Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
382
Views
0
Helpful
2
Replies

SECMON-Filter events from Eventviewer and still report on them

mkirbyii
Level 1
Level 1

‎01-13-2006 11:25 PM - edited ‎03-10-2019 01:50 AM

Does anyone know of a way to tell SECMON to not show an event in the Event viewer but still have it in the DB to report on? Example would be IIS Unicode sig, this fires all the time on our sensors, we have Deny actions setup and do not need to see the events in EventViewer. I would like to run a report at the end of the month to see all the activity though.

Anybody know if this can be done?

Thanks

M

Labels:
0 Helpful
2 Replies 2

mkirbyii
Level 1
Level 1

‎01-18-2006 09:42 PM

Anyone?

0 Helpful

wong34539
Level 6
Level 6

‎01-19-2006 12:35 PM

Try the "Alarm channel Event Filter" option available on the sensor. This will help you to filter out unwanted alarms going to the Event Viewer.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/idmiev/swchap3.htm#wp31156

You can use "Filters" in the Event Viewer to customize your views, but can get the complete list of events by specifying the "Data Source".

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card