Reference Number
|
Description
|
CSCsi96790
|
Shared buffer gets stuck when near maximum size
|
CSCsi95074
|
low-traffic bytes ranking report causes process_inlinerep_srv to restart
|
CSCsi93594
|
Pnparser stops processing each time it tries to load the topology
|
CSCsi84817
|
MARS 4.2.5 - not categorising Windows Security event ID 672 properly
|
CSCsi71511
|
http status 500 appears while clicking the incident on the summary page
|
CSCsi64605
|
pnparser restarts frequently with sessionization turned on (default)
|
CSCsi60547
|
Long LC/GC disconnect leads to report sync problem
|
CSCsi52622
|
postfire lags behind due to doing large amount of NetBios name updating
|
CSCsi41173
|
If error occurs sending config change to LC, no other config sent
|
CSCsi39264
|
Cannot Configure an IDSM Module to PULL IPS logs
|
CSCsi32777
|
Configuring many events in drop rule can cause pink box error
|
CSCsi31867
|
csips crashes due to memory corruption
|
CSCsi29398
|
CS-Mars does mitigate to the proper endpoint
|
CSCsi28286
|
GC-LC upgrade to 4.2.4 resulted in Standalone display on LC
|
CSCsi23209
|
Some unsupported nfs cause system errors on MARS.
|
CSCsi19227
|
Some reports/rules/queries match events outside specified IP ranges
|
CSCsi18757
|
CS-MARS - Request to have the "ssldump" command in the MARS CLI.
|
CSCsi17607
|
GC - Zone Model for Auriga 210 showing as 200
|
CSCsi15769
|
NLS_LANG variable should be updated in environment
|
CSCsi15258
|
Accepting the collector, and source ip address as MARS ip address
|
CSCsi11963
|
MARS 4.2.4 not parsing IOS Router NAT properly
|
CSCsi09318
|
Mars - Using IE7, any query over 2 mins to process result in error
|
CSCsi08897
|
CS-MARS - CLI may display incorrect timezone after 03/11/07 DST change.
|
CSCsi04306
|
need to add CPU check for csips, csiosips, and cswin
|
CSCsi03686
|
CS-MARS - HTML/XML tags are not escaped when displaying packet context
|
CSCsi03658
|
CS-MARS - IOS Discovery via Telnet/SSH fails with $hostname in banner
|
CSCsi00963
|
CS-MARS Archiving Causes pidof[xxxxx] Messages to Appear on Monitor
|
CSCsh99201
|
MARS-Scheduled ranking report with ACTION filter produces empty results
|
CSCsh97060
|
MARs says it can delete up to 500 at a time but only lets you delete 50.
|
CSCsh94361
|
Events with port 0 cannot be filtered using port in query/reports/rules
|
CSCsh93759
|
Rules/reports with large queries not working
|
CSCsh89885
|
Mitigation command not display properly in 4.2.4
|
CSCsh89445
|
GUI allow users create rule without putting rule name
|
CSCsh88897
|
race condition in pnparser triage handling caused syslog processing stop
|
CSCsh83068
|
Report and query return no results under device type ANY
|
CSCsh82939
|
MARS failed to restart if the hostname is changed after a restore
|
CSCsh77508
|
MARS is not displaying CSM icon for access-list syslog with severity 0
|
CSCsh75216
|
InLine multiColumn query case attachment Fails
|
CSCsh73553
|
USB Keyboard does not work while re-imaging with DVD
|
CSCsh71162
|
Doc enhancement Mars GC push down IP Mgr group to active LCs
|
CSCsh69765
|
CLI date/time/ntp commands should reboot if time change exceeds 30 mins
|
CSCsh68503
|
ISS SNMP trap: need to parse another format for ICMP type/code fields
|
CSCsh64155
|
MARS is not sending all the parameters to CSM for ASA acl syslog
|
CSCsh58754
|
4.2.2->4.2.3 upgrade sometimes stalls, succeeds after repeated tries
|
CSCsh57236
|
Unknown Reporting Device was missing on GC's DB pn_device table
|
CSCsh56931
|
Rule engine fires only once if only SAME is present in any column
|
CSCsh52537
|
Repeated upgrades 4.2.2->4.2.3 fills hard drive
|
CSCsh51271
|
GC is unable to update LC's device name under admin/LC management
|
CSCsh47461
|
'Details' button does not return
|
CSCsh44179
|
Connection Errors cause inability to select zone in incident/rule edit
|
CSCsh42151
|
GUI Summary pg shows #events < #sessions & negative data reduction rate
|
CSCsh39200
|
MARS charts only display the data for few days
|
CSCsh38818
|
GC-LC upgrade 4.2.2->4.2.3 results in inverted online-offline status
|
CSCsh36853
|
overflow condition in FileSystemFull function (pnbfs.cpp)
|
CSCsh35953
|
MARS unable to add similar named contexts from different fwsm
|
CSCsh29243
|
MARS Device Type label needs to reflect support for IOS 12.2 and later
|
CSCsh22871
|
User can create a device named ANY
|
CSCsh20219
|
Confirmed user false positive query error java.lang.NullPointerException
|
CSCsh18265
|
null drop rule causes parse error in the GUI
|
CSCsh14454
|
server.log can grow unbounded with in a single day
|
CSCsg98026
|
pnlogagent causes acs log files to add (01) to file name
|
CSCsg91816
|
Query for ICMP port 0 shows UDP/TCP results
|
CSCsg86481
|
CS-MARS parsing error for ASA7.0 msg 302018
|
CSCsg83055
|
parsing error for FWSM-n-302003 and FWSM-n-302004
|
CSCsg80475
|
All incidents purged if event-session partition table is corrupted.
|
CSCsg79246
|
Getting a blank window when adding a device in IE 7
|
CSCsg76958
|
FR: Recognize either CIPS network variables or have CSMARS net variables
|
CSCsg75303
|
GC: If chose LC specific device in rule, it doesn't pass to LC correctly
|
CSCsg74922
|
MARS: License invalid after re-image from 3.4.3 to 4.2.2
|
CSCsg73843
|
GC - Unable to change configuration information (email IP) from GUI
|
CSCsg73786
|
Devices should not be added to MARS if Discovery is unsuccessful
|
CSCsg70386
|
SSL uses key less than 1024
|
CSCsg69859
|
SNMP Layer 2 Discovery Error, when community string has been corrected.
|
CSCsg66801
|
Activity: All Events and NetFlow report chart is missing on summary page
|
CSCsg64986
|
Custom column query - got pink box if chose a rule as a filter
|
CSCsg64951
|
Certain ASA 7.0 syslogs do not get parsed by MARS
|
CSCsg64704
|
DNS wasn't configured correctly,Pausing event processing for 40 seconds
|
CSCsg60114
|
System error when generating NAC report
|
CSCsg54313
|
ORA-01654: unable to extend index on MARS 200
|
CSCsg53084
|
MARS - WebVPN ACL Parse error event fires on incorrect syslog
|
CSCsg49227
|
Mars - Events from multiple ids sources are incorrectly sessionized
|
CSCsg47022
|
CS-MARS - Incorrect Start Times on Retrieved Raw Message Files
|
CSCsg44725
|
need to downgrade log level of CSA snmp trap errors in backend log
|
CSCsg41549
|
MARS discovery issues with Loopback IP on IP Unnumbered interfaces.
|
CSCsg41027
|
MARS - Retrieve Raw Messages Fails at 0%
|
CSCsg38029
|
high CPU usage in pnparser due to checkpoint NAT rules
|
CSCsg26352
|
Getting a internal server error when trying to access a incident on GC
|
CSCsg26225
|
Graphs/Images do not show up in case related report emails
|
CSCsg20987
|
CSMARS DTM sdf files are sent with invalid format
|
CSCsg20514
|
Mars backend processes need to save backtraces on a crash for debugging
|
CSCsg20408
|
FW-6-SESS_AUDIT_TRAIL Parsing Error
|
CSCsg16843
|
MARS reporting misleading licensing problem while trying to add a LC.
|
CSCsg14082
|
Default query Changed in system defined report
|
CSCsg13767
|
SuperV doesn't detect/restart processes
|
CSCsg10787
|
CatOS telnet discovery failing.
|
CSCsg08166
|
Unable to discover ASA 7.0 Error:There is no Error Log for this Device
|
CSCsg06339
|
Getting a Timeout Occurred error when running a query with != as service
|
CSCsg04079
|
Lotus Notes client gets JavaScript error with emailed MARS report
|
CSCsg02749
|
custom column report generates empty results
|
CSCsf99844
|
wrong values for current connections using CLI "show resource usage
|
CSCsf96634
|
MARS cannot discover new route added to a router
|
CSCsf31228
|
Unknown device events for FWSM 3.1 FWSM-3-717001 till FWSM-4-717031
|
CSCsf31207
|
Mars doesn't support new/changed FWSM 3.1.3 maintenance release syslogs
|
CSCsf31121
|
Exception in Case Management code when deleting a report
|
CSCsf30116
|
Event Rate on the Top Destination Port graph is not correct
|
CSCsf26715
|
Inaccuracy in per-context memory utilization for multi-context devices
|
CSCsf18192
|
Slow rendering of the GC/LC Summary page
|
CSCsf12825
|
GUI should prevent edit/delete of system-context PIX/ASA 7.0 devices
|
CSCsf11651
|
Device resource monitor incorrectly samples 5 sec CPU instead of 5 min
|
CSCsf06819
|
vulnerabilities not updated for hosts reported by deleted eEye console
|
CSCsf06141
|
high CPU usage in pnparser sessionization
|
CSCsf06019
|
Generic Router UI must support multiple reporting applications
|
CSCse99039
|
Redundant tab add available module under Device type Cisco IOS 12.2
|
CSCse98046
|
need to improve db partition rotation strategy
|
CSCse98029
|
Occasionally corrupted event data enters into MARS database
|
CSCse91636
|
MARS - not all columns seen in CSV reports generated using custom column
|
CSCse88764
|
can't access a ftp server with a user ID/password including @
|
CSCse85564
|
Cannot add devices to a report which has more than 35 devices.
|
CSCse84962
|
eEye: MARS does not remove resolved vulnerabilities from host info
|
CSCse82042
|
Change the Device Type Version for FWSM
|
CSCse82022
|
Unable to view reports starting with #sign in csv format
|
CSCse82017
|
View HTML option for reports turns back to default report format - csv
|
CSCse78738
|
FWSM ifspeed incorrectly reported as 0 for per-context vlan interfaces
|
CSCse78089
|
Unable to upgrade CS-Mars via GUI
|
CSCse73788
|
MARS rediscovers Juniper Netscreen firewalls with wrong OS
|
CSCse60240
|
CS-Mars - report for old events include real-time events
|
CSCse56632
|
Browser hangs if a device is added with more than 50 monitored networks
|
CSCse54976
|
Some incidents are not written to DB
|
CSCse54808
|
The time stamp shown by the pndbusage command is incorrect.
|
CSCse52782
|
Can't change run-time to day in "Resource Issues: Server - Top Reporting
|
CSCse52217
|
Customer gets pink box in GenericHostDeviceEditManagement.jsp
|
CSCse45884
|
LLV query causes client CPU to go to 100%
|
CSCse45018
|
MARS is unable to parse NetScreen 5.x syslogs
|
CSCse42953
|
CS-Mars - unable to show L2 path when source and destination in same net
|
CSCse39426
|
frequent superV & pnparser restarts cause log processing to fail
|
CSCse38565
|
CSV-Re-importing Symantec AV client CSV doesn't work
|
CSCse38356
|
Windows pulling gets stuck for one IP due to invalid content in evt log
|
CSCse35758
|
Inability to trace when first and last event occurred on a query
|
CSCse35420
|
Interface error rate should be separate from discards and unknown protos
|
CSCse34600
|
configurable SNMP timeout support
|
CSCse34407
|
Query Tab -> Multi column query returns wrong results.
|
CSCse33688
|
No Event Types listed under Cisco Switch-IOS 12.2
|
CSCse33172
|
Invalid id used in DbClient::retrieve() 0
|
CSCse32591
|
dealing with duplicate hostnames in VA import
|
CSCse31722
|
Cloud toggle only works on first page of reporting devices
|
CSCse27948
|
pink box when do query - ORA-01555: snapshot too old exception
|
CSCse26964
|
CatOS Syslog %SYS-4-P2_WARN not parsed correctly by MARS
|
CSCse23191
|
Disable 'No Pager' cmd sent by MARS to PIX, ASA, FWSM firewalls
|
CSCse23176
|
MARS Global Controller not producing alerts when losing LC communication
|
CSCse23051
|
viewing report of query type of MAC addresses report got pink box
|
CSCse22838
|
can't find priority for CSA NT-Event-Log events
|
CSCse21626
|
Clicking activate is not taking effect
|
CSCse20593
|
CSM device type could not be added one time (OK most times)
|
CSCse19198
|
Device Cnf: Changes in Mail Gateway IP doesn't reflect Report/ Notif
|
CSCse18816
|
UI takes 99% CPU, hanging browser and slowing system while expanding all
|
CSCse18240
|
DOC: cs-mars doesn't handle vpn paths
|
CSCse17936
|
5K Lines Custom Query fails
|
CSCse13038
|
CS-Mars - learning of McAfee agents with invalid names
|
CSCse11258
|
After group is deleted, items under "All" group not shown
|
CSCse10945
|
Summary Page Graphs Spontaneously Change Displayed Size (w/ multi-head)
|
CSCse09127
|
Failed load from csv returns incorrect status
|
CSCse07425
|
JVM is using up to 1.5 GB on a GC or LC
|
CSCse03237
|
Changes made to GC network groups are not propagated to active LC rules
|
CSCse03134
|
More control is needed over retrieve raw messages and cleanup
|
CSCse03097
|
CheckPoint LEA record comes to MARS later and later
|
CSCse00668
|
rule definition changes can lead to empty reports
|
CSCse00626
|
IP Management -> device group displays hosts only.
|
CSCsd95582
|
Both successful/failed mitigation reports show same results
|
CSCsd93480
|
FOLLOWED-BY in rules has looser constraints than sometimes desirable
|
CSCsd92916
|
CS MARS - Raw Ip Addresses in Custom Query email have incomplete URL
|
CSCsd92285
|
Security Dev Edit page does not check for existing IP address conflict
|
CSCsd90181
|
increasing pnrestore robustness
|
CSCsd89457
|
Incorrect handling of time range for rules that fire periodically.
|
CSCsd86896
|
Clicking the clear button when editing the query type doesn't work.
|
CSCsd84350
|
CS-MARS/CSM: Credentials change on CSM side not checked.
|
CSCsd74283
|
changing report-result retention limit
|
CSCsd73486
|
Mars: Not able to recognize the event type for ISAKMP and IPSec messages
|
CSCsd69137
|
Default Group in Scheduler need to be made to Run On Demand
|
CSCsd69063
|
Reported User with single-quote (') causes oracle error
|
CSCsd61749
|
pnrestore doesn't restore all of the system config
|
CSCsd53173
|
Retrieve raw messages doesn't properly update the progress percentage
|
CSCsd48544
|
port 8444 required for GC/LC communication
|
CSCsd48097
|
Event processing may stop if pnparser creates shared buffers first
|
CSCsd37005
|
user must be able to change own password
|
CSCsd28590
|
CS-MARS - Inactive Reporting Device Rule is not configurable
|
CSCsd22832
|
Attempt to remove IP subnet from IP Management fails, with error
|
CSCsd20196
|
User and System Scheduled Reports fail to display data
|
CSCsd15695
|
Summary dashboard showing incorrect statistics for false positives
|
CSCsd13969
|
resetting italics for GUI links
|
CSCsd06302
|
device name with single quote causes pink box
|
CSCsc97963
|
Netscreen logical interfaces (vlan intf) not discovered
|
CSCsc95831
|
log messages of MARS processes stopped being written into backend log
|
CSCsc91572
|
Multiple target ports in IDS event show up as 'port 0' in query
|
CSCsc90480
|
MARS Incident notification options are not configurable
|
CSCsc87501
|
if set IP address to 0.0.0.0 box trying to reboot
|
CSCsc78878
|
snort signature 2570 incorrectly mapped
|
CSCsc73832
|
Drop rule inactive for events received by netflow in CS-MARS
|
CSCsc59363
|
Need improvement to GUI for multi-line rules
|
CSCsc58485
|
5 tuple information missing from downloaded raw log file
|
CSCsc48498
|
CS-MARS: Upgrade from 3.4.x fails
|
CSCsc42396
|
CS-MARS Viewing IP of grouped sessions throws Exception, no Time var
|
CSCsc30107
|
Cs-Mars - Queries with != in service column don't work
|
CSCsc15590
|
MARS not including all events in a report, query returns events fine
|
CSCsc04484
|
LC Rule/Report list shows empty after deletion of GC group
|
CSCsb80082
|
Deleting a LC w/o exchanging certificates doesn't set mode to Standalone
|
CSCsb77550
|
CSV-re import of CSA and Symantec agents unsuccessful
|
CSCsb67871
|
Got System Error In GC After Re-installed New Version In LC
|
CSCpn03077
|
GC, sys error when adding a LC which was added to GC already
|
CSCpn03057
|
Copied rules have shortened year in front, which is confusing (ex. 0
|
CSCpn03052
|
JBoss 'OutOfMemoryError ' when accessing Management/Event Management
|
CSCpn03005
|
Loading Resource Util report as On-Demand query produces a system error
|
CSCpn02976
|
GC:LC - Communication issues after time zone change
|
CSCpn02973
|
Not able to downgrade a security analyst to Notification only user
|
CSCpn02968
|
Network group search is not working for "All IP addresses
|
CSCpn02901
|
GC/LC, rule does not display user <cxu> but allows such cfg
|
CSCpn02883
|
Event management search works only for event description
|
CSCpn02869
|
Rules editing: changing entry for select window pulldown after error
|
CSCpn02804
|
Replay History feature not working correctly
|
CSCpn02688
|
GC/LC: gc lc displayed diff time rage for the same global report
|
CSCpn02666
|
Batch Query Results with one item returned -> no data in graph in em
|
CSCpn02656
|
System error occurs when # of java connections runs out
|
CSCpn02653
|
No way to specify "!Keyword" without a good "keyword
|
CSCpn02594
|
LC: Path/Mitigate link throws up a pink box after the device has bee
|
CSCpn02574
|
Time change on system causes GC/LC communication problem
|
CSCpn02566
|
rebooting mars while it is upgrading cause the box not accessible
|
CSCpn02558
|
"Agent" didn't be removed correctly
|
CSCpn02549
|
JavaScript Error from ViewReport when clicking Edit/Clear
|
CSCpn02511
|
need to fix errors in affected os
|
CSCpn02470
|
Server csv function could not handle special characters in password
|
CSCpn02414
|
GC/LC user rule is too long to fit into a page if keyword is long
|
CSCpn02410
|
rule was not fired because Oracle log used upper case for user
|
CSCpn02398
|
XML escaping errors in Keyword Search in Rule
|
CSCpn02385
|
Applied $TARGET01 for GC Query Source IP resulted in "resultCounter
|
CSCpn02383
|
IIS parsing must be separated from Windows log
|
CSCpn02251
|
License: Upon entry of 100 license onto 100e, need to restart pnpars
|
CSCpn02177
|
Docs: Filesystem Check after 22 reboots
|
CSCpn02061
|
Saving .csv files under WinXP SP2 results in .htm extension
|
CSCpn02011
|
discovery for special passwd 1"1 failed
|
CSCpn01489
|
BQ: Query summary doesn't mention "severity" if it's a criterion
|
CSCpn01438
|
Batch Query: Under high load, some batch queries may not complete
|
CSCpn01416
|
Select: Temp paging fix on Notification-SNMP page
|
CSCpn01398
|
Unable to shutdown an interface
|
CSCpn01382
|
Security device type hosts don't show up in IP management
|
CSCpn01319
|
pnreset command does not cause reboot
|
CSCpn01293
|
Host OS listing needs cleaning
|
CSCpn01219
|
Cleanup script for invalid /etc/qpage.conf entries
|
CSCpn01134
|
Cloud name input box accepts invalid characters
|
CSCpn01051
|
Browser: Open non-supported browser to MARS causes other browsers to
|
CSCpn01045
|
Archiving: Need better error message
|
CSCpn00908
|
"Domain" in Configuration page - no use
|
CSCpn00610
|
Backend logs can be out of order in the view page
|
CSCpn00596
|
RelNote: Events and Sessions counts can be out of synch
|
CSCpn00586
|
nasl message text needs to be changed
|
CSCpn00455
|
Graph doesn't refresh when a cloud is renamed
|
CSCpn00293
|
using TAB in editing fields
|
CSCpn00259
|
Setting Logging Level for "GUI" to "Trace" and saving -> "Debug
|
CSCpn00212
|
Graphgen crashes when there are many non-existent devices
|
CSCpn00183
|
Adding devices w/o "Activate" can cause "messy" graph
|
CSCpn00173
|
Nessus should check pre-NAT address instead of Post-NAT address
|
CSCpn00166
|
Inconsistent behavior for "ANY" in Rules and Queries
|
CSCpn00146
|
Report names that differ by only slashes or dashes conflict
|
Feedback
We sometimes update the printed and electronic documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.
