O'Reilly logo

Security Monitoring with Cisco Security MARS by Greg Kellogg, Gary Halleen

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 11. CS-MARS Custom Parser

What do you do when you want to collect logs from an unsupported device? Consider the following examples:

• A firewall that isn’t natively supported

• Antispam software on your mail server

• Application logs on a Windows server

The custom parser allows you to define new devices and applications for reporting to the Cisco Security Monitoring, Analysis, and Response System (CS-MARS). This process takes three or four steps, depending on what you’re hoping to accomplish:

Step 1.   Define the device or application—This is a simple name, model, and version that tie the parser together.

Step 2.   Create parser templates—The parser templates are instructions to MARS about how to interpret the individual log messages. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required