Cisco CS-MARS-20-K9 - Security MARS 20 User Manual page 149

Chapter 4 Configuring Firewall Devices
Enter the IP address of the interface that publishes syslog messages or SNMP notifications, or both in
Step 5
the Reporting IP field.
To learn more about the reporting IP address, its role, and dependencies, see
Reporting IP, and Interface Settings, page
If you entered an address in the Access IP field, select SNMP, TELNET, or SSH, from the Access Type
Step 6
list, and continue with the procedure that matches your selection:
Configure SNMP Access for Devices in MARS, page 2-11
•
Configure Telnet Access for Devices in MARS, page 2-11
•
Configure SSH Access for Devices in MARS, page 2-12
•
For more information on determining the access type, see
(Optional) To enable MARS to retrieve MIB objects for this reporting device, enter the device's
Step 7
read-only community string in the SNMP RO Community field.
Before you can specify the SNMP RO string, you must define an access IP address. MARS uses the
SNMP RO string to read MIBs related to a reporting device's CPU usage, network usage, and device
anomaly data and to discover device and network settings .
(Optional) If you defined an access IP and selected and configured an access type, click Discover to
Step 8
determine the device settings.
Result: If the username and password are correct and the MARS Appliance is configured as an
administrative host for the device, the "Discovery is done." dialog box appears when the discovery
operation completes. Otherwise, an error message appears. After the initial pull, the MARS Appliance
pulls based on the schedule that you define. For more information, see
page 2-39.
Step 9 To add this device to the MARS database, click Submit.
Result: The submit operation records the changes in the database tables. However, it does not load the
changes into working memory of the MARS Appliance. The activate operation loads submitted changes
into working memory.
Step 10 Click Activate.
Result: MARS begins to sessionize events generated by this device and evaluate those events using the
defined inspection and drop rules. Any events published by the device to MARS before activation can
be queried using the reporting IP address of the device as a match criterion. For more information on the
activate action, see
78-17020-01
2-8.
Activate the Reporting and Mitigation Devices, page
Selecting the Access Type, page
Scheduling Topology Updates,
2-27.
User Guide for Cisco Security MARS Local Controller
NetScreen ScreenOS Devices
Understanding Access IP,
2-10.
4-21