Filter
Top Products
66-19
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 66 Viewing Events
Overview of Event Viewer
Event Summary Specifies that this is a summary alert, representing one or more alerts
with common characteristics. The numeric value indicates the number
of times the signature fired since the last summary alert with a matching
initialAlert attribute value.
Event Type ID For ASA or FWSM, the syslog ID.
For IPS, this value could be:
• A combination of Sig Id & Sub-Sig ID (for IPS Alert Events)
• IPS Status (for IPS Status Events)
• IPS Error (for IPS Error Events).
Execution State The execution status of the application.
Final Alert Applies to a summary alert, representing one or more alerts with
common characteristics. It indicates whether this is the last event alert
containing the same value in the initialAlert attribute.
Generation Time Represents device local event generation time (available only for IPS
events).
Global Correlation Audit
Mode
Whether the alert was handled with audit mode processing: true or
false.
Global Correlation Deny
Attacker
Whether a deny-attacker action occurred (or would have occurred)
because an internal override was exceeded due to the calculated risk
rating: true or false.
Global Correlation Deny
Packet
Whether a deny-packet action occurred (or would have occurred)
because an internal override was exceeded due to the calculated risk
rating: true or false.
Global Correlation Modified
Risk Rating
Whether the risk rating was adjusted by adding the reputation risk delta
due to the risk rating: true or false.
Global Correlation Other
Overrides
Whether any other defensive actions were taken because an override
threshold was exceeded due to the calculated risk rating: true or false.
Global Correlation Risk
Delta
A value from 0 to 99 that indicates how much the risk rating was
increased due to the reputation score. If audit-mode is enabled, then it
indicates how much the risk rating would have been adjusted had
audit-mode not been enabled.
Hit Count The number of times the flow was permitted or denied by the ACL entry
in the configured time interval. The value is 1 when the ASA or FWSM
generates the first syslog message for a particular flow.
Hit Count Info ACL Hit Count information, for example, First hit.
Host ID The globally unique identifier for the host that originated the event.
ICMP Code The code of the ICMP type. For example, ICMP Type 3 and Code 0 is
Net Unreachable or Code 1 is Host Unreachable.
ICMP Type The type of ICMP message. For example, 3 for Destination
unreachable, 8 for Echo.
Table 66-6 Event Viewer Column Descriptions (Continued)
Column Label Description