Hello again, Aaron.
1. What are the steps or procedures on how to use' the event correlation' ,like, I need to know the relationships of any number of events with some identifiable patterns - relationships between events.
Event correlation is at the heart of what the LEM product does; it's used in filters, rules, searches, and reports. If you'd like to just browse the data on your database and see if anything "sticks out," nDepth is probably your best bet.
To execute an nDepth search from the LEM Console Monitor view:
- Select an Alert or any field within an Alert from the Monitor view.
- Click the Explore menu on the Alert Grid title bar (next to Pause), and then select nDepth.
This sort of search will show you everything within the timeframe you specify (the default is 10 minutes) related to the event or value you selected. For more information about the basics of using nDepth, check out this video: Navigating the nDepth View of Your Log & Event Manager Console.
Alternately, if you have a specific event or group of events in mind and you want to track their occurrence in real time, a filter is what you're looking for. The following KB article provides a brief overview of how to quickly create a filter for a specific event, and it's got a video embedded in it to walk you through a more detailed example if you're interested: Quickly Creating a Filter for a Specific Alert Type
2. What are the steps to collect logs from Cisco Iron Port S Series web filter? Is there any plugin to install or a tool where I can activate logging on this machine and what are the steps or procedures?
We don't have a tool for this product in our published Supported Data Sources list, so I'll have to refer this question to Product Management.
Thanks for continuing to visit us on thwack! It's great to see more LEM traffic here.
Thanks again for your usual assistance. I overlooked the part that the client has Iron Port in their net infra. It only came up on the later part of the POC.