Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SECMON-Filter events from Eventviewer and still report on them

Does anyone know of a way to tell SECMON to not show an event in the Event viewer but still have it in the DB to report on? Example would be IIS Unicode sig, this fires all the time on our sensors, we have Deny actions setup and do not need to see the events in EventViewer. I would like to run a report at the end of the month to see all the activity though.

Anybody know if this can be done?

Thanks

M

2 REPLIES
New Member

Re: SECMON-Filter events from Eventviewer and still report on th

Anyone?

Silver

Re: SECMON-Filter events from Eventviewer and still report on th

Try the "Alarm channel Event Filter" option available on the sensor. This will help you to filter out unwanted alarms going to the Event Viewer.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/idmiev/swchap3.htm#wp31156

You can use "Filters" in the Event Viewer to customize your views, but can get the complete list of events by specifying the "Data Source".

121
Views
0
Helpful
2
Replies
CreatePlease login to create content