Index
IN-34
User Guide for Cisco Security Manager 4.4
OL-28826-01
Event Viewer
archiving (backing up) the event data store
66-32
arranging views 66-34
ASA devices, configuring to provide events 66-25
columns 66-16
configuring color rules 66-36
configuring Event Manager service 66-27
copying events 66-48
creating custom views 66-37
deleting custom views 66-39
editing view name and description 66-38
ensuring time synchronization 66-25
Event Monitoring window 66-12
events
context menu
66-45
event table
customizing appearance
66-35
event details pane 66-24
refreshing 66-40
time slider 66-23
toolbar 66-14
examining event details 66-47
examples of analysis
mitigating botnet activity
66-56
monitoring and mitigating botnet activity 66-52
monitoring botnet activity 66-53
monitoring identity-aware firewall policies 13-27
monitoring TrustSec policies 14-14
overview 66-50
removing false positive IPS events 66-58
understanding botnet syslog events 66-53
user access to server blocked 66-50
features
historical views
66-2
overview 66-1
policy navigation 66-3
real-time views 66-2
views and filters 66-3
File menu reference 66-8
filters
advantages of using network/host objects
66-59
clearing 66-44
column based 66-41
event based 66-43
overview 66-39
submission requirements for policy objects 66-59
text searches (quick filter) 66-44
time range 66-39
time slider 66-40
floating views 66-34
FWSM devices, configuring to provide events 66-25
IPS devices, configuring to provide events 66-26
limits of 66-4
looking up Security Manager policies based on
events
66-48
managing service 66-27
monitoring event store disk space 66-31
monitoring status 66-28
opening views 66-34
overview 66-7
performing operations on 66-45
preparation for use 66-24
recovering the event data store 66-32
saving events 66-48
saving views 66-38
selecting devices to monitor 66-31
settings 11-22
starting or stopping the Event Manager service 66-27
status icon colors 66-28
switching between IP addresses and host object
names
66-36
switching between real-time and historical
views
66-38
syslogs 66-6
troubleshooting
Event Viewer Unavailable message
11-23, 11-25,
66-27
policy objects not available for filtering 66-59
understanding access control 66-3