Viewing Logs
| Cisco ICS provides a variety of log functions including the following:
An example of the log functions from the Logs drop-down list is provided in Figure 4-25. Figure 4-25. Logs The following sections describe each log function in more detail. Incident Log QueryThe Incident Log Query function provides a way to display the logs from IPS Virus Detection or an OPACL Matching during a specific range of dates. Figure 4-26 displays an example of the configuration parameters for an Incident Log Query. Figure 4-26. Incident Log Query Event Log QueryThe logs in Cisco ICS can be queried based upon event type and date range. An example of the types of event logs includes the following:
Figure 4-27 provides a sample of the result from an Event Log Query. Figure 4-27. Event Logs Outbreak Log QueryThe Outbreak Log Query provides a way to display all logs that relate to a certain outbreak management task, as shown in Figure 4-28. Outbreak log query can be considered a subset of the event log query. Figure 4-28. Outbreak Log Query Log MaintenanceLog Maintenance provides a way to manually purge logs of certain types or to define time periods to automatically purge logs from Cisco ICS. Logs can also be exported in commaseparated value (CSV) format. Figure 4-29 displays some of the options to purge logs under Log Maintenance. Figure 4-29. Log Maintenance Note Cisco ICS also features Update and Global Setting tabs in the main GUI. This chapter does not focus on the update global setting feature because this tends to be more generic and related to product maintenance and less specific to the self-defending characteristics of the Cisco ICS product. |
EAN: 2147483647
Pages: 112