O'Reilly logo

Advanced Host Intrusion Prevention with CSA by Chad Sullivan, - CCIE No. 6394, Jeff Asher, Paul Mauvais

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 10. Local Event Database and Event Correlation

The Cisco Security Agent Management Console (CSA MC) provides the security administrator access to logged data collected from agents throughout the CSA deployment. A database stores this data, and you access it through the Event Log and Event Monitor screens. This chapter provides the information necessary to best locate and sort the data required to complete various tasks, such as tuning the deployment and investigating possible security breaches in the environment.

In this chapter, you explore the following topics:

  • Event database

  • Event Log and Event Monitor views of the database

  • The filtering of logs

CSA MC Event Database

The CSA MC stores all events collected from the CSA in a database format. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required