Filter
Top Products
66-18
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 66 Viewing Events
Overview of Event Viewer
Destination The IP Address or hostname of the traffic destination (for ASA and
FWSM) or the attack target (for IPS). It can be multi-valued and contain
IPv4 or IPv6 addresses.
If View > Show Network Host Objects is selected and a host object is
defined that matches the destination IP address, the host object name is
displayed.
Tip Hover over a host object name to view the IP address associated
with that object.
Destination Context Data Context buffer indicating the data that was sent just prior to, and
immediately after, the alert was triggered. A Base64-encoded
representation of the stream data that was sourced by the target.
Destination FQDN The fully-qualified domain name of the destination IP address, if any.
Destination Interface The destination interface.
For Etherchannel alerts (426001-426003), this is the name of the
Etherchannel interface for which this event occurred. The member
interface is identified in the Source Interface column.
Destination Locality Whether the target address is located inside or outside of a given
network as specified by the intrusion.
Destination OS The target’s operating system information.
Destination OS Relevance A numerical value indicating the relevance of the destination target OS
value.
Destination OS Source The source of the Target OS data. Possible values are: learned,
imported, or configured.
Destination Service The destination port. It can be multi-valued.
Destination User Identity The user name for the traffic destination, if any.
Device The source of the event; usually the device ID.
A device identified as Not Available has been deleted from the Security
Manager inventory.
Device Identifier For a cluster of ASA devices, the ID of the event’s source node, which
is based on the "Enable Syslog Device ID" configuration on the Server
Setup Page, page 52-16.
A cluster is managed by Security Manager as a single device with
multiple nodes. Thus, all the node’s events are mapped to the cluster
virtual IP and are displayed with the cluster virtual IP in Event Viewer.
You can use “Device Identifier” to filter the syslogs generated by a
specific cluster member of a node.
Direction The direction of the traffic: inbound or outbound.
Event ID A unique sequential number for each event, assigned internally.
Event Name A user-friendly name given to the event.
Table 66-6 Event Viewer Column Descriptions (Continued)
Column Label Description