Cisco CS-MARS-20-K9 - Security MARS 20 User Manual page 58

Understanding Access IP, Reporting IP, and Interface Settings
Table 2-2 Device Types and Data Available (continued)
Device Type Data Available
AAA Server Login/logout and NAC functionality (deny a
person due to privileges, it triggers NAC
message)
•
•
•
Generic Syslog Same as host, provides support for additional
customer devices.
Generic SNMP Same as host, provides support for additional
customer devices.
Cisco Security Mana Mapping to any committed policy rules defined in
ger Security Manager that match any ACL rules that
could cause the generation of a specific syslog
event by a reporting device. This policy lookup
feature allows you to debug network issues and
understand the cause/effect relationships between
event messages and the device policies and traffic
that resulted in the generation of the event.
Understanding Access IP, Reporting IP, and Interface Settings
When defining a reporting or mitigation device in the web interface, MARS allows (and at times,
requires) you to specify several IP addresses. Understanding the purpose of the different addresses is
important to effectively defining the devices that you want to monitor and manage. It is also important
to understand their relationship to other settings that you can identify.
If a device has a single interface and a single IP address associated with that interface, the access and
reporting IP addresses are the same as the address assigned to the interface. MARS collects this
information separately to support those devices that have multiple interfaces, multiple IP addresses
associated with a single interface, or both.
Note Not all reporting devices support both an access and reporting IP address. Some devices use only access
IP addresses to query the device for the required information (e.g., QualysGuard security service), while
others have no settings that MARS can discover and only generate event messages for MARS to process
(e.g., NetCache appliances). In addition, not all devices require the definition of interfaces.
This section discusses the following three addresses and their relationship to other settings:
•
•
•
User Guide for Cisco Security MARS Local Controller
2-8
passed authentication log
failed attempts log
RADIUS accounting log, including those
events specific to NAC.
Access IP, page 2-9
Reporting IP, page 2-9
Interface Settings, page 2-10
Chapter 2 Reporting and Mitigation Devices Overview
Recommended Configurations
Supporting Cisco Secure ACS Server, page 14-2
Supporting Cisco Secure ACS Solution Engine,
page 14-2
Enable HTTPS on the Security Manager server.
Define an administrative level account on the
Security Manager server that CS-MARS can use
for policy lookups.
78-17020-01