cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1483
Views
0
Helpful
4
Replies

Help for Cisco Security Manager

Hi All,

Please help me how cisco security manger is managing logs from different devices.

For example cisco security manager can manage FWSM, ASA, IPS devices.

Does it stores  logs from this devices into some central location where CSM is being installed in some database or some file.

Can I be able to read logs for all those devices including CSM from one single point. Please help me.

4 Replies 4

Chetankumar Phulpagare
Cisco Employee
Cisco Employee

Yes, logs from devices are stored in eventing database found under CSM installation diectory:

%NMSROOT%\MDC\eventing\database

For centralized monitoring, CSM Event Viewer application can be used. This application is included in CSM client.

Hope this helps!

Thanks,

Chetan

Hi Chetan,

Thanks for your help but what I'm wondering that this option is available when, backup & restore is in progress & it stops event viwer as well.

Can this be used in acquiring real time logs.

Hi Bidyut,

When CSM services are running, Event Viewer can show the events in real time.

You are right about backup. When CSM application backup is running, its services on the server are stopped. So, there is a risk of loosing logging events that are sent to CSM server during the period of backup. By scheduling backup out of user-activity hours, risk of losing important events can be minimized.

On the other hand, events on IPS devices have to be polled from the device. So, there is no loss of IPS events in case of CSM application backup.

Thanks & Regards,

Chetan

But again the question remains the same, how could i be able to read real time log from all devices from a single point.

Actually i want to know whether i could be able to read log from a single source other than Event Viwer for example some Log files as it kept during backup or i can redirect all those devices logs to send logs to some centrailsed syslog server.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: