66-36
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 66 Viewing Events
Using Event Viewer
Switching Between Source/Destination IP Addresses and Host Object Names
You can view source and destination IP addresses or you can view the host object name of objects that
match a source or destination IP address. By default, the Event Viewer shows host object names when
available.
IP address to host name mapping is supported only for the source and destination of events. Also, the
mapping applies to Host objects only; Event Viewer will not show an object name when the source or
destination of an event matches a Network object, Group object, or Address Range object.
Please clarify the type and content of the object. E.g. is this feature for host type network/host objects
only, that is, the single-value host version of the object? does it work for single-value group objects, or
for network or range objects?
To switch between source/destination IP addresses and host object names, do the following:
To see host objects names for any objects that match a source or destination IP address, select View
> Show Network Host Objects. This option is selected by default.
Tip Hover over a host object name to view the IP address associated with that object.
Note An IP address to host object name cache is created when Event Viewer is launched. If you
define new host objects, you must submit those changes to the database and then close and
relaunch Event Viewer for those mappings to be used.
To see IP addresses in the source and destination columns, deselect View > Show Network Host
Objects.
Configuring Color Rules for a View
You can use color rules to color-code events shown in the event table based on the severity of the event.
Color-coding can help you quickly identify the events that you most want to know about.
You can selectively enable and disable color rules by editing them. This allows you to turn them on and
off without deleting them.
Tip You can configure color rules for both predefined and custom views. However, you cannot share color
rules between views: all color rules are unique to a view. If you want to apply the same rules to multiple
views, you must recreate the rules in each view.
To define and enable a color rule, follow these steps:
Step 1 Open the view in which you want to define the color rule (see Opening Views, page 66-34).
Step 2 Click the Color Rules tab in the View Settings pane (see Event Monitoring Window, page66-12).
Step 3 Do any of the following:
To add a new rule, click the Add button. In the Add Color Rule dialog box, configure the rule as
follows:
Select Enable to make the rule active.
Select the severity level for which the rule applies from the Severity list.