Skip to main content

 

 

Cisco Defense Orchestrator

Downloading Events

You can download from CDO, events visible on the Historical tab of the Event Logging page. Here are some features of event downloads:

  • CDO adds the events to a .csv file and then compresses them in the .gz format.
  • A single .csv file can accommodate up to approximately 50 GB of compressed information.
  • Generation of downloadable files can be done in parallel.
  • Once created, the .csv.gz files are stored in Cisco cloud and downloaded directly from there. These files do not consume any CDO/SWC server resources.
  • Completed downloadable .csv.gz files are stored for 7 days and then deleted.
  • A job in-progress can be canceled manually.

Downloading events visible in the Event Logging page is a two step process:

  1. Generate a .csv.gz file containing the events you want to download. (This is a comma separated value file compressed using the GNU Gzip format. To learn more about GNU Gzip see, https://www.gnu.org/software/gzip/.)  
  2. Download the .csv.gz file.

Generate a .CSV.GZ File

  1. On the CDO menu bar, navigate Monitoring > Event Logging.
  2. Click the Historical tab if that view is not already visible.
  3. Use the event filter and search field to find the events you want to download. The events that match the results from that filtering and searching, and that occur within the time range you specify, will be included in the .csv.gz file. 
  4. Click the Generate .CSV button:

generate_csv.jpg

  1. Select a time range between which CDO finds the events.
  2. Enter a meaningful file name. 
  3. Click Generate .CSV.  You can find the file you just generated by clicking the Downloaded Generated Files button.

Note: If you want to cancel generating the .CSV file while it is still running, click the Downloaded Generated Files button, find the running job, and click Cancel.  

Download the .CSV.GZ File

  1. On the CDO menu bar, navigate Monitoring > Event Logging.
  2. Click the Download Generated Files button.

download_generated_files.jpg

  1. Select the file you generated and click Download. Notice that the file is in a compressed format.
  2. Select a location to store the file.

Contents of the .CSV.GZ File

The columns in the .csv.gz field reflect the fields included in the expanded row of an events. Timestamp, FirstPacketSecond, and LastPacketSecond are recorded in seconds in Coordinated Universal Time (UTC) in the .csv file

  • Was this article helpful?