© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Managing Events
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Objectives At the end of this lesson, you will be able to meet these objectives: Explain the purpose of logging Describe how to view and configure events in the Event Log Describe how to view and configure events in the Event Monitor Identify the functions of the Event Log Management feature Identify the functions of the Event Management Wizard Describe how to configure an event set Describe how to configure an alert Describe how to view the overall system status information
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v What Is Logging? Logging refers to the process of recording information about events generated by host systems in the CSA MC Event Log. The Event Log provides detailed information about the time, origin, and the effect of the risk on the network.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using the Verbose Logging Mode
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Logging Deny Actions
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Viewing Events Using the Event Log
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Event Log View
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Viewing Filtered Events
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Viewing Events Using the Event Monitor
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Event Monitor View
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Event Log Management
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Global Event Insertion Threshold Parameters
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Event Auto-Pruning Task
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Event Management Wizard
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Exception Rule
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Exception Rule (Cont.)
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Exception Rule (Cont.)
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Exception Rule (Cont.)
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Exception Rule (Cont.)
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Exception Rule (Cont.)
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Exception Rule (Cont.)
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Logging Exception Rule
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Logging Exception Rule (Cont.)
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Logging Exception Rule (Cont.)
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Logging Exception Rule (Cont.)
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Logging Exception Rule (Cont.)
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Logging Exception Rule (Cont.)
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Performing an Application Behavior Analysis
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Performing an Application Behavior Analysis (Cont.)
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Performing an Application Behavior Analysis (Cont.)
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Performing an Application Behavior Analysis (Cont.)
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Event Suppression
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Event Suppression (Cont.)
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Event Set
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Event Set (Cont.)
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Alert
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Viewing System Summary Information
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Summary Logging refers to the process of recording information about events generated by hosts systems in the CSA MC Event Log. An Event Log allows you to view the system events provided by registered agents or hosts, based on designated time frames, event severity levels, and the system that generated the event. The Event Log Management feature allows the creation of event database management tasks to manage the size of your event log. The Event Management Wizard is used to analyze the activities recorded in the Event Log and take appropriate actions based on them. The Event Monitor allows the detection of new Agents or user groups, determines the status of functionality of the server, and helps in viewing other system-related events. An alert is used to notify an administrator about any critical event that has occurred on a host system.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v