Filter
Top Products
66-30
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 66 Viewing Events
Managing the Event Manager Service
The event data store location does
not exist, therefore events cannot
be stored.
High The event data store location as configured in the
Security Manager Administrative Settings does
not exist or the Security Manager server does not
have the required read/write permissions to the
location. For more information about configuring
the location, see Event Management Page,
page 11-22.
Low severity events are being
dropped.
Low Either events are being received at a very high rate
or the system is under a heavy load.
To identify if a device is sending events too
frequently, you can open the All Device Events
view and switch to real-time mode, as described in
Switching Between Real-Time and Historical
Views, page 66-38.
To identify if the server is under a heavy load, log
into Windows on the server and use Task Manager
or another tool to see if there is an application
other than Security Manager that is taxing the
system. If possible, disable or stop the application.
If the problem occurs frequently, consider
uninstalling the other application from the server.
Low and medium severity events
are being dropped.
Medium
All events are being dropped. High
Events from unknown devices are
being received.
Low Syslog events are being sent to the Security
Manager server from devices that are not selected
for monitoring as described in Selecting Devices
to Monitor, page 66-31. These devices might not
be supported device types for monitoring and they
might not even be in the Security Manager
inventory.
The message varies based on the EPS rate for these
devices. A low severity message indicates the EPS
rate is between 500 and 5,000; a medium indicates
an EPS rate between 5,000 and 10,000; a high
indicates an EPS rate greater than 10,000.
The Events from Unmonitored Devices statistic
in the Last 5 Minutes Statistics shows the number
of these events and the IP address of the last
unsupported device. Either select the device for
monitoring or change the syslog policy for the
device to remove the address of the Security
Manager server. You will need to repeat the
process if more than one unmonitored device is
sending messages.
Events from unknown devices are
being received at a high rate.
Medium
Events from unknown devices are
being received at a very high rate.
High
Table 66-8 Event Manager Status Messages (Continued)
Alert Message Alert Level Possible Action