You are on page 1of 39

Administering Events and Generating Reports

Managing Events

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-1


Objectives

At the end of this lesson, you will be able to meet


these objectives:
• Explain the purpose of logging
• Describe how to view and configure events in the Event Log
• Describe how to view and configure events in the Event
Monitor
• Identify the functions of the Event Log Management feature
• Identify the functions of the Event Management Wizard
• Describe how to configure an event set
• Describe how to configure an alert
• Describe how to view the overall system status information

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-2


What Is Logging?

• Logging refers to the process of recording information


about events generated by host systems in the CSA MC
Event Log.
• The Event Log provides detailed information about the time,
origin, and the effect of the risk on the network.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-3


Using the Verbose Logging Mode

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-4


Logging Deny Actions

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-5


Viewing Events Using the Event Log

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-6


Configuring the Event Log View

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-7


Viewing Filtered Events

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-8


Viewing Events Using the Event Monitor

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-9


Configuring the Event Monitor View

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-10


Event Log Management

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-11


Configuring Global Event Insertion
Threshold Parameters

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-12


Configuring an Event Auto-Pruning Task

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-13


Event Management Wizard

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-14


Configuring an Exception Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-15


Configuring an Exception Rule (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-16


Configuring an Exception Rule (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-17


Configuring an Exception Rule (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-18


Configuring an Exception Rule (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-19


Configuring an Exception Rule (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-20


Configuring an Exception Rule (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-21


Configuring a Logging Exception Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-22


Configuring a Logging Exception Rule
(Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-23


Configuring a Logging Exception Rule
(Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-24


Configuring a Logging Exception Rule
(Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-25


Configuring a Logging Exception Rule
(Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-26


Configuring a Logging Exception Rule
(Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-27


Performing an Application Behavior
Analysis

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-28


Performing an Application Behavior
Analysis (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-29


Performing an Application Behavior
Analysis (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-30


Performing an Application Behavior
Analysis (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-31


Configuring Event Suppression

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-32


Configuring Event Suppression (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-33


Configuring an Event Set

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-34


Configuring an Event Set (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-35


Configuring an Alert

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-36


Viewing System Summary Information

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-37


Summary

• Logging refers to the process of recording information about events


generated by hosts systems in the CSA MC Event Log.
• An Event Log allows you to view the system events provided by
registered agents or hosts, based on designated time frames, event
severity levels, and the system that generated the event.
• The Event Log Management feature allows the creation of event
database management tasks to manage the size of your event log.
• The Event Management Wizard is used to analyze the activities
recorded in the Event Log and take appropriate actions based on
them.
• The Event Monitor allows the detection of new Agents or user
groups, determines the status of functionality of the server, and
helps in viewing other system-related events.
• An alert is used to notify an administrator about any critical event
that has occurred on a host system.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-38


© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—5-39

You might also like