66-4
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 66 Viewing Events
Introduction to Event Viewer Capabilities
You must have system administrator privileges to change the Event Management administrative
settings page, where you enable or disable the service and configure storage location and other
settings, as described in Starting, Stopping, and Configuring the Event Manager Service, page66-27
and Event Management Page, page 11-22
If you use ACS to control access to Security Manager, you can also control the following:
You can control access to the Event Viewer application using the View Event Viewer privilege.
Using this privilege, you could prevent certain users from accessing Event Viewer, or create roles
that allow access to Event Viewer without allowing access to Report Manager. All default ACS roles
are permitted to use Event Viewer.
You can control which users can enable or disable monitoring for devices using the Modify >
Manage Event Monitoring privilege. A user must have this privilege to select devices for monitoring
as described in Selecting Devices to Monitor, page 66-31. The default ACS roles that have this
permission are system administrator, network administrator, approver, security administrator, and
security appr over.
You can control the use of the policy lookup feature. Users must have View Device privileges to the
device, and also View privileges to the firewall or IPS policy, to perform policy lookup. If users do
not have all permissions, they will get an “Unable to Find Matching Rule” error if they try to look
up a matching rule. For more information about policy lookup, see Looking Up a Security Manager
Policy from Event Viewer, page 66-48.
Users can view events on devices only if they have at least View privileges to the device.
You can control access to the Event Management administrative settings page, where you enable or
disable the service and configure storage location and other settings, as described in Starting,
Stopping, and Configuring the Event Manager Service, page 66-27 and Event Management Page,
page 11-22. The user must have Admin privileges to access this page (or any other administrative
settings page). All default ACS roles except help desk can view the page, but only system
administrators can change settings.
You can control the use of network/host and service policy objects for column filters (such as the
Device, Source, Destination, Source Service, and Destination Service columns). Users must have
the appropriate View Object permissions for network/host, network/host-IPv6, and service objects
to use them in filters. For more information on creating column filters, see Creating Column-Based
Filters, page 66-41.
For information on integrating Security Manager with Cisco Secure ACS, see the Installation Guide for
Cisco Security Manager.
Scope and Limits of Event Viewer
The following table provides details on the functional scope and limits of Event Viewer: