Cisco CS-MARS-20-K9 - Security MARS 20 User Manual page 407

Chapter 20 Queries and Reports
Only All Marching Events, and All Matching Events Raw Messages have the Raw events option.
Click Apply.
c.
The Query Event Data screen appears with the Save as Report and Save as Rule buttons gray and
inactive, as shown in
Figure 20-15
Modify the parameters of the Query Event Data filter as you require and click Submit.
Step 4
Note
Real-time results begin to scroll up from the bottom of the page within 5 seconds, as shown in
Figure
78-17020-01
All Matching Events with Raw events displays Event ID, Event Type, Source IP/Port,
Destination IP/Port, Protocol Time, and Reporting Device fields.
All Matching Events Raw Messages with Raw events displays Event ID, Event Type, Time,
Reporting Device, and Raw Message fields.
A Result Format with the Sessionized Events option displays Event/Session/Incident ID, Event
Type, Source IP/Port, Destination IP/Port, Protocol, Time, Reporting Device, Path/Mitigation,
and Tune fields.
Figure 20-15.
Real-Time Event Query to Submit
The Operation, Rule, and Action parameters of the Query Event Data filter do not function for
the real-time event viewer.
20-16. Real-time raw events are shown in this example.
User Guide for Cisco Security MARS Local Controller
Viewing Events in Real-time
20-15