Please help me how cisco security manger is managing logs from different devices.
For example cisco security manager can manage FWSM, ASA, IPS devices.
Does it stores logs from this devices into some central location where CSM is being installed in some database or some file.
Can I be able to read logs for all those devices including CSM from one single point. Please help me.
Yes, logs from devices are stored in eventing database found under CSM installation diectory:
For centralized monitoring, CSM Event Viewer application can be used. This application is included in CSM client.
Hope this helps!
Thanks for your help but what I'm wondering that this option is available when, backup & restore is in progress & it stops event viwer as well.
Can this be used in acquiring real time logs.
When CSM services are running, Event Viewer can show the events in real time.
You are right about backup. When CSM application backup is running, its services on the server are stopped. So, there is a risk of loosing logging events that are sent to CSM server during the period of backup. By scheduling backup out of user-activity hours, risk of losing important events can be minimized.
On the other hand, events on IPS devices have to be polled from the device. So, there is no loss of IPS events in case of CSM application backup.
Thanks & Regards,
But again the question remains the same, how could i be able to read real time log from all devices from a single point.
Actually i want to know whether i could be able to read log from a single source other than Event Viwer for example some Log files as it kept during backup or i can redirect all those devices logs to send logs to some centrailsed syslog server.