Cisco Secure Intrusion Detection System








5.1
Managing Alarms



5.1.1
CSPM Event Viewer





This section discussing using the CSPM Event Viewer to view, interpret, and dispose of alarms.
Intrusion alarms generated by Sensors
are sent to the CSPM host, which displays these events in the Event
Viewer window. To open the Event Viewer, choose Tools>View
Sensor Events>Database from the top menu in the CSPM window.
The View Database Events window appears. Choose the Event Type and
the Start and Stop times. The following describes the View Database
Event selection parameters:

TypeIDS alarm types. CSIDS
Alarms is the only selection.
TimeStart and Stop times of
alarms to display in the Event Viewer

An option to view archived IDS events
is also available. To open the Event Viewer to view IDS archived
events, choose Tools>View Sensor Events>Log Files from
the main menu in the CSPM window. The instance of the Event Viewer
that is viewing Sensor events from log files will not display new
alarms received by CSPM. CSPM stores new alarms in the database.
Many Event Viewer windows may be
opened this way. Once an Event Viewer window is opened, its display
characteristics can be modified independently of all other Event
Viewer windows opened. This way you can customize each window to display events based on
different criteria, as required by your environment.