User Guide for Cisco Security Manager 4.4
Chapter 66 Viewing Events
Overview of Event Viewer
Initial Alert This field applies to a summary alert, representing one or more alerts
with common characteristics. The value of InitialAlert provides the
event ID of the last non-summary evIdsAlert with the same
characteristic (sigid/subsigid).
Ip Log ID The IP Log Identifier that uniquely identifies (with host-scope) an iplog
IpLog Address The IPv4 or IPv6 address associated with the IP log.
IpLog Alert Reference The global event ID of the evAlert event that triggered the log to be
IpLog Begin Time The start of the time range that is currently available in the log
IpLog Bytes Captured The total bytes captured. Note that some packets that were captured
may have already been deleted from the log due to memory limitations.
IpLog Bytes Remaining The number of bytes remaining until the log will be terminated.
IpLog End Time The end of the time range that is currently available in the log
IpLog Minutes Remaining The minutes remaining until the log will be terminated.
IpLog Packets Captured The total number of packets captured and logged.
IpLog Packets Remaining The packets remaining until the log will be terminated.
IpLog Status A string that represents the log status.
IPS Category The SEE event category.
IPS User The username of the user initiating the operation.
License Limit The maximum number of licenses.
List Name The list that includes the domain name, administrator whitelist,
blacklist, or IronPort list.
Login Action The login action that occurred: loggedIn, loggedOut, or loginFailed.
Malicious Host The hostname of the malicious host.
Malicious IP The IP address of malicious device.
Max Connection The maximum number of NAT connections.
MaxEmbryonic Connection The maximum number of embryonic connections.
NAT Destination The translated (also called natted) destination IP address.
The host name of the translated destination.
NAT Destination Service The translated (or natted) destination port.
NAT Global IP The global address. It can contain IPv4 or IPv6 addresses.
NAT Source The translated (or natted) source IP address. It can contain IPv4 or IPv6
The host name of the translated source.
NAT Source Service The translated (or natted) source port.
Table 66-6 Event Viewer Column Descriptions (Continued)
Column Label Description