Table of Contents
Advertisement
Retrieving Raw Messages
Retrieve Raw Messages From Archive Server
Use this selection if archiving is enabled.
To retrieve event data from an archive server, follow these steps:
Step 1
Click Admin > System Maintenance > Retrieve Raw Messages.
Figure 24-2
Specify the time range by specifying values in the Start and End fields.
Step 2
Verify that Retrieve Data From Archived Files is selected.
Step 3
The data will be retrieved from the server identified under Admin > System Maintenance > Data
Archiving.
Click Submit.
Step 4
While MARS is generating your files, you can still use the system for other tasks.
Note
Result: The Retrieving Progress 0% screen appears. When the operation is complete, the Raw Message
Files screen appears, identifying a new Gzip archive file with a filename based on specified time range.
To download and view the generated raw message file, click Click Here to Download next to the
Step 5
filename.
The filename adheres to the following syntax:
YYYY-MM-DD-HH-MM-SS_YYYY-MM-DD-HH-MM-SS.gz.
Use WinZip or another archive expansion program to extract the contents of the Gzip archive file.
Step 6
Once the textfile is extracted from the GNU Zip archive format, its contents resemble the following:
Step 7
User Guide for Cisco Security MARS Local Controller
24-4
Retrive Raw Messages Page (4.2.x)
Chapter 24
System Maintenance
78-17020-01
Advertisement
Table of Contents
Troubleshooting
