thank you for the pointer to your earlier thread - sorry i did not trip over that myself in my search

glad to hear there's a patch coming "soon" to address this - between the archive constantly crapping out and the gui going for a dump, it's hardly earning a lot of kudos here. Especially, in this case, when the MARS (100) box in question is hardly maxed out - in fact barely working:

12/10/07 2:31:49 PM EST Info ./pnparser Thread 2051:PN-2016:message rate: 105.160294 msgs/sec, total: 1500000 msgs, total avg rate: 109.935909 msgs/sec

the decision to purchase MARS was influenced mostly by the timing (looking for a solution at roughly the same point in time as the security stuff in Ciscoworks was being gutted and replaced by MARS, in line with the upgrade here to the CSM product). From an architectural point of view (and on the surface) it made sense.

we also wanted to tear down some silos and build some better bridges with the network operations folks, who live and breath Cisco. I recall LogLogic had a really nice (pretty) offering then - shy of the SIM paradigm but much better reporting, etc. We passed it up, looking beyond just logging / reporting, and towards the SIM aspects of MARS, etc.

In hindsight, since we've hardly had time or resources to really max out the SIM functionality and really go much beyond the basic syslog stuff, it's kind of a regret now. I think it has some great potential under the hood, but it needs a really really really good tune-up. It is klunky, slow, has crappy reporting, and it's ANYTHING BUT intuitive (ever try to sort out "exactly" how MARS logic applies to rules, incidents, etc?) I would tear out what's left of my hair if not for articles like this

http://ciscomars.blogspot.com/2007/02/guest-article-mars-inspection-rule.html

thanks again,

-randy

The 4.3.2 and 5.3.2 patches have been released:

http://www.cisco.com/cgi-bin/tablebuild.pl/cs-mars

thanks for the heads up and all the help here

just changed my cisco cco p/w this morning - does this take forever to propagate thru the entire support structure? now trying to d/l the new pkg and the authentication process butts in the middle of the download and fails - same name and p/w that just I used to log in here (forum) and at the main cisco site.

could this be more of a pain in the a$$....?

I was unable to download anything from CCO yesterday and I don't remember the last time I changed the password. The website was just having issues, which is another conversation in its own.

I was able to download the new version just a few minutes ago, you should be alright as well.

thanks - i did get the d/l after waiting a while yesterday and trying again. Agree - access to Cisco web support site(s) in general is definitely another topic of conversation altogether

to top it off (fubar'd server, can't get the patch to d/l, etc.) i now see the end of life notice for the MARS platform circulating. kinda the icing on the MARS cake this week

I just saw that today as well. Looks like its only for a couple platforms, is it because they're going to the x10 platforms? (110, 210, etc)?

Anyone hear anything on a rumor mill about the small models, the 50, 20, etc going EOL?

http://www.cisco.com/en/US/products/ps6241/prod_eol_notice0900aecd807189ef.html