Investigate Task Modules in the NSM User Interface Overview
The Investigate task includes the following top-level modules:
The Log Viewer displays log entries that your security devices generate based on criteria that you defined in your security policies, on the GUI server, and in the device configuration. Log entries appear in table format; each row contains a single log entry, and each column defines specific information for a log entry.
You can customize the view (which log entries and what log information is shown) using log filters or by changing the column settings.
Use the Log Viewer to:
View summarized information about security events and alarms
View information about a specific log entry
Show, hide, or move columns to customize the Log Viewer
Filter log entries by column headings
Create and save custom views that display your filters/column settings
Set flags on Log Viewer entries to indicate a specific priority or action
For more details on using the Log Viewer, see the Network and Security Manager Administration Guide.
The Report Manager contains summary, graphs, and charts that detail specific security events that occur on your network. NSM generates reports to visually represent the information contained in your log entries. You can use reports to quickly summarize security threats to your network, analyze traffic behavior, and determine the efficiency of NSM. To share reports or to use report information in other application, you can print or export report data.
The Log Investigator contains tools for analyzing your log entries in depth. Use the Log Investigator to:
Manipulate and change constraints on log information
Correlate log entries visually and rapidly
Filter log entries while maintaining the broader picture
Realtime Monitor provides a graphical view of the current status of all devices managed by NSM. Table 1 describes the monitoring status of all NSM managed devices.
Table 1: Monitoring Status of NSM Managed Devices
NSM Managed Devices
Tracks the connection state and configuration state of your security devices and IDP sensors. You can also view device details to see CPU utilization and memory usage for each device, or check device statistics.
Tracks the status of all VPN tunnels.
Tracks the status of security devices in clusters.
IDP Cluster Monitor
Tracks the status of IDP clusters.
You can customize Realtime Monitor to display only the information you want to see, as well as update information at specified time periods. You can also set alarm criteria for a device or process. For more details on Realtime Monitor, see “Realtime Monitoring“ in the Network and Security Manager Administration Guide.
Security Monitor provides access to the Dashboard, Profiler, and Security Explorer. These tools enable you to track, correlate, and visualize aspects about your internal network, enabling you to create more effective security policies and minimize unnecessary log records. For more details, refer to “Analyzing Your Network” in the Network and Security Manager Administration Guide.
Audit Log Viewer
The Audit Log Viewer contains a log entry for every change made by an NSM administrator. For more details on Audit Log Viewer, see “Using the Audit Log Viewer” in the Network and Security Manager Administration Guide.