ELM Console (MMC) > Viewing and Notifying

Security views are modified in the MMC however viewing the results is more efficient using the ELM Management Console.

Administrators can track security issues by using Security Views. Security Views allow you to group events that match Exclude and/or Include Filters with the options to notify or report based on that Security View. Security Views differ from Event Views slightly by design in that only security-related events (audit success and audit failure events) are displayed in the view. The Security View also uses a security-centric layout to display critical security information from the events. This view displays values from the Event Description field (e.g., Logon Type, Logon ID, etc.) as individual columns for easy sorting. This allows you to customize Views with specific information that is normally buried within the security event log record.

Records in Security Views are generically referred to as “Events.” Events generate from several sources:

•Event log entries collected from Windows-based systems.

•Syslog messages received from Syslog clients

•SNMP Traps received from SNMP-capable systems and devices

•ELM Server generated Events

A Security View has two display modes:

•Detail View mode (default) which shows each event on a single line in the Security View.

•Summary Event mode displays a summary roll-up (i.e., count of events). The Summary View display mode is very useful to determine the busiest events across multiple systems by sorting on the Count column heading.

Pausing Event Views – On busy servers, thousands of events can stream into the Security View making it difficult to read a specific event. Pause the Security View to get more detail on the event or to exclude the event from the Security View.