User Guide for Cisco Security Manager 4.4
Chapter 66 Viewing Events
Managing the Event Manager Service
For more information about configuring the Allowed Hosts policy, see Identifying Allowed Hosts,
page 35-7.
• Platform > Device Admin > Server Access > NTP—(Recommended) Configure the same NTP
server that you use for the Security Manager server to ensure consistent date and time information
for easy event correlation. If you use different servers, ensure the servers are synchronized. For more
information, see Identifying an NTP Server, page 35-21.
Tip Although you can configure devices individually to specify the appropriate allowed hosts and NTP
configuration, it is likely that more than one IPS device in your network would use the same
configuration. Although this topic describes how to configure an individual device, you can also create
shared versions of these policies and assign them to multiple devices. For more information about
configuring and assigning shared policies, see Creating a New Shared Policy, page 5-51 and Modifying
Policy Assignments in Policy View, page 5-51.
Managing the Event Manager Service
The Event Manager service enables the use of the Event Viewer application. For Event Viewer to
function, the service must be started. There are several tasks that you can perform to configure and
manage the overall functioning of the service.
This section contains the following topics:
• Starting, Stopping, and Configuring the Event Manager Service, page 66-27
• Monitoring the Event Manager Service, page 66-28
• Selecting Devices to Monitor, page 66-31
• Monitoring Event Data Store Disk Space Usage, page 66-31
• Archiving or Backing Up and Restoring the Event Data Store, page 66-32
Starting, Stopping, and Configuring the Event Manager Service
The Event Manager service must be running for you to use Event Viewer or Report Manager.
When you install Security Manager, the Event Manager service is automatically enabled unless the
server meets the minimum memory requirements that are documented in the Installation Guide for Cisco
Security Manager. Although you can manually start the service on a system that does not meet the
minimum memory requirements, you might find the performance to be dissatisfactory. The key factors
are the number of devices managed and their rate of event generation.
Tip If you get a message that Event Viewer is unavailable when you select Launch > Event Viewer, but the
Enable Event Management option is selected in the Tools > Security Manager Administration > Event
Management page, try restarting the Event Manager Service. First, deselect the Enable option and click
Save. Wait for the service to stop. Then, select the Enable option, click Save, and wait for the service to
finish restarting. You can then try opening Event Viewer again.
The following procedure explains how to start, stop, and configure the Event Manager service.