Viewing Logs
NSM logging tools provide a high-level view of the activity
on your network, enabling you to view summaries as well as detailed
information. You can choose to view log entries for an event that
occurs across domains. This section includes the following primary
sections:
- IDP Logs
- Using NSM Log Investigator
- Using NSM Audit Log Viewer
IDP Logs
NSM collects logs from managed IDP
devices and stores them in a central log database. You can use NSM
to view, manipulate, and export logs.
Table 1 provides a reference of log views.
Table 1: Log Viewing Options
Log Views
|
Description
|
NSM Log Viewer / Log Investigator
|
Logs based on notification options you set for security
policy rules.
Logs related to device events, such as changes in the state
of a traffic interface.
|
NSM Log Viewer / Log Investigator
NSM Security Monitor
|
Logs produced by the Profiler feature.
|
NSM Audit Log Viewer
|
Logs generated by NSM related to the use of NSM to manage
the IDP device.
|
statview utility
|
Logs produced by the application volume tracking (AVT)
feature.
|
Using NSM Log Investigator
Purpose
You use the NSM Log Investigator to analyze aggregations
of logs and drill down based on properties of interest.
Action
To display logs in NSM Log Investigator, select Investigate > Log Investigator.
 |
Tip:
For details on using NSM to modify aggregation or display
options, see the NSM online Help.
|
Using NSM Audit Log Viewer
Purpose
You use the NSM Audit Log Viewer to track the administrative
changes made to a managed device. Log-entry details include the administrator
that performed the change, when the change occurred, and the job results.
Action
To display the NSM Audit Log Viewer table, select Investigate > Audit Log Viewer .
Table 2 describes the columns
in the Audit Log Viewer table.
Table 2: NSM Audit Log Viewer Table
Column
|
Description
|
Time Generated
|
The time the object was changed. The Audit Log Viewer
displays log entries in order of time generated by Greenwich Mean
Time (GMT).
|
Admin Name
|
The name of the NSM administrator who changed the object.
|
Admin Login Domain
|
The name of the domain (global or subdomain) that contains
the changed object.
|
Authorization Status
|
The final access-control status of activities is either
success or failure.
|
Command
|
The command applied to the object or system, for example,
sys_logout or modify.
|
Targets
|
For changes made to a device configuration or object,
the Audit Log Viewer displays the object type, an object name, and
object domain.
|
Devices
|
For changes made to a device, the Audit Log Viewer displays
the device name, object type, and device domain.
For changes made to the management system, such as administrator
login or logout, the Audit Log Viewer does not display target or device
data.
|
Miscellaneous
|
Additional information that is not displayed in other
audit log columns.
|
To display details of a configuration change, such as a changed
IP address or renamed device, select the audit log entry for that
change in the Audit Log table and view details in the Target View
table, which appears below the Audit Log Viewer table.
Table 3 describes
the Target View table.
Table 3: NSM Audit Log
Viewer: Target View Table
Column
|
Description
|
Target Name
|
To see additional details for an target view entry, double-click
the entry. NSM displays the configuration screen that the change was
made in and marks the changed field with a solid green triangle.
|
Table
|
To set the table details for the target view entry, double-click
the table. Enter or update the options.
|
Domain ID
|
Specifies the domain ID of the target view.
|
To display details of a non-configuration event, such as adding
the device, auto-detecting a device, or rebooting a device, select
the audit log entry for that change in the Audit Log table and view
details in the Device View table, which is displayed below the Audit
Log Viewer table.
Table 4 describes
the Device View table.
Table 4: NSM Audit Log
Viewer: Device View Table
Column
|
Description
|
Device Name
|
To see additional details for an device view entry, double-click
the entry. NSM displays the Job Manager information window for the
job task.
|
Table
|
To set the table details for the device view entry, double-click
the table. Enter or update the options.
|
Domain ID
|
Specifies the domain ID of the device view.
|
Published: 2009-08-20
