Cisco Systems CL-28826-01

66-54

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 66 Viewing Events

Examples of Event Analysis

Step 2 Double-click Botnet Events from the list of predefined views in the left pane. You must double-click to

activate the view and load it into the right pane. To verify the view has been opened, ensure that the tab

name for the view in the right pane says “Botnet Events.” The following illustration shows an example

of the botnet events view.

Figure 66-6 Botnet Events View in the Security Manager Event Viewer

Step 3 To see the details of a specific event, select it in the table. You can then do the following:

•Double-click the event to see the tabular information presented in a more readable format.

•Open the Event Details section at the bottom of the window. The details pane shows information

about the event organized on tabs. The Explanation and Recommended Action tabs include

plain-language information about the event and what you might want to do about it.

The following illustration shows the Event Details pane for the Botnet Destination Blacklist message

338004. In this example, the recommended action is shown. The explanation for this message is “This

syslog message is generated when traffic to a blacklisted IP address in the dynamic filter database

appears.” For information on dealing with this type of event, see Mitigating Botnet Traffic, page66-56.