Monitor Events Using Unified Event Viewer on FMC GUI

Available Languages

Download Options

  • PDF     (4.9 MB)
    View with Adobe Reader on a variety of devices
  • ePub     (5.1 MB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (3.3 MB)
    View on Kindle device or Kindle app on multiple devices
Updated:October 10, 2023
Document ID:221068

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes the use of Unified Event Viewer on a graphical user interface (GUI) on Firewall Management Center (FMC).

    Prerequisites

    Requirements

    Cisco recommends that you have knowledge of these topics:

    • Access to FMC with Admin or Security Analyst privileges
    • FMC with version equal or higher than v7.0

    Components Used

    The information in this document is based on these software and hardware versions:

    • Secure Firewall Management Center for VMware v7.2.5

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Explore

    Step 1. Log into the FMC GUI.

    FMC Login

    Step 2. Navigate to the Analysis tab.

    FMC Dashboard

    Step 3. From the drop-down menu, click on Unified Events.

    Unified Events Example 1

    Example of the Unified Event Page

    Unified Events Example 2

    Review Events

    Step 1. Click on the > icon.

    Unified Events Example 3

    Step 2. The detailed information of the event is shown.

    Unified Events Example 4

    Personalize Columns

    Step 1. Click on the icon Button icon.

    Unified Events Example 5

    Step 2. Select the event fields that you want on the table.

    Unified Events Example 6

    Step 3. (Optional) Search for the field to make navigation easier.

    Unified Events Example 7

    Step 4. Click on an event field to disable or enable.

    Unified Events Example 8

    Step 5. Click on Apply.

    Unified Events Example 9

    Step 6. (Optional) You can reposition the columns by dragging each one to a different location.
    Unified Events Example 10

    Save Column Set

    Step 1. Click on Saved Column Sets.

    Unified Events Example 11

    Step 2. Click on Create column set from current selection.

    Unified Events Example 12

    Step 3. (Optional) Change the name of column set.

    Unified Events Example 13

    Step 4. You can edit an existing set by clicking on the ellipsis (...).

    Unified Events Example 14

    Event Search

    Step 1. To begin searching for specific events click on Select.

    Unified Events Example 15

    Step 2. Select the field where you want to apply the filter.

    Unified Events Example 16

    Step 3. Write the values to use as filter.

    Unified Events Example 17

    Step 4. Click on Apply, to configure the filter.

    Unified Events Example 18

    Step 5. (Optional) You can add multiple values to each filter.

    Unified Events Example 19

    Step 6. (Optional) Add as many filters as you need.

    Unified Events Example 20

    tip-icon

    Tip: You can use operators ( >,<, !, and so on) while writing the values.

    Save Search

    It is possible to save searches so you can reuse the filters you have created.

    Step 1. Click on the magnifying glass icon.

    Unified Events Example 21

    Step 2. Click on Save Search.

    Unified Events Example 22

    Step 3. (Optional) Change the name of the search.

    Unified Events Example 23

    Time Window

    It is easier to narrow relevant events, based on a specific time, by modifying the time window.

    Step 1. To modify the window frame of events, click on date range.

    Unified Events Example 24

    Step 2. Select the range of time in the pop-up window.

    Unified Events Example 25

    Step 3. (Optional) Use Sliding Time Range to show events from a specific time to your current time.

    Unified Events Example 26

    Step 4. Click on Apply to filter the events on the time range configured.

    Unified Events Example 27

    Go Live

    You can enable the Go Live feature to show events in real time. The events appear as they are generated.

    To enable, click on Go Live.

    Unified Events Example 28

    Once it is enabled, it displays the word Live.

    Unified Events Example 29

    caution-icon

    Caution: When Live is enabled it is not possible to modify the time window. In order to modify the time window,first disable Live option by clicking on it again.

    Download Events as Comma-separated Values (CSV)

    Step 1. Click on the download icon to generate a file containing the events currently showing on the page.

    Unified Events Example 30

    Step 2. Select the download folder, name and click on Save.

    Unified Events Example 31

    Step 3. Verify the CSV file.

    Unified Events Example 32

    Related Information

    Revision History

    Revision Publish Date Comments
    1.0
    10-Oct-2023
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Michel Tcheky Lepicard Fiquet
      Cisco Security Technical Consulting Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products