12-15-2008 08:41 AM
Does anyone have any experiences they could share regarding Win 2008 server and MARS 6.0.1?
I know it is not part of any drop down menus in MARS but am interested if we can go ahead and use the Win2003 drop down selection.
Thanks.
Solved! Go to Solution.
12-15-2008 09:17 AM
Hi Paul
You can configure the MARS to pull the events directly from the Windows 200x, you don't need to install SNARE to pull the events from MARS.
Please ref. the below URL for more detail on pulling the events from window
12-15-2008 08:43 AM
yes, you can add it as Windows 2003
12-15-2008 09:07 AM
Hi Krishnan!
Many thanks for the answer.
The SNARE agent doesn't support Win 2008. What do you suggest for sending the logs to MARS? Are the Windows logs normalized enough for MARS to sessionize?
Thanks.
12-15-2008 09:17 AM
Hi Paul
You can configure the MARS to pull the events directly from the Windows 200x, you don't need to install SNARE to pull the events from MARS.
Please ref. the below URL for more detail on pulling the events from window
12-15-2008 10:05 AM
I use an application made by Datagram called Syslog Agent that works really well. I actually prefer to over SNARE. Its easy to configure and has more options, such as export text log files and configuring via the registry. The link to download is http://www.syslogserver.com/syslogagent_setup.exe. I have used this on 2008 without any issues.
12-15-2008 10:13 AM
Hi
If windows 2008 can support the SNARE. I don't MARS have any issues normalizing it. I am not sure whether MARS parse(normalize) the events coming from windows 2008 which is coming from Agents other then SNARE.
However, if the format of event coming from the syslog Agent is same as SNARE agent, then it should parse it.
Regards
R.Krishnan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide