When you launch the Sentinel Control Center, the Active Views tab is the first tab that is displayed. If the
tab is not displayed, you can access it by:Log in to the Sentinel Web interface, then click
in the toolbar.Click
.Log in to the Sentinel Control Center as a user with Create and use Active Views permission.
The
tab is displayed.Active Views provides two types of views, which display the events in tables and graphs.
Table format displays the variables of the events as columns in a table. You can sort the information in the grid by clicking the column name.
Graphical format displays events as graphs. You can change the chart types by right-clicking anywhere in the chart and by selecting the desired chart type. You can also view the events that match the filter criteria by right-clicking anywhere in the chart and by selecting the
option from the menu. The events are displayed in the Sentinel Web interface.The event table and the snapshot are the two types of Active Views.
Near Real Time Event Table: Displays the events in graphs with the following features:
Holds up to 750 events per 30-second period. If there are more than 750 events, the events are prioritized to display correlated events first, then events that are sent to the GUI by using routing rules, then all remaining events.
By default, the client maintains a 24-hour period of cached events. You can configure the time. For more information, see Section 10.3, Reconfiguring Total Display Time.
By default, the smallest possible display interval of an active view is 30 seconds. This is represented by a gray line in the event table.
Figure 10-1 Gray Line- Indicating the Smallest Possible Display Interval
If there are more than 750 events per 30-second time period, a red separation line indicates that there are more events than are displayed.
Figure 10-2 Red Line- Indicating More Events to Display
When you save user preferences, the system continues to collect data for four days. For instance, if you save your preferences, then log out and log back in the following day, your Active View displays data as if you never logged off.
If an Active View is created and not saved, it continues to collect data for an hour. Within that hour, if an identical Active View is created, the Active View displays data for the last hour.
Snapshot: Time-stamped view of a
table.Several features make an Active View unique.
The filter assigned to an Active View
The z-axis attribute
The security filter assigned to a user
You can change event names to user-friendly names and the new names are populated throughout the system. For more information, see Renaming Event Fields
in the NetIQ Sentinel 7.0.1 Administration Guide.