Viewing Logs
NSM logging tools provide a high-level view of the activity on your network, enabling you to view summaries as well as detailed information. You can choose to view log entries for an event that occurs across domains. This section includes the following primary sections:
IDP Logs
NSM collects logs from managed IDP devices and stores them in a central log database. You can use NSM to view, manipulate, and export logs.
Table 1 provides a reference of log views.
Table 1: Log Viewing Options
Log Views | Description |
|---|---|
NSM Log Viewer / Log Investigator | Logs based on notification options you set for security policy rules. Logs related to device events, such as changes in the state of a traffic interface. |
NSM Log Viewer / Log Investigator NSM Security Monitor | Logs produced by the Profiler feature. |
NSM Audit Log Viewer | Logs generated by NSM related to the use of NSM to manage the IDP device. |
statview utility | Logs produced by the application volume tracking (AVT) feature. |
Using NSM Log Investigator
Purpose
You use the NSM Log Investigator to analyze aggregations of logs and drill down based on properties of interest.
Action
To display logs in NSM Log Investigator, select Investigate > Log Investigator.
 | Tip: For details on using NSM to modify aggregation or display options, see the NSM online Help. |
Using NSM Audit Log Viewer
Purpose
You use the NSM Audit Log Viewer to track the administrative changes made to a managed device. Log-entry details include the administrator that performed the change, when the change occurred, and the job results.
Action
To display the NSM Audit Log Viewer table, select Investigate > Audit Log Viewer .
Table 2 describes the columns in the Audit Log Viewer table.
Table 2: NSM Audit Log Viewer Table
Column | Description |
|---|---|
Time Generated | The time the object was changed. The Audit Log Viewer displays log entries in order of time generated by Greenwich Mean Time (GMT). |
Admin Name | The name of the NSM administrator who changed the object. |
Admin Login Domain | The name of the domain (global or subdomain) that contains the changed object. |
Authorization Status | The final access-control status of activities is either success or failure. |
Command | The command applied to the object or system, for example, sys_logout or modify. |
Targets | For changes made to a device configuration or object, the Audit Log Viewer displays the object type, an object name, and object domain. |
Devices | For changes made to a device, the Audit Log Viewer displays the device name, object type, and device domain. For changes made to the management system, such as administrator login or logout, the Audit Log Viewer does not display target or device data. |
Miscellaneous | Additional information that is not displayed in other audit log columns. |
To display details of a configuration change, such as a changed IP address or renamed device, select the audit log entry for that change in the Audit Log table and view details in the Target View table, which appears below the Audit Log Viewer table.
Table 3 describes the Target View table.
Table 3: NSM Audit Log Viewer: Target View Table
Column | Description |
|---|---|
Target Name | To see additional details for an target view entry, double-click the entry. NSM displays the configuration screen that the change was made in and marks the changed field with a solid green triangle. |
Table | To set the table details for the target view entry, double-click the table. Enter or update the options. |
Domain ID | Specifies the domain ID of the target view. |
To display details of a non-configuration event, such as adding the device, auto-detecting a device, or rebooting a device, select the audit log entry for that change in the Audit Log table and view details in the Device View table, which is displayed below the Audit Log Viewer table.
Table 4 describes the Device View table.
Table 4: NSM Audit Log Viewer: Device View Table
Column | Description |
|---|---|
Device Name | To see additional details for an device view entry, double-click the entry. NSM displays the Job Manager information window for the job task. |
Table | To set the table details for the device view entry, double-click the table. Enter or update the options. |
Domain ID | Specifies the domain ID of the device view. |
