Viewing Logs

NSM logging tools provide a high-level view of the activity on your network, enabling you to view summaries as well as detailed information. You can choose to view log entries for an event that occurs across domains. This section includes the following primary sections:

  1. IDP Logs
  2. Using NSM Log Investigator
  3. Using NSM Audit Log Viewer

IDP Logs

NSM collects logs from managed IDP devices and stores them in a central log database. You can use NSM to view, manipulate, and export logs.

Table 59 provides a reference of log views.

Table 59: Log Viewing Options

Log Views

Description

NSM Log Viewer / Log Investigator

Logs based on notification options you set for security policy rules.

Logs related to device events, such as changes in the state of a traffic interface.

NSM Log Viewer / Log Investigator

NSM Security Monitor

Logs produced by the Profiler feature.

NSM Audit Log Viewer

Logs generated by NSM related to the use of NSM to manage the IDP device.

statview utility

Logs produced by the application volume tracking (AVT) feature.

Using NSM Log Investigator

Purpose

You use the NSM Log Investigator to analyze aggregations of logs and drill down based on properties of interest.

Action

To display logs in NSM Log Investigator, select Investigate > Log Investigator.

Tip: For details on using NSM to modify aggregation or display options, see the NSM online Help.

Using NSM Audit Log Viewer

Purpose

You use the NSM Audit Log Viewer to track the administrative changes made to a managed device. Log-entry details include the administrator that performed the change, when the change occurred, and the job results.

Action

To display the NSM Audit Log Viewer table, select Investigate > Audit Log Viewer .

Table 60 describes the columns in the Audit Log Viewer table.

Table 60: NSM Audit Log Viewer Table

Column

Description

Time Generated

The time the object was changed. The Audit Log Viewer displays log entries in order of time generated by Greenwich Mean Time (GMT).

Admin Name

The name of the NSM administrator who changed the object.

Admin Login Domain

The name of the domain (global or subdomain) that contains the changed object.

Authorization Status

The final access-control status of activities is either success or failure.

Command

The command applied to the object or system, for example, sys_logout or modify.

Targets

For changes made to a device configuration or object, the Audit Log Viewer displays the object type, an object name, and object domain.

Devices

For changes made to a device, the Audit Log Viewer displays the device name, object type, and device domain.

For changes made to the management system, such as administrator login or logout, the Audit Log Viewer does not display target or device data.

Miscellaneous

Additional information that is not displayed in other audit log columns.

To display details of a configuration change, such as a changed IP address or renamed device, select the audit log entry for that change in the Audit Log table and view details in the Target View table, which appears below the Audit Log Viewer table.

Table 61 describes the Target View table.

Table 61: NSM Audit Log Viewer: Target View Table

Column

Description

Target Name

To see additional details for an target view entry, double-click the entry. NSM displays the configuration screen that the change was made in and marks the changed field with a solid green triangle.

Table

To set the table details for the target view entry, double-click the table. Enter or update the options.

Domain ID

Specifies the domain ID of the target view.

To display details of a non-configuration event, such as adding the device, auto-detecting a device, or rebooting a device, select the audit log entry for that change in the Audit Log table and view details in the Device View table, which is displayed below the Audit Log Viewer table.

Table 62 describes the Device View table.

Table 62: NSM Audit Log Viewer: Device View Table

Column

Description

Device Name

To see additional details for an device view entry, double-click the entry. NSM displays the Job Manager information window for the job task.

Table

To set the table details for the device view entry, double-click the table. Enter or update the options.

Domain ID

Specifies the domain ID of the device view.

Related Documentation