Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Are the events spooled to the Event Viewer?

Hi,

Are the events spooled to the Event Viewer and stored there?

or

Is the Event Viewer viewing the events directly from the Sensors?

On the sensors, how many events,logs, alarm records can be store on them?

How are the events on the sensor purged? FIFO when full?

Ben,

Thx

2 REPLIES
New Member

Re: Are the events spooled to the Event Viewer?

All alerts are pulled from the Event Store and then stored in IEV Database on the windows box. The different views available in IEV, pull these events from the IEV database. When using IEV Real Time Dashboard , the events are subscribed directly from the event Store on the sensor.

In most sensors the max size for Events is 4GB, which is about one week's events(depends on rate etc). After the max limit, events are purged. Events are purged using FIFO (First in First Out).

New Member

Re: Are the events spooled to the Event Viewer?

Hi Ben,

I asked the same question regarding events at the sensor and my question was answered by marcabal on Jan 2, 2004, 12:45pm PST. I thought that you might want to see the answer so I am posting the URL link to the thread.

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.eea7255

I have also read the following section which helped a lot to understand the different processes that are used by a version 3.X sensor to get the event to a database located on the management server>

http://www.cisco.com/en/US/partner/products/sw/secursw/ps5052/products_user_guide_chapter09186a00800d9256.html#xtocid155126

94
Views
3
Helpful
2
Replies
CreatePlease to create content