The Security Monitor (also known as SecMon) is a component that is installed on top of CiscoWorks Common Services (see Chapter 17, "Troubleshooting CiscoWorks Common Services," for more details) to receive events, generate reports, and perform correlations. If you have more than three sensors, it is desirable to use a Security Monitor. However, with fewer than three sensors, you can use Intrusion Detection Event Viewer (IEV), which can be downloaded free. In addition to getting events from the IDS sensor (for example, sensor appliance, IOS IPS and so on), Security Monitor can also receive syslog messages from various devices such as Cisco Secure Private Internet Exchange (PIX) firewall, IOS Router, and so on. This additional capability motivates Security Administrators to deploy Security Monitor even with fewer than three sensors in the network. However, as Security Monitor is used primarily for receiving events and generating reports for IDS/IPS sensor, this chapter focuses primarily on how to configure and troubleshoot IDS/IPS-related issues with IEV and Security Monitor.