IDSM-2 and MARS
My MARS device will not detect my IDS modules, error reports to make sure 443 is open but as far as I can see it is..
Check if the clock of both devices are matching. If possible configure NTP because the MARS usually misses the logs if the time stamps donot match.
Similar Messages
-
Changing MARA-ERNAM and MARA-AENAM during Material create
Hi All,
We have a critical requirement to change the MARA-ERNAM and MARA-AENAM during the creation of the material.
We are using the BAPI 'BAPI_MATERIAL_SAVEDATA' to create a material from an Inbound IDOC.When we execute the above BAPI, the material is created with sy-uname in MARA-ERNAM and MARA-AENAM field and our requirement is to update our desired usernames.
Please provide your valuable suggestions.
Thanks and Regards,
Stephenand why don't you execute that BAPI with another UserID? or schedule it as a job, attaching the userid of the special batch-user you have in your company to the job-step?
-
NBAR, Netflow, QoS Policing, 6500s, IOS 12.1(26)E7, and MARS
Hello. I'm having trouble seeing the forest OR the trees, and I'd appreciate some help from someone who has a better field view than myself. We're upgrading our internet connection to 200MB and management is wanting to upgrade our Packet Shaper to meet the new bandwidth. (The Packet Shaper shows top talkers, top protocols, and rate limits protocols or users.) I'm trying to make the argument that we can do this w/ existing tools (nbar, netflow, QoS policing, and MARS), at the same time I'm trying to make the argument that we need to have our supervisors (currently SUP2 MSFC2) on a 3-4 year upgrade cycle.
To get to the 12.2 IOS, I'd require a memory or sup upgrade. What I am hoping for is someone who has gone down this road who knows what I'm lacking in 12.1 code, or if in fact I can do it all here.
While it is self-evident to most in IT why we need to regularly upgrade equipment, I'm having difficulty making this argument to management with hard facts. I'm guessing they'd still be running Windows for Workgroups to save money...but that's another story.
My plan is to use Netflow and MARS to track top users and top protocols. It appears that I lose some mgt functionality w/ MARS in conjunction w/ IOS 12.1, but I am currently unclear if I lose any tracking capability. (MARS is new to us and awaiting install.)
Then, I hope to use NBAR to identify all the latest P2P traffic and police it appropriately w/ QoS tools.
Does my thinking sound solid? Will I be able to pull this off w/ 12.1? If not, what do I need that I lack in 12.1?
Thank you for your time,
JoshuaHi,
First of all - you need to be clear that although MARS uses netflow data, it uses it for the purpose of identifying security issues. If you want to use netflow for reporting and/or accounting purposes MARS isn't the tool you need, try one of the following freeware netflow tools:
http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/freeware/index.shtml
or one of the following commercial tools:
http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/commercial/index.shtml
The freeware ones are generally more difficult to set up but once running are just as good as the commercial ones.
However, this means you need two netflow destinations - one for MARS and one for your netflow tool, and this feature is called "Netflow Multiple Export Destinations" and initially appeared at 12.1(3)T, but it seems to be VERY platform specific - for example, because we only run GD software on our 3660's we had to upgrade to 12.3(20) to get it.
Looking at the Feature Navigator for SUP2/MSFC2 it appears that you need at least 12.2(18)SXF6 to get this feature so that might help your case.
I'd personally keep the PacketShaper for it's reporting capability if nothing else (IOS can do the job, but not as elegantly as the PacketShaper).
HTH - plz rate if useful.
Andrew. -
Difference in text rendering between PDF and Mars?
I was doing some testing with Mars and stumbled upon what
seemed like suboptimal text rendering. Because it was quite subtle
and I wanted to make sure there was an actual difference, I did a
little comparison between PDF and Mars rendering.
See this image. Can
you see a difference?
I'm still not sure whether there is an actual difference, but
I still somehow got the impression that the upper example (PDF) is
a little more polished then the lower one (Mars). Are different
rendering paths actually used? Will it remain that way?
My SVG for Mars was very simple:
<text font-size="10pt" x="20" y="20" fill="rgb(0,0,0)"
font-family="F0">aex</text>
The PDF was produced with MS Office 2007 and Microsofts Save
as PDF plugin (also at 10pts). The font is Gentium.The difference *IS* subtle, but you're right -- there does
appear to be a perceptible difference between the two samples.
Without making an in-depth study, it's hard to say whether we
can do anything about this. Even though they're both opened in
Acrobat, the rendering path for a Mars document is *VERY* different
from the path for a PDF document, and many of the events along the
chain are out of the control of those of us writing the Mars
plugin. There are some text-quality issues that I'd like to take
care of in time for our next release, however; perhaps I'll be able
to address this particular issue at the same time. -
Hello! Is there any manual how to setup Microsoft ISA and MARS in order to view a full ISA logs..I try with SNARE for isa....and i can not view nated connections on ISA in MARS......
We have one but It's not talking to MARS at present. My guess is that you would want the logs in the W3C format and that you'd have to write your own parser for it.
I've never used SNARE so I can't comment on how it would help in this situation. Their web page says it's for event log data and I'm unsure if txt files written in a directory count as this type of data. -
Hi i have CSM 3.3.1 and MARS, all devices syslog are pointing to them.
I want to see live syslog messages , just like what kiwi do, is this applicable ??? how ??Hi Alkabeer,
You can view real time syslog via ASDM. ( For PIX, ASA, or FWSM in the Security Manager device inventory).
In an ASDM device manager launched from Security Manager, you can monitor system log messages in the Real-time Log Viewer window and the Log Buffer window. You can select a syslog message displayed in either window and navigate to the access-control rule in Security Manager that triggered the message, where you can update the rule as necessary.
The Real-time Log Viewer is a separate window that lets you view syslog messages as they are logged. The separate Log Buffer window lets you view messages present in the syslog buffer.
For IOS Router syslog, You can use SDM.
In an SDM device manager launched from Security Manager, you can view a log of events categorized by security level under the Syslog tab of the Logging window. You can select a syslog message and navigate to the access-control rule in Security Manager that triggered the message, where you can update the rule as necessary.
The Monitor > Logging option in SDM offers four log tabs; Syslog is the only one of these offering the Security Manager access-rule look-up option. The router contains a log of events categorized by severity level. The Syslog tab displays the router log, even if log messages are being forwarded to a syslog server.
And
In CS-MARS, You can generate reports to see devices syslogs.
Keep Smiling, Peace -
Hello. Can I use a couple of ASAs and MARS to log visited URLs with the Active Directory username that visited the specific URL?
No, you'll need a proxy server for that. Take a look at Ironport (owned by Cisco) for web security.
http://www.ironport.com/products/web_security_appliances.html
Hope it helps. -
What is the link between the tables DRAW and MARA
Hi,
Can you tell What is the link field between the tables DRAW and MARA
NageshHi,
There is no direct relationship. But you can find the materials attached as object liink to the document in table DRAD.
Hope it helps,
Rajat -
Virgo Tools for Eclipse Luna and Mars
Hi all,
I tried to install the Virgo Tools both in Eclipse Luna and in Mars (JEE packages), from this update site:
"Virgo IDE Releases" - http://download.eclipse.org/virgo/release/tooling
- Eclipse Virgo Tools 1.0.1.201302270038-RELEASE
but I got errors (see below).
Instead all il working well with Kepler.
Some suggestions?
Thank you very much.
Vincenzo
================================================
Cannot complete the install because of a conflicting dependency.
Software being installed: Eclipse Virgo Tools 1.0.1.201302270038-RELEASE (org.eclipse.virgo.ide.feature.feature.group 1.0.1.201302270038-RELEASE)
Software currently installed: Eclipse IDE for Java EE Developers 4.5.0.20150621-1200 (epp.package.jee 4.5.0.20150621-1200)
Only one of the following can be installed at once:
OSGi System Bundle 3.8.1.v20120830-144521 (org.eclipse.osgi 3.8.1.v20120830-144521)
OSGi System Bundle 3.10.100.v20150529-1857 (org.eclipse.osgi 3.10.100.v20150529-1857)
Cannot satisfy dependency:
From: Eclipse IDE for Java EE Developers 4.5.0.20150621-1200 (epp.package.jee 4.5.0.20150621-1200)
To: org.eclipse.epp.package.jee.feature.feature.group
Cannot satisfy dependency:
From: EPP Java EE IDE Feature 4.5.0.20150621-1200 (org.eclipse.epp.package.jee.feature.feature.group 4.5.0.20150621-1200)
To: org.eclipse.m2e.feature.feature.group 0.0.0
Cannot satisfy dependency:
From: Maven Integration for Eclipse 1.6.0.20150526-2032 (org.eclipse.m2e.core 1.6.0.20150526-2032)
To: bundle org.eclipse.osgi 3.10.0
Cannot satisfy dependency:
From: m2e - Maven Integration for Eclipse (includes Incubating components) 1.6.0.20150526-2032 (org.eclipse.m2e.feature.feature.group 1.6.0.20150526-2032)
To: org.eclipse.m2e.core
Cannot satisfy dependency:
From: Eclipse Virgo Tools 1.0.1.201302270038-RELEASE (org.eclipse.virgo.ide.feature.feature.group 1.0.1.201302270038-RELEASE)
To: org.eclipse.virgo.ide.manifest.core [1.0.1.201302270038-RELEASE]
Cannot satisfy dependency:
From: Eclipse Virgo IDE (Manifest Core) 1.0.1.201302270038-RELEASE (org.eclipse.virgo.ide.manifest.core 1.0.1.201302270038-RELEASE)
To: bundle org.eclipse.virgo.kernel.artifact 0.0.0
Cannot satisfy dependency:
From: Virgo Kernel Artifact Integration 3.6.0.RELEASE (org.eclipse.virgo.kernel.artifact 3.6.0.RELEASE)
To: package org.eclipse.virgo.nano.serviceability [3.6.0,3.7.0)
Cannot satisfy dependency:
From: Virgo Nano Core 3.6.0.RELEASE (org.eclipse.virgo.nano.core 3.6.0.RELEASE)
To: package org.eclipse.osgi.internal.baseadaptor 0.0.0Sorry, I have to correct myself: today I retried with a brand new Mars/JEE+Java8 and a brand new workspace:
the error is related to missing org.json bundle.
Cannot complete the install because one or more required items could not be found.
Software being installed: Eclipse Virgo Tools 1.0.1.201506260038-SNAPSHOT (org.eclipse.virgo.ide.feature.feature.group 1.0.1.201506260038-SNAPSHOT)
Missing requirement: Eclipse Virgo IDE (Server Core) 1.0.1.201506260038-SNAPSHOT (org.eclipse.virgo.ide.runtime.core 1.0.1.201506260038-SNAPSHOT) requires 'bundle org.json 0.0.0' but it could not be found
Cannot satisfy dependency:
From: Eclipse Virgo Tools 1.0.1.201506260038-SNAPSHOT (org.eclipse.virgo.ide.feature.feature.group 1.0.1.201506260038-SNAPSHOT)
To: org.eclipse.virgo.ide.runtime.core [1.0.1.201506260038-SNAPSHOT]
seems like Mars/JEE doesn't contain org.json ... which is quite strange ...
With Mars/JEE+Java7 instead the detailed error is:
Cannot complete the install because one or more required items could not be found.
Software being installed: Eclipse Virgo Tools 1.0.1.201506260038-SNAPSHOT (org.eclipse.virgo.ide.feature.feature.group 1.0.1.201506260038-SNAPSHOT)
Missing requirement: OSGi Framework Editor UI (Incubation) 0.2.0.201206060754 (org.eclipse.libra.framework.editor.ui 0.2.0.201206060754) requires 'bundle org.eclipse.zest.core [1.0.0,2.0.0)' but it could not be found
Missing requirement: OSGi Framework Editor UI (Incubation) 0.3.0.201212132137 (org.eclipse.libra.framework.editor.ui 0.3.0.201212132137) requires 'bundle org.eclipse.zest.core [1.0.0,2.0.0)' but it could not be found
Missing requirement: OSGi Framework Editor UI (Incubation) 0.3.0.201305070844 (org.eclipse.libra.framework.editor.ui 0.3.0.201305070844) requires 'bundle org.eclipse.zest.core [1.0.0,2.0.0)' but it could not be found
Missing requirement: OSGi Framework Editor UI (Incubation) 0.3.0.201305151323 (org.eclipse.libra.framework.editor.ui 0.3.0.201305151323) requires 'bundle org.eclipse.zest.core [1.0.0,2.0.0)' but it could not be found
Missing requirement: OSGi Framework Editor UI (Incubation) 0.3.0.201305311343 (org.eclipse.libra.framework.editor.ui 0.3.0.201305311343) requires 'bundle org.eclipse.zest.core [1.0.0,2.0.0)' but it could not be found
Missing requirement: OSGi Framework Editor UI (Incubation) 0.3.1.201405141436 (org.eclipse.libra.framework.editor.ui 0.3.1.201405141436) requires 'bundle org.eclipse.zest.core [1.0.0,2.0.0)' but it could not be found
Cannot satisfy dependency:
From: Eclipse Virgo Tools 1.0.1.201506260038-SNAPSHOT (org.eclipse.virgo.ide.feature.feature.group 1.0.1.201506260038-SNAPSHOT)
To: org.eclipse.virgo.ide.runtime.ui [1.0.1.201506260038-SNAPSHOT]
Cannot satisfy dependency:
From: Eclipse Virgo IDE (Server UI) 1.0.1.201506260038-SNAPSHOT (org.eclipse.virgo.ide.runtime.ui 1.0.1.201506260038-SNAPSHOT)
To: bundle org.eclipse.libra.framework.editor.ui 0.0.0
With Luna/JEE SR2 instead all is working well, both with Java7 and Java8
Vincenzo -
For some time prior to Mar 7 FireFox (27.0.1) had started "not responding" when I clicked on any link on any page. In desperation I uninstalled and re-installed FireFox on Mar 7. The problem came back. The only other thing that I noticed when I looked at my profile folder is that the bookmarsbackup...json file doubled in size the next day (Mar 8)
Hi BillFreund,
I do not know. Do you notice duplicates? This should not happen.
This is a good reference to start troubleshooting if it starts to not respond any longer.
[[Firefox hangs or is not responding - How to fix]]
You can try to launch the browser in safe mode by clicking control + shift to see if the file doubles in size again.
Something else that you have installed isn't causing or contributing to that fault.
[http://support.mozilla.com/en-US/kb/Troubleshooting+extensions+and+themes][
I hope this helps. -
Machine authentication and MAR not working.
Hi, I'm using ACS 4.1.23 with MS AD for authentication in a wireless network environment. Users connect to one of the (Suppliers and Employees) SSID's and based on group authorization in AD are allowed to access. The SSID to the Employees network has an additional policy: only registered hosts in AD are allowed. For authentication is the standard MS supplicant used with PEAP-MSCHAPV2 configured.
According to the Cisco documentation ACS supports Machine Authentication and in combination with MAR, authenticated hosts required before user authentication, is possible.
BUT, it doesn't work. I do see successful host and user authentication, but the MAR policy doesn't kick in when a user authenticates without host authentication. I was able to turn debug logging for the CSAuth service, giving me the extra information in the AUTH.log.
I have no clue what is missing or how to troubleshoot from this point on.
Has anyone got this setup working or help me a step further ?Found it !
Within the MAR configuration, the "host/" definition is required for ACS to identify hosts.
ACS has the worst GUI of all software I know of ... :-( -
Best practice required to configure CW and MARS SM and ACS
Dear All,
i had alot of managment program in my corporate org.
CW LMS
CW HUM
CW QPM
CW IPM
ACS
MARS
Cisco IPS IDS 4260
WLC
tandberg system
could you gude what is the best service from cisco that i could buy it to have a profetional service to configure over all system in one integrated unite ,
so i have one report shows all the issue with customize GUI, for managers , directors , and CTO, CEO,,
thank you in advance,
Ali AlkhafajiI have the code working without use of config files. I am just disappointed that it is not working using the configuration files. That was one of the primary intents of my code re-factoring.
Katherine
Xiong , If you are proposing this as an answer then does this imply that Microsoft's stance is not to use configuration files with SSIS?? Please answer.
SM -
IDSM-2 and VMS problem with version software
I use a IDSM-2 with software ver. 4...
IDSM-2 is managing by VMS ver. 2.0.
Since 2006 I couldn't taking new signature
What can I do to upgrade IDSM to higher version ( IPS ver 5...) and which version VMS manage properly IDSM-2 with version software 5...
I still have a maintenance SMART NET to 2008 year.
If I need upgrade what can I do.
MirekHi John Thank you for your Reply,
On my jsp page, i get the warning reference, " backingBeanScope.mybean.varname" not found.
In expression builder, though I can see and select the BackingBean but i can not see the below variables!!!!
It appears only the Beanname and not the plus sign to expand it.
This happens only for backingbeanScope...
best regards -
Hello
I have a question about IDSM-2 (in catalyst 6500) and ips 6.0.3 and inline mode. I wanted to create vlan groups, so i could have inline ips with many virtual sensors for subinterfaces (vlans range).
I tied to:
set trunk 5/7 1-4095 (on swith)
set trunk 5/8 1-4095 (on swith)
and in IDSM-2 in CLI:
i created inline interface (using 5/7 and 5/8 ports), but after that i could not create in physical interface vlan groups. Why ?
How can i make my IDSM-2 card working inline with many virtual sensors (policies) per different vlans ?i found my answer in idsm-2 document "You can mix sensing modes on IDSM-2. For example, you can configure one data port for promiscuous mode and the other data port for inline VLAN pair mode. But because IDSM-2 only has two data ports and inline mode requires the use of both data ports as a pair, you cannot mix inline mode with either of the other two modes." but something else,for doing such thing suppos that i have sig 2004 configured for inline traffic to deny attacker inline then this action doesnt make any sense for some data in passive mode and suppos that for that kind of traffic which idsm-2 is operating in passive mode i want to just send an alert. so can i use deferent VS for doing this? thanks.
-
Old "Latest" Product installations, startup tasks and mars release
Hello,
since mars release, the startup task tries to install from the Mars-Updatesite into a Luna Eclipse (and fails because of conflicting dependencies).
I guess this is because I chose "Latest (Luna)" during install. With the Mars release this was automagically changed to "Latest (Mars)", I had to change the installation.setup manually to "Luna" to fix the update failure during startup and stay at Luna.
Is oomph supposed to be able to upgrade eclipse to the next release? Otherwise it might be better if this property does not change on its own (and it might be wise to ask the user anyways beforehand as this might cause other trouble).Hi Johan,
Comments below...
Cheers
/Eike
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
Am 01.07.2015 um 16:59 schrieb Johan Hardy:
> I also met the same issue with an already installed version of Eclipse Luna. When you have a Luna version and you want
> to 'Helps -> Perform setup tasks ...' it forces the update to Mars but initially you chose Luna and the Installation
> failed.
>
> In my opnion, it should keep the platform version i.e. Luna (because all my plugins and setup is relevant to Luna).
I suspect you didn't really pick "Luna" but "Latest Release (Luna)". To clarify that, can you please attach the XML
content of your installation.setup file? There's an "Open in Text Editor" action in the context menu when you have the
Installation Setup file open.
"Latest Release (Luna)" means "Install Luna now and always update to the latest release". And of course the latest
release has now changed to be Mars.
>
> Is there a way to force to Luna instead of Mars ? I tried with property eclipse.target.platform = Luna but without
> effect.
No, that only impacts a possible PDE target platform.
Maybe you are looking for
-
I have been trying to transfer some different movies from my PC to my IPad, but they are not showing in the "movie" folder. I have sync'd the movies (these are mp4 files) that I wanted transfered, but only one is showing in the folder. There are 13 o
-
Hi, I would like to set automaticaly the name of the file in the header (or the foot) of a document without to write it but after i have save the document. Is it possible ? Thanks for your response. PB G4 Mac OS X (10.4.6) Pages 2
-
Why do about 6 applications open when I turn on since Loin installed?
After installing Lion, when I turn on my computer there are about 6 applications open onto the dest top - Why? Can someone please point me to where to make the necessary changes to stop it?
-
Hw can I determine the pitch and tempo to be set for a song?
I want to know how to determine the pitch, tempo, scale for any song in Garage band. My problem is this: I have ready with me a number of songs which I have composed, but I do not know what their musical attributes are...having received no training i
-
I use the new version of iPhoto. When I want to export a picture I invariably get the export option trying to open my Flickr account. This option which I have not selected will continue indefinitely until I use Force Quit to get out of iPhoto. Clearl