Chapter 10. Local Event Database and Event Correlation

The Cisco Security Agent Management Console (CSA MC) provides the security administrator access to logged data collected from agents throughout the CSA deployment. A database stores this data, and you access it through the Event Log and Event Monitor screens. This chapter provides the information necessary to best locate and sort the data required to complete various tasks, such as tuning the deployment and investigating possible security breaches in the environment.

In this chapter, you explore the following topics:

Event database
Event Log and Event Monitor views of the database
The filtering of logs

CSA MC Event Database

The CSA MC stores all events collected from the CSA in a database format. ...

Get Advanced Host Intrusion Prevention with CSA now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Advanced Host Intrusion Prevention with CSA by

Chapter 10. Local Event Database and Event Correlation

CSA MC Event Database

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly