69-8
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 69 Using External Monitoring, Troubleshooting, and Diagnostic Tools
Starting Device Managers
Step 2 Select Launch > Device Manager to start ASDM. For more information about starting device managers,
see Starting Device Managers, page 69-4.
Step 3 In the ASDM window, click the Monitoring button to display the Monitoring panel; click Logging in
the left pane to access the log-viewing options.
Step 4 Select either Real-time Log Viewer or Log Buffer.
Step 5 Click the View button to open the selected log-viewing window.
Note The View button is not displayed if logging is not enabled on the device.
Each syslog message listed in the window includes the following information: message ID number, date
and time the message was generated, the logging level, and the network or host addresses from which
the packet was sent and received.
Step 6 To view the access rule that triggered a specific syslog message, select the message and click the Show
Rule button in the ASDM toolbar (or right-click the message and choose Go to Rule in CSM from the
pop-up menu).
The Security Manager client window is activated and the Access Rules page appears with the rule
highlighted in the rules table. If the syslog entry was triggered by an access rule not referenced in the
current Security Manager activity, an error message appears.
Navigating to an Access Rule from SDM
In an SDM device manager launched from Security Manager, you can view a log of events categorized
by security level under the Syslog tab of the Logging window. You can select a syslog message and
navigate to the access-control rule in Security Manager that triggered the message, where you can update
the rule as necessary.
The Monitor > Logging option in SDM offers four log tabs; Syslog is the only one of these offering the
Security Manager access-rule look-up option. The router contains a log of events categorized by severity
level. The Syslog tab displays the router log, even if log messages are being forwarded to a syslog server.
On Cisco IOS devices, syslog messages are generated for access rules configured with the log or
log-input keywords. The log keyword produces a message when a packet matches the rule. The
log-input keyword produces a message that includes ingress interface and source MAC address, in
addition to the packet’s source and destination IP addresses and ports. When identical packets are
matched, the message is updated at five-minute intervals with the number of packets permitted or denied
in the previous five minutes.
This procedure describes how to look up an access rule in Security Manager from the Syslog tab of
SDM’s Logging panel.
Related Topics
Access Rule Look-up from Device Managers, page 69-6
Navigating to an Access Rule from ASDM, page 69-7
Step 1 Select an IOS router in the Security Manager device inventory.
Step 2 Select Launch > Device Manager to start SDM. For more information about starting device managers,
see Starting Device Managers, page 69-4.