I guess you are referring to the EV in the Security Monitor of the VMS bundle, because IDS Event Viewer is a Java-based application that enables you to view and manage alarms for up to five sensors only.
In that, you could create filters to show up the info that you require. If you are using the EV from Security Monitor, then the column are sortable by sensors and you will be able to view the alarms for a particular sensor only.
Yes, Im using the EV from the Security Monitor. How exactly do you sort the columns by sensor? I have not been able to figure out how. I have tried to set up filters for the EV but there was no option to filter out sensors, severity.
You can place the columns in any order you choose.
Simply grab the column header and move it to the left or right.
The first column is the Count column, and this column can not be moved, and is not used for sorting.
Any column can be moved into the second column. The events will then automatically be sorted according to this second column.
You can then move another column into the second column and the events will then be sub-sorted by this second column.
Here is an example of what I mean by sub-sorted.
If the Sensor Name were moved to the second column and the Alarm Severity were moved to the third column, then the alarms would first be grouped by sensor and then inside each sensor the alarms would be grouped according to the severity.
If you had 2 sensors then the alarms would be grouped by
sensor1 high severity alarms
sensor1 medium severity alarms
sensor1 low severity alarms
sensor1 information severity alarms
sensor2 high severity alarms
sensor2 medium severity alarms
sensor2 low severity alarms
sensor2 information severity alarms.
If a use is interested in alarms from only a single sensor then the user can move the sensor name or sensor id column all the way to the 2nd column. Then for each sensor he is not interested in he can collapse all of that sensor's alarms into a single line in the GUI.
The user can then expand just the line for the sensor of interest.
Or if the user is interested in only Low level alarms then move the severity column to the 2nd column. The high, medium, and information severity alarms can each be collapsed to a single line (one line for each severity).
And the user can then expand just the Low level alarms.
To learn more about moving the columns to change the sorting order, and to collapse and expand the cells refer to:
This is helpful, but you still wind up having to have the EvsServer load all of the other useless alarm data. What If I want to see a single sensors low alarms in the EV for a 24 period? By what you are telling me, I would have to load 24 hours of data for low, medium and high alarms and for all sensors, and then sort the columns to get the sort order right.
If I had a Cray as my MC, then I might be able to see these alarms within my lifetime.
I have considered using just the IEV as a stand alone to view these alarms from another machine however I ran into a roadblock: After I configured the IEV to a particular sensor, it stopped reporting event store data to my MC. I had to literally delete and reinstall the sensor after I deleted the enire IEV program from the workstation. So, it wasnt a feasable workaround, although it had potential...
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :