Vendor: Cisco Systems
Product: Cisco Security Monitoring, Analysis and Response System (MARS)
Feature small description.
Cisco MARS is appliance that is capable to collect logs from different sources, somehow correlate them and respond, even actively (i.e. shutdown port) in case of Cisco equipment. It has two physical interfaces: one for management and another - for log collection. Actually you can collect logs via both interfaces but it's not good idea because you need guaranteed management access that is not possible if both interfaces are overwhelmed by logs.
Problem description.
Log sources are deployed in different VLAN s and it's desired to collect logs right from VLAN there they are generated. This is not possible because MARS has only one interface for log collection.
Enhancement description.
Enable MARS to understand 802.1q trunks. This allows us to configure multiple virtual interfaces on one physical, so we can collect logs simultaneously from different VLANs.
Log Collector on Trunk
Log Collector on Trunk
