CHAP TER
66-1
User Guide for Cisco Security Manager 4.4
OL-28826-01
66
Viewing Events
Event Viewer enables you to selectively monitor, view, and examine events from ASA (including
ASA-SM), FWSM and IPS devices. Events are organized into views that you can filter or search to find
events that interest you. You can create customized views and filters to fit your needs, or use the
predefined views included in the application.
This chapter contains the following topics:
Introduction to Event Viewer Capabilities, page66-1
Overview of Event Viewer, page 66-7
Preparing for Event Management, page 66-24
Managing the Event Manager Service, page 66-27
Using Event Viewer, page 66-33
Examples of Event Analysis, page 66-50

Introduction to Event Viewer Capabilities

Event Viewer monitors your network for syslog (system log) events from ASA and FWSM devices and
security contexts and SDEE (Secure Device Event Exchange) events from IPS devices and virtual
sensors. Event Viewer collects these events and provides an interface by which you can view them, group
them, and examine their details.
Tip Event Viewer and its related applications, Report Manager and Health and Performance Monitor, are
useful for operational monitoring and troubleshooting of certain types of Cisco devices in your network.
These applications do not provide extensive event correlation, compliance reporting, long-term
forensics, or the integrated monitoring of both Cisco and non-Cisco devices.
When working with IPS events, the Report Manager component of Cisco Security Manager reports
events individually; the Event Viewer component of Cisco Security Manager displays alerts. In the Event
Viewer component, the IPS Summarizer groups events into a single alert, thus decreasing the number of
alerts that the IPS sensor sends out.
Tip Cisco IPS Manager Express (IME) and Cisco Security Manager do not summarize events in precisely
the same way.