Self-Defending Networks: The Next Generation of Network Security

Cisco ICS provides a variety of log functions including the following:

• Incident Log Query

• Event Log Query

• Outbreak Log Query

• Log Maintenance

An example of the log functions from the Logs drop-down list is provided in Figure 4-25.

The following sections describe each log function in more detail.

Incident Log Query

The Incident Log Query function provides a way to display the logs from IPS Virus Detection or an OPACL Matching during a specific range of dates. Figure 4-26 displays an example of the configuration parameters for an Incident Log Query.

Event Log Query

The logs in Cisco ICS can be queried based upon event type and date range. An example of the types of event logs includes the following:

• System Events

• Outbreak Events

• Server Update Events

• Deployment Events

• Connection Status Event

• Host Event

Figure 4-27 provides a sample of the result from an Event Log Query.

Outbreak Log Query

The Outbreak Log Query provides a way to display all logs that relate to a certain outbreak management task, as shown in Figure 4-28. Outbreak log query can be considered a subset of the event log query.

Log Maintenance

Log Maintenance provides a way to manually purge logs of certain types or to define time periods to automatically purge logs from Cisco ICS. Logs can also be exported in commaseparated value (CSV) format. Figure 4-29 displays some of the options to purge logs under Log Maintenance.

Note

Cisco ICS also features Update and Global Setting tabs in the main GUI. This chapter does not focus on the update global setting feature because this tends to be more generic and related to product maintenance and less specific to the self-defending characteristics of the Cisco ICS product.