Live Monitoring Live Monitoring lets users monitor a network through the correlation of syslogs received from appliances throughout a deployment. The syslogs are received by the Event Manager Receiver Service that then feeds them into an Event Correlation Engine. The engine sends the messages through user-defined rules, and if a rule condition is met, the engine forwards the object to be turned into an alert for Live Monitoring. These alerts are sent to email, traps, other user-defined destinations, and to the new Live Monitoring user interface, if a user is currently monitoring. Viewing alerts in the Live Monitoring interface provides greater flexibility to monitor a network, and to analyze traffic based on protocols, web usage and productivity, or even to detect viruses and attacks in the network. Live Monitoring is a powerful tool when rules are created properly, allowing the user to monitor various amounts of information on the unit(s) efficiently. Be aware that while the alerts keep you updated with what is being sent and received, this might bombard your inbox or trap listener with a heavy amount of notifications. This happens only when the rule is lenient; if the rule is strict, there is not a large number of notifications. This section includes the following subsections: • Using the Rule Manager • Enabling Live Monitoring • Using the Live Monitor Management Interface