Table of Contents
Advertisement
Chapter 24
System Maintenance
33750»Wed Jul 27 16:16:06 PDT 2005»BR-FW-1»10.4.1.1 Mon Jan 6 11:05:34 2003 <134>Jan 06
2003 11:03:53: %PIX-6-302001: Built inbound TCP connection 21000 for faddr 10.1.2.4/9000
gaddr 10.1.5.20/80 laddr 10.1.5.20/80
where it reads: device ID>>date>>device name>>raw message.
If you see Chinese or other unfamiliar characters in the resulting text file, please use Microsoft Internet
Note
Explorer to view the file and verify that the Western European ISO or Western European Windows
encoding value is selected (View > Encoding). The "»" sign appears correctly as a separator when a
compatible encoding is selected.
Retrieve Raw Messages From a Local Controller
Use this selection if archiving is not enabled or if you need to view event data that was received within
the past hour.
To retrieve event data from the Local Controller, follow these steps:
Click Admin > System Maintenance > Retrieve Raw Messages.
Step 1
Figure 24-3
Specify the time range by specifying values in the Start and End fields.
Step 2
Step 3
Select Retrieve Data from DB
Step 4
Select one of the following options:
•
•
Review the Cached Files time range information, and then do one of the following:
Step 5
•
78-17020-01
Retrive Raw Messages Page (4.2.x)
Save to Local. This option retrieves the data from the database and stores it on the local appliance.
Save to Remote. This option retrieves the data from the database and stores it on the archive server,
as identified under Admin > System Maintenance > Data Archiving.
If you want data from within this time range, you do not need for Force Generate Files.
User Guide for Cisco Security MARS Local Controller
Retrieving Raw Messages
24-5
Advertisement
Table of Contents
Troubleshooting
