The Cisco Security Agent Management Console (CSA MC) provides the security administrator access to logged data collected from agents throughout the CSA deployment. A database stores this data, and you access it through the Event Log and Event Monitor screens. This chapter provides the information necessary to best locate and sort the data required to complete various tasks, such as tuning the deployment and investigating possible security breaches in the environment.
In this chapter, you explore the following topics:
Event Log and Event Monitor views of the database
The filtering of logs
The CSA MC stores all events collected from the CSA in a database format. ...