Chapter 22. Troubleshooting IEV and Security Monitors

The Security Monitor (also known as SecMon) is a component that is installed on top of CiscoWorks Common Services (see Chapter 17, “Troubleshooting CiscoWorks Common Services,” for more details) to receive events, generate reports, and perform correlations. If you have more than three sensors, it is desirable to use a Security Monitor. However, with fewer than three sensors, you can use Intrusion Detection Event Viewer (IEV), which can be downloaded free. In addition to getting events from the IDS sensor (for example, sensor appliance, IOS IPS and so on), Security Monitor can also receive syslog messages from various devices such as Cisco Secure Private Internet Exchange (PIX) firewall, IOS ...

Get Cisco Network Security Troubleshooting Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.