Chapter 22. Troubleshooting IEV and Security Monitors

The Security Monitor (also known as SecMon) is a component that is installed on top of CiscoWorks Common Services (see Chapter 17, “Troubleshooting CiscoWorks Common Services,” for more details) to receive events, generate reports, and perform correlations. If you have more than three sensors, it is desirable to use a Security Monitor. However, with fewer than three sensors, you can use Intrusion Detection Event Viewer (IEV), which can be downloaded free. In addition to getting events from the IDS sensor (for example, sensor appliance, IOS IPS and so on), Security Monitor can also receive syslog messages from various devices such as Cisco Secure Private Internet Exchange (PIX) firewall, IOS ...

Get Cisco Network Security Troubleshooting Handbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.