Cisco Systems CL-28826-01

11-24

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 11 Configuring Security Manager Administrative Settings

Event Management Page

Field Reference

Table11-13 Event Management Page

Element Description

Event Management Options

Enable Event Management Whether to enable the Event Manager service, which allows Security

Manager to collect event information. If you disable this feature, you

cannot use the Event Viewer or Report Manager applications.

Tip If you change this setting and click Save, you are prompted to

confirm that you want to start or stop the Event Manager

Service. If you click Yes, the service is started or stopped

immediately, and you are shown a progress indicator and told

when the change is completed. Wait until the status change is

completed before continuing.

Event Data Store Location The directory to use for collecting event information. This is known as

the primary event store. Click Browse to select a directory on the

Security Manager server.

If the directory does not yet exist, create it in Windows Explorer. You

cannot create the directory from within Security Manager.

Tip If you change the location after you have started using the Event

Manager service, you cannot query old events.

Event Data Store Disk Size The amount of disk space you want to allocate for storing event data, in

gigabytes (GB). Events are incrementally deleted (rotated out) from the

extended store when it becomes 90% full. Before changing this setting,

consider the following:

•If you reduce the size below the amount of disk space already used

by event data, the oldest events are deleted until your new size limit

is reached.

•You can see a visual representation of the amount of space

currently used for event data. Open the Event Viewer (Launch >

Event Viewer), then from Event Viewer, select Views > Show

Event Store Disk Usage.

Event Syslog Capture Port The port on which you want to enable syslog event capture. The default

is 514.

You must ensure that the Security Manager server, and intervening

firewalls, allow incoming traffic on this port for Security Manager to

collect the events. Managed devices must be configured to send syslog

information to this port on the Security Manager server.

Tip If you change this port, you must also change the Syslog

Servers policies for all ASA and FWSM devices and security

contexts that send events to Security Manager. For more

information, see Syslog Servers Page, page 52-21.

Event Data Pagination Size The maximum number of events per page each query response can

contain. The default is 20000, but you can select a different size from

the list of supported values.