Details View

The Details view allows you to see details about the Event Source, as well as viewing a sample of the logs identified for each type in order to verify their accuracy.

You can access the Details view in a couple of ways.

  • From the Toolbar, click the View Details button. Or, you can
  • Double-click on the Event Source you selected.

Workflow

This workflow shows the overall process for configuring event sources.

netwitness_111_02_ackmapes.png

What do you want to do?

Role I want to... Documentation
Administrator

View and modify event sources.

Managing Event Source Groups
Administrator *Acknowledge and map events sources. Acknowledging and Mapping Event Sources

Administrator

Add and configure parser mappings for a Log Decoder

Manage Parser Mappings

Administrator

View log parser details

Manage Parser Mappings

Administrator

Troubleshoot event source management.

ESM Troubleshooting & Appendix

*You can perform this task here.

Related Topics

Viewing Logs from Pre-11.0 Log Decoder

Quick Look

The following example shows the discovery scores, event source types, logs, and attributes that correspond with the Event Source you selected in the Event Sources panel for a single Log Decoder.

Note: Device logs are only available for 11.0.0.0 and above Log Decoders.

netwitness_esvwdets.png

1 Displays the address of the selected Event Source.
2 Displays the potential type of the selected Event Source.
3

Displays the selected Event Source Mapping Type as Auto-Mapped, Manually Mapped, or None. Any changes to the Event Source Mapping are only displayed here.

4

Displays the discovery score for the selected Event Source type from least confident (0) to most confident (100).

5 Displays timestamps for the last few logs that have been parsed to the selected Event Source Type.
6 Displays the address of the Log Decoder that is parsing event sources.
7 Displays the discovery score of the corresponding log.
8 Displays logs for the selected Event Source type.
9 Allows you to acknowledge that all the discovered Event Source types are correct.
10 Allows you to set the appropriate parsers for selected Event Source addresses.
11 Displays the Event Source Management attributes for the selected Event Source Type.