Table of Contents
Advertisement
Cisco Router Devices
Before you can specify the SNMP RO string, you must define an access IP address. MARS uses the
SNMP RO string to read MIBs related to a reporting device's CPU usage, network usage, and device
anomaly data and to discover device and network settings .
(Optional) To enable MARS to monitor this device for anomalous resource usage, select Yes from the
Step 8
Monitor Resource Usage list.
Result: MARS monitors the device for anomalous consumption of resources, such as memory and CPU.
If anomalies are detected, MARS generates an incident. Resource utilization statistics are also used to
generate reports. For more information, see
Step 9
(Optional) If this router has the IOS IPS feature and SDEE access enabled and you have configured the
router to accept HTTPS connections from the MARS Appliance, click Add IPS to provide the username
and password required to pull SDEE events.
Note
IOS IPS does not refer to an IPS module. It refers to a software feature in the IOS software. The IOS IPS
feature is required to enable the DTM functionality in MARS. See
Distributed Threat Mitigation with Intrusion Prevention System in Cisco Security MARS, page 1
more information.
Result: The IOS IPS Information page appears.
Enter the username that has HTTPS access to this device in the User Name field.
a.
Enter the corresponding password in the Password field.
b.
In the Port field, verify the port used for SDEE communications with this device.
c.
MARS pulls data using SDEE over HTTPS. The default port number for HTTPS/SDEE is 443. This
access allows MARS to retrieve XML files that contain the events generated by the IOS IPS feature.
Result: MARS can query the router for SDEE events.
Step 10
(Optional) If you defined an access IP and selected and configured an access type, click Discover to
determine the device settings, including the IOS IPS settings.
Result: If the username and password are correct and the MARS Appliance is configured as an
administrative host for the device, the "Discovery is done." dialog box appears when the discovery
operation completes. Otherwise, an error message appears. After the initial pull, the MARS Appliance
pulls based on the schedule that you define. For more information, see
page
2-39.
To add this device to the MARS database, click Submit.
Step 11
User Guide for Cisco Security MARS Local Controller
3-8
Chapter 3
Configuring Resource Usage Data, page
Technology Preview: Configuring
Configuring Router and Switch Devices
2-41.
Scheduling Topology Updates,
78-17020-01
for
Advertisement
Table of Contents
Troubleshooting
