66-33
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter66 Viewing Events
Using Event Viewer
e. In the Security Manager client’s Tools > Security Manager Administration > Event Management
page, select the Enable Event Management check box and click Save. You are prompted to verify
that you want to start the service; click Yes and wait until you are notified that the service has started.
Step 2 To restore the event data store, use the same process you used to back up the data with the following
exceptions:
Instead of making a copy of the existing event data store, copy the backup into the event data store
location. You can optionally delete the existing data before copying in the backup data. However, as
long as you do not exceed the data store size limit, you can mix the backup and existing data. (The
data store limit is configured in the Tools > Security Manager Administration > Event
Management page.)
Note Mixing old and new data works only if you are preserving the existing copy of
collector.properties (that is, you are not restoring the file), and the new and old data are
from the same server. You cannot merge the data store from two or more separate
servers.
Do not restore collector.properties unless you are recovering from a hardware failure or some other
event that required you to reinstall Security Manager.
Using Event Viewer
Use Event Viewer to help troubleshoot network problems involving monitored devices. Using views and
filtering, you can analyze problems to help identify the cause and possible remedies.
This section contains the following topics:
Using Event Views, page66-33
Filtering and Querying Events, page 66-39
Performing Operations on Specific Events, page 66-45
Looking Up a Security Manager Policy from Event Viewer, page 66-48

Using Event Views

When you view events in Event Viewer, you open a view. A view is a set of filters and other properties,
including color rules, selected columns and their positions and widths, and the default time window, that
let you define a subset of events. Views help to limit the scope of the events list so that you can more
easily find what you are looking for.
This section contains the following topics:
Opening Views, page 66-34
Floating and Arranging Views, page66-34
Customizing the Event Table Appearance, page 66-35
Switching Between Source/Destination IP Addresses and Host Object Names, page 66-36
Configuring Color Rules for a View, page 66-36