configure the MARS to pull the events directly from the Windows 200x, you don't need to install SNARE to pull the events from MARS.

Please ref. the below URL for more detail on pulling the events from window

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgHost.html

View solution in original post

0 Helpful
5 Replies 5

Go to solution
krir
Level 4
Level 4

‎12-15-2008 08:43 AM

yes, you can add it as Windows 2003

0 Helpful

Go to solution
pmccubbin
Level 5
Level 5
In response to krir

‎12-15-2008 09:07 AM

Hi Krishnan!

Many thanks for the answer.

The SNARE agent doesn't support Win 2008. What do you suggest for sending the logs to MARS? Are the Windows logs normalized enough for MARS to sessionize?

Thanks.

0 Helpful

Go to solution
krir
Level 4
Level 4
In response to pmccubbin

‎12-15-2008 09:17 AM

Hi Paul

You can configure the MARS to pull the events directly from the Windows 200x, you don't need to install SNARE to pull the events from MARS.

Please ref. the below URL for more detail on pulling the events from window

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgHost.html

0 Helpful

Go to solution
patwill66_2
Level 1
Level 1
In response to pmccubbin

‎12-15-2008 10:05 AM

I use an application made by Datagram called Syslog Agent that works really well. I actually prefer to over SNARE. Its easy to configure and has more options, such as export text log files and configuring via the registry. The link to download is http://www.syslogserver.com/syslogagent_setup.exe. I have used this on 2008 without any issues.

Go to solution
krir
Level 4
Level 4
In response to patwill66_2

‎12-15-2008 10:13 AM

Hi

If windows 2008 can support the SNARE. I don't MARS have any issues normalizing it. I am not sure whether MARS parse(normalize) the events coming from windows 2008 which is coming from Agents other then SNARE.

However, if the format of event coming from the syslog Agent is same as SNARE agent, then it should parse it.

Regards

R.Krishnan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents