Cisco Support Community
Community Member

CSPM Cvtnrlog headings

I have been running the cvtnrlog daily to keep the log information. I was wondering what exactly is in the log and if there was anything useful that can be done with this information. If there is useful information I would like to take te log file and run it through a script to make it more readable.

If anyone has any help they can offer it would be greatly appreciated.


Cisco Employee

Re: CSPM Cvtnrlog headings

This link is a good reference for the contents of the alarm log files.

Several users have written their own database schemas and imported the alarms into the database to run their own custom reports.

Other users will keep the alarm logs around for a little while. If an attack is seen from an IP, they can use the Event Viewer to open those old log files and look for that IP to see if there had been alarms in the past from the IP.

NOTE: The Event Viewer can open the logs created by cvtnrlog as well as logs created on the sensor (they are in the same format). When it does this, it opens it int active memory for hte Viewer without putting them into the CSPM database.

CreatePlease to create content