© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.05-1 Administering Events and Generating Reports Managing Events.

Презентация:

Advertisements

Похожие презентации

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Generating Reports.

Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Generating Behavior Analysis Reports.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Generating Application Deployment Reports.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Configuring Policies.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Configuring Application Behavior Investigation.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Managing Hosts and Deploying Software Updates.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Module Summary Event Management is an important component of network administration that deals.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring Rules Common to Windows and UNIX.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring System Correlation Rules.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring Windows-Only Rules.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring CSA.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring UNIX-Only Rules.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Polices Configuring Groups.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring CSA Installing and Configuring CSA MC.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Creating Application Classes Working with Variables and Application Classes.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Building an Agent Kit.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Rule Basics.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Configuring Application Deployment Investigation.

Транксрипт:

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Managing Events

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Objectives At the end of this lesson, you will be able to meet these objectives: Explain the purpose of logging Describe how to view and configure events in the Event Log Describe how to view and configure events in the Event Monitor Identify the functions of the Event Log Management feature Identify the functions of the Event Management Wizard Describe how to configure an event set Describe how to configure an alert Describe how to view the overall system status information

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v What Is Logging? Logging refers to the process of recording information about events generated by host systems in the CSA MC Event Log. The Event Log provides detailed information about the time, origin, and the effect of the risk on the network.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using the Verbose Logging Mode

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Logging Deny Actions

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Viewing Events Using the Event Log

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Event Log View

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Viewing Filtered Events

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Viewing Events Using the Event Monitor

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Event Monitor View

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Event Log Management

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Global Event Insertion Threshold Parameters

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Event Auto-Pruning Task

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Event Management Wizard

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Exception Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Exception Rule (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Exception Rule (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Exception Rule (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Exception Rule (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Exception Rule (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Exception Rule (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Logging Exception Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Logging Exception Rule (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Logging Exception Rule (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Logging Exception Rule (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Logging Exception Rule (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Logging Exception Rule (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Performing an Application Behavior Analysis

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Performing an Application Behavior Analysis (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Performing an Application Behavior Analysis (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Performing an Application Behavior Analysis (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Event Suppression

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Event Suppression (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Event Set

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Event Set (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Alert

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Viewing System Summary Information

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Summary Logging refers to the process of recording information about events generated by hosts systems in the CSA MC Event Log. An Event Log allows you to view the system events provided by registered agents or hosts, based on designated time frames, event severity levels, and the system that generated the event. The Event Log Management feature allows the creation of event database management tasks to manage the size of your event log. The Event Management Wizard is used to analyze the activities recorded in the Event Log and take appropriate actions based on them. The Event Monitor allows the detection of new Agents or user groups, determines the status of functionality of the server, and helps in viewing other system-related events. An alert is used to notify an administrator about any critical event that has occurred on a host system.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v