On-Demand Reports

On-demand reports are interactive reports that enable you to review the current state of Cisco Secure Policy Manager servers (primary and secondary servers) and the Policy Enforcement Points that are protecting your network, as well as the most recent statistics for network service usage. On-demand reports and scheduled reports differ in that on-demand reports organize the most current data, while scheduled reports organize data collected over a specified period. You can specify scheduled reports under the Reports tree, and their configuration data is stored under the Defined Reports branch.

Learn More About On-Demand Reports

You can generate reports in either ASCII text or HTML formats. ASCII text files enable you to easily import these reports into other applications for custom formatting and presentation. You can also write custom scripts to perform custom analysis on detailed and summary on-demand reports. To view ASCII-based reports, you can use your preferred text editor or viewer, such as Notepad.

The Reporting subsystem in the GUI client includes a web server component that is responsible for displaying the generated reports, whether scheduled or on-demand. This web server component, known as the reporting agent, enables generated reports to be rendered by any HTML-compliant browser.

The reporting agent can be configured to listen for HTTP requests on any TCP port number. If you have a custom network service that conflicts with the default port number (8080), you can reassign the port number on which the reporting agent listens. For more information on reconfiguring this port number, refer to Cisco Secure Policy Manager Administrator's Guide: System Configuration and Maintenance.

In addition to generating audit events that are used by the Reporting and Policy Monitoring subsystems, Cisco Secure Policy Manager provides the ability to export all generated audit events to an ODBC-compliant database. Using this feature, you can perform custom analysis and summary of the network traffic and Policy Enforcement Point activity. Many organizations require custom reports and summaries when studying Internet access costs, network and bandwidth usage, and comprehensive security issues. For more information on exporting audit events to an ODBC-compliant database, refer to Cisco Secure Policy Manager Administrator's Guide: System Configuration and Maintenance.

Task List for On-Demand Reports

You can perform the following tasks from the Cisco Secure Policy Manager Report page. For step-by-step procedures on performing a specific task, refer to the corresponding section.

Note If you are studying the network services traversing a Policy Enforcement Point, such as a PIX Firewall or an IOS Router, you must also ensure that you have correctly configured the log settings for that Policy Enforcement Point to include the detailed service events. For more information on configuring PIX Firewall log settings, refer to the "Specifying Log Settings for PIX Firewall Activity" section. For more information on configuring IOS Router settings, refer to the "Specifying Log Settings for IOS Router Node Activity" section.

For summary reports, you can perform the following tasks.

• Generating and Viewing Summary Event Reports on Demand

• Generating and Viewing Network Service Activity Summary Reports on Demand

• Generating and Viewing User Activity Summary Reports on Demand

• Generating and Viewing the Top Users Report on Demand

• Generating and Viewing the Top Web Sites Report on Demand

• Generating and Viewing the Most Active FTP Sites Report on Demand

For detailed reports, you can perform the following tasks.

• Generating and Viewing Detailed Event Reports

• Generating and Viewing Detailed Network Service Activity Reports on Demand

• Generating and Viewing Detailed User Activity Reports on Demand

You can also perform the following related tasks.

• Generating and Viewing Reports Remotely on Demand

• Printing an On-Demand Report

Generating and Viewing Summary Event Reports on Demand

Event reports provide information about the state of the Cisco Secure Policy Manager servers and Policy Enforcement Points installed on your network. These reports list audit events that are related to the security and normal operation of the primary and secondary servers, as well as the Policy Enforcement Points. Each recorded audit event is classified as informational, related to system integrity, or security relevant. They are also prioritized as normal (green), important (yellow), or severe (red).

You can generate summary event reports upon request. The reports appear in the web browser used to define the report type. Using the built-in HTML browser on the local server or a browser from a remote workstation, you can view all HTML-based or ASCII text-based on-demand reports as they are generated.

To generate and view on-demand summary event reports, perform the following task:

Result: The Cisco Secure Policy Manager Reports page appears in the View pane.

Step 2 In the Cisco Secure Policy Manager Reports page, click the On Demand hyperlink.

Result: The On-Demand Reports page appears in two panes. The CSPM Report menu, in the far left pane, lists the report categories and style of reports that you can generate. The Report Configuration pane, on the far right, enables you to specify the parameters of the report and displays the completed report.

Step 3 To specify the file format to use to store this generated report, click that format in the CSPM Report menu.

The following file formats are available:

• HTML Format Reports. Stores the generated report as an HTML file that you can view with any standard web browser. (Default)

• Text Format Reports. Stores the generated report as an ASCII text file that you can view with a standard text file viewer or editor.

Step 4 To specify that you want to generate a summary event report, click Event Summary in the CSPM Report menu.

Result: The Enter Network Password dialog box appears.

Note If you have previously authenticated during this report editing session, the Enter Network Password dialog box will not appear. Instead, the parameter settings page for the selected report type appears in the Reports Configuration pane.

Step 5 To authenticate to the reporting agent, type the username and password of the Cisco Secure Policy Manager administrative account that you want to use to generate and view this report.

Result: The parameter settings page for the selected report type appears in the Reports Configuration pane.

Step 6 To specify which Cisco Secure Policy Manager servers and/or Policy Enforcement Points should be polled for event data, select those network objects in the Host box.

The Host box lists all the primary and secondary servers and Policy Enforcement Points defined under the Network Topology tree in Cisco Secure Policy Manager.

Tips To select more than one value from this list, press and hold the Shift key or the Ctrl key while clicking an item in the list. The Shift+Click option enables you to select a range of items. The Ctrl+Click option enables you to select items in any order.

Step 7 To specify the time range for which you want to review the summary events, click that option and specify the values required to define that option.

You can use one of the following two options to specify the time range:

• Last <Period> <Unit> Identifies a range to evaluate prior to the current date and time. The Period box specifies a whole number, while the Unit box denotes the unit of time by which the first box is interpreted. The Unit box enables you to specify the last hour or day.

• Start <MM>/<DD>/<YYYY> <HH>:<MM>:<SS>
  End   <MM>/<DD>/<YYYY> <HH>:<MM>:<SS>

Start and end times should be expressed in the MM/DD/YYYY HH:MM:SS format. Start identifies the start of the time period to study, while End identifies the end of the period to study. If you specify an end time that is in the future, the report only contains data up to the current time.

Step 8 To generate the summary event report, click View.

Result: The Event Summary Report appears in the Report Configuration pane.

Tips The View button displays the specified report in the Report Configuration pane. The View (Window) button displays the specified report in a new Web browser window.

Step 9 Repeat Steps 3 through 8 until you have viewed all on-demand summary event reports in which you are interested.

Step 10 To close the HTML-browser view, click any node in the Navigator pane.

Generating and Viewing Network Service Activity Summary Reports on Demand

Network service activity reports provide summary information about all defined network service sessions that transpire during a given time interval and that traverse one or more Policy Enforcement Points. The services included in a service activity report are those network services that are defined under the Network Services branch of the Tools and Services tree.

You can generate summary service reports upon request. The reports appear in the web browser used to define the report type. Using the built-in HTML browser on the local server or a browser from a remote workstation, you can view all HTML-based or ASCII text-based on-demand reports as they are generated.

Note To generate a service report, you must log the statistical audit events for the network service. For more information on logging the statistical audit events, see the "Defining Event Filtering Rules based on Service Statistics" section.

To generate and view on-demand summary network service reports, perform the following task:

Result: The Cisco Secure Policy Manager Reports page appears in the View pane.

Step 2 In the Cisco Secure Policy Manager Reports page, click the On Demand hyperlink.

Result: The On-Demand Reports page appears in two panes. The CSPM Report menu, in the far left pane, lists the report categories and style of reports that you can generate. The Report Configuration pane, on the far right, enables you to specify the parameters of the report and displays the completed report.

Step 3 To specify the file format to use to store this generated report, click that format in the Report menu.

The following file formats are available:

• HTML Format Reports. Stores the generated report as an HTML file that you can view with any standard web browser. (Default)

• Text Format Reports. Stores the generated report as an ASCII text file that you can view with a standard text file viewer or editor.

Step 4 To specify that you want to generate a summary service activity report, click Network Service Summary in the CSPM Report menu.

Result: The Enter Network Password dialog box appears.

Note If you have previously authenticated during this report editing session, the Enter Network Password dialog box will not appear. Instead, the parameter settings page for the selected report type appears in the Reports Configuration pane.

Step 5 To authenticate to the reporting agent, type the username and password of the Cisco Secure Policy Manager administrative account that you want to use to generate and view this report.

Result: The parameter settings page for the selected report type appears in the Reports Configuration pane.

Step 6 To specify the Policy Enforcement Points for which you want to study the network service activity, select those network objects in the Device box.

The Device box identifies the network devices defined under the Network Topology tree that generate the audit event records used in the reports. In the case of a network service report, the Device box lists all the Policy Enforcement Points defined under the Network Topology tree in Cisco Secure Policy Manager.

Tips To select more than one value from this list, press and hold the Shift key or the Ctrl key while clicking an item in the list. The Shift+Click option enables you to select a range of items. The Ctrl+Click option enables you to select items in any order.

Step 7 To specify the time range for which you want to review the service events, click that option and specify the values required to define that option.

You can use one of the following two options to specify the time range:

• Last <Period> <Unit> Identifies a range to evaluate prior to the current date and time. The Period box specifies a whole number, while the Unit box denotes the unit of time by which the first box is interpreted. The Unit box enables you to specify the last hour or day.

• Start <MM>/<DD>/<YYYY> <HH>:<MM>:<SS>
  End   <MM>/<DD>/<YYYY> <HH>:<MM>:<SS>

Start and end times should be expressed in the MM/DD/YYYY HH:MM:SS format. Start identifies the start of the time period to study, while End identifies the end of the period to study. If you specify an end time that is in the future, the report only contains data up to the current time.

Step 8 To specify how you want to sort this service report, click that option in the Sort By box.

The report will be sorted in ascending order by the value specified in the Sort By box. The valid values for this field are as follows:

• Service Name. Sorts the list alphabetically on the basis of the names of the services selected by this report definition.

• Volume. Sorts the list from smallest to largest on the basis of volume of data transferred by a particular user or network service.

• Session Count. Sorts the list from smallest to largest on the basis of the number of sessions that occurred for a particular user or network service.

Step 9 To generate the network service summary report, click View.

Result: The Network Service Summary Report appears in the Reports Configuration pane.

Tips The View button displays the specified report in the Report Configuration pane. The View (window) button displays the specified report in a new web browser window.

Step 10 Repeat Steps 3 through 9 until you have viewed all on-demand network service summary reports in which you are interested.

Step 11 To close the HTML-browser view, click any node in the Navigator pane.

Generating and Viewing User Activity Summary Reports on Demand

User activity reports provide summary information about all network sessions that individual users conduct during a given time interval and that traverse one or more Policy Enforcement Points. The list of users is identified by unique IP addresses originating from session requests.

You can generate summary user reports upon request. The reports appear in the web browser used to define the report type. Using the built-in HTML browser on the local server or a browser from a remote workstation, you can view all HTML- or ASCII text-based on-demand reports as they are generated.

Note To generate a service report, of which user-based reports are a specific type, you must log the statistical audit events for the network service. For more information on logging the statistical audit events, refer to the "Defining Event Filtering Rules based on Service Statistics" section.

To generate and view on-demand summary user activity reports, perform the following task:

Result: The Cisco Secure Policy Manager Reports page appears in the View pane.

Step 2 In the Cisco Secure Policy Manager Reports page, click the On Demand hyperlink.

Result: The On-Demand Reports page appears in two panes. The CSPM Report menu, in the far left pane, lists the report categories and style of reports that you can generate. The Report Configuration pane, on the far right, enables you to specify the parameters of the report and displays the completed report.

Step 3 To specify the file format to use to store this generated report, click that format in the CSPM Report menu.

The following file formats are available:

• HTML Format Reports. Stores the generated report as an HTML file that you can view with any standard web browser. (Default)

• Text Format Reports. Stores the generated report as an ASCII text file that you can view with a standard text file viewer or editor.

Step 4 To specify that you want to generate a summary user activity report, click User Activity Summary in the CSPM Report menu.

Result: The Enter Network Password dialog box appears.

Note If you have previously authenticated during this report editing session, the Enter Network Password dialog box will not appear. Instead, the parameter settings page for the selected report type appears in the Reports Configuration pane.

Step 5 To authenticate to the reporting agent, type the username and password of the GUI client's administrative account that you want to use to generate and view this report.

Result: The parameter settings page for the selected report type appears in the Reports Configuration pane.

Step 6 To specify the Policy Enforcement Points for which you want to study network service activity, select those network objects in the Device box.

The Device box identifies the network devices defined under the Network Topology tree that generate the audit event records used in the reports. In the case of a network service report, the Device box lists all the Policy Enforcement Points defined under the Network Topology tree in Cisco Secure Policy Manager.

Tips To select more than one value from this list, press and hold the Shift key or the Ctrl key while clicking an item in the list. The Shift+Click option enables you to select a range of items. The Ctrl+Click option enables you to select items in any order.

Step 7 To specify the time range for which you want to review the service events, click that option and specify the values required to define that option.

You can use one of the following two options to specify the time range:

• Last <Period> <Unit> Identifies a range to evaluate prior to the current date and time. The Period box specifies a whole number, while the Unit box denotes the unit of time by which the first box is interpreted. The Unit box enables you to specify the last hour or day.

• Start <MM>/<DD>/<YYYY> <HH>:<MM>:<SS>
  End   <MM>/<DD>/<YYYY> <HH>:<MM>:<SS>

Start and end times should be expressed in the MM/DD/YYYY HH:MM:SS format. Start identifies the start of the time period to study, while End identifies the end of the period to study. If you specify an end time that is in the future, the report only contains data up to the current time.

Step 8 To specify how you want to sort this user activity report, click that option in the Sort By box.

The report will be sorted in ascending order by the value specified in the Sort By box. The valid values for this field are as follows:

• User Name. Sorts the list from smallest to largest on the basis of the IP addresses of the hosts that were used to make session requests.

• Volume. Sorts the list from smallest to largest on the basis of the volume of data transferred by a particular user or network service.

• Session Count. Sorts the list from smallest to largest on the basis of the number of sessions that occurred for a particular user or network service.

Step 9 To generate the summary user activity report, click View.

Result: The User Activity Summary Report appears in the Reports Configuration pane.

Tips The View button displays the specified report in the Report Configuration pane. The View (Window) button displays the specified report in a new Web browser window.

Step 10 Repeat Steps 3 through 9 until you have viewed all the on-demand summary user activity reports in which you are interested.

Step 11 To close the HTML-browser view, click any node in the Navigator pane.

Generating and Viewing the Top Users Report on Demand

The top users report, also called the most active users report, presents the list of users who have made the most service requests from behind the selected Policy Enforcement Point within the specified time period. This report provides statistics for up to 25 users. The listed users are identified by unique IP addresses originating session requests.

You can generate the most active users reports upon request. The reports appear in the Web browser used to define the report type. Using the built-in HTML browser on the local server or a browser from a remote workstation, you can view all HTML-based or ASCII text-based on-demand reports as they are generated.

Note To generate a service report, of which user-based reports are a specific type, you must log the statistical audit events for the network service. For more information on logging the statistical audit events, see the "Defining Event Filtering Rules based on Service Statistics" section.

To generate and view the most active users report on demand, perform the following task:

Result: TheCisco Secure Policy Manager Reports page appears in the View pane.

Step 2 In the Cisco Secure Policy Manager Reports page, click the On Demand hyperlink.

Result: The On-Demand Reports page appears in two panes. The CSPM Report menu, in the far left pane, lists the report categories and style of reports that you can generate. The Report Configuration pane, on the far right, enables you to specify the parameters of the report and displays the completed report.

Step 3 To specify the file format to use to store this generated report, click that format in the CSPM Report menu.

The following file formats are available:

• HTML Format Reports. Stores the generated report as an HTML file that can be viewed using any standard web browser. (Default)

• Text Format Reports. Stores the generated report as an ASCII text file that can be viewed using a standard text file viewer or editor.

Step 4 To specify that you want to generate the most active users report, click Top Users in the CSPM Report menu.

Result: The Enter Network Password dialog box appears.

Note If you have previously authenticated during this report editing session, the Enter Network Password dialog box will not appear. Instead, the parameter settings page for the selected report type appears in the Reports Configuration pane.

Step 5 To authenticate to the reporting agent, type the username and password of the Cisco Secure Policy Manager administrative account that you want to use to generate and view this report.

Result: The parameter settings page for the selected report type appears in the Reports Configuration pane.

Step 6 To specify the Policy Enforcement Points for which you want to study the network service activity, select those network objects in the Device box.

The Device box identifies the network devices defined under the Network Topology tree that generate the audit event records used in the reports. In the case of a network service report, the Device box lists all the Policy Enforcement Points defined under the Network Topology tree in Cisco Secure Policy Manager.

Tips To select more than one value from this list, press and hold the Shift key or the Ctrl key while clicking an item in the list. The Shift+Click option enables you to select a range of items. The Ctrl+Click option enables you to select items in any order.

Step 7 To specify the time range for which you want to review users' activities, click that option and specify the values required to define that option.

You can use one of the following two options to specify the time range:

• Last <Period> <Unit> Identifies a range to evaluate prior to the current date and time. The Period box specifies a whole number, while the Unit box denotes the unit of time by which the first box is interpreted. The Unit box enables you to specify the last hour or day.

• Start <MM>/<DD>/<YYYY> <HH>:<MM>:<SS>
  End   <MM>/<DD>/<YYYY> <HH>:<MM>:<SS>

Start and end times should be expressed in the MM/DD/YYYY HH:MM:SS format. Start identifies the start of the time period to study, while End identifies the end of the period to study. If you specify an end time that is in the future, the report only contains data up to the current time.

Step 8 To generate the top users report, click View.

Result: The Most Active Users Report appears in the Reports Configuration pane.

Tips The View button displays the specified report in the Report Configuration pane. The View (Window) button displays the specified report in a new Web browser window.

Step 9 Repeat Steps 3 through 8 until you have viewed all the on-demand most active users reports in which you are interested.

Step 10 To close the HTML-browser view, click any node in the Navigator pane.

Generating and Viewing the Top Web Sites Report on Demand

The top Web sites report, also called the most active Web sites report, presents the list of HTTP sites that users who request services from behind the selected Policy Enforcement Points have accessed the most within the specified time period. This report provides statistics for up to 25 sites.

You can generate the most active Web sites reports upon request. The reports appear in the web browser used to define the report type. Using the built-in HTML browser on the local server or a browser from a remote workstation, you can view all HTML-based or ASCII text-based on-demand reports as they are generated.

Note To generate a service report, of which web-based reports are a specific type, you must log the statistical audit events for the HTTP network service. For more information on logging the statistical audit events, see the "Defining Event Filtering Rules based on Service Statistics" section.

To generate and view the most active Web sites report on demand, perform the following task:

Result: The Cisco Secure Policy Manager Reports page appears in the View pane.

Step 2 In the Cisco Secure Policy Manager Reports page, click the On Demand hyperlink.

Result: The On-Demand Reports page appears in two panes. The CSPM Report menu, in the far left pane, lists the report categories and style of reports that you can generate. The Report Configuration pane, on the far right, enables you to specify the parameters of the report and displays the completed report.

Step 3 To specify the file format to use to store this generated report, click that format in the Report menu.

The following file formats are available:

• HTML Format Reports. Stores the generated report as an HTML file that you can view with any standard web browser. (Default)

• Text Format Reports. Stores the generated report as an ASCII text file that you can view with a standard text file viewer or editor.

Step 4 To specify that you want to generate the most active Web sites report, click Top Web Sites in the CSPM Report menu.

Result: The Enter Network Password dialog box appears.

Note If you have previously authenticated during this report editing session, the Enter Network Password dialog box will not appear. Instead, the parameter settings page for the selected report type appears in the Reports Configuration pane.

Step 5 To authenticate to the reporting agent, type the username and password of the GUI client's administrative account that you want to use to generate and view this report.

Result: The parameter settings page for the selected report type appears in the Reports Configuration pane.

Step 6 To specify the Policy Enforcement Points for which you want to study the network service activity, select those network objects in the Device box.

The Device box identifies the network devices defined under the Network Topology tree that generate the audit event records used in the reports. In the case of a network service report, the Device box lists all the Policy Enforcement Points defined under the Network Topology tree in the GUI client.

Tips To select more than one value from this list, press and hold the Shift key or the Ctrl key while clicking an item in the list. The Shift+Click option enables you to select a range of items. The Ctrl+Click option enables you to select items in any order.

Step 7 To specify the time range for which you want to review the most requested web sites, click that option and specify the values required to define that option.

You can specify the time range using one of the following two options:

• Last <Period> <Unit> Identifies a range to evaluate prior to the current date and time. The Period box specifies a whole number, while the Unit box denotes the unit of time by which the first box is interpreted. The Unit box enables you to specify the last hour or day.

• Start <MM>/<DD>/<YYYY> <HH>:<MM>:<SS>
  End   <MM>/<DD>/<YYYY> <HH>:<MM>:<SS>

Start and end times should be expressed in the MM/DD/YYYY HH:MM:SS format. Start identifies the start of the time period to study, while End identifies the end of the period to study. If you specify an end time that is in the future, the report only contains data up to the current time.

Step 8 To generate the most active Web sites report, click View.

Result: The most active Web Sites report appears in the Reports Configuration pane.

Tips The View button displays the specified report in the Report Configuration pane. The View (Window) button displays the specified report in a new web browser window.

Step 9 Repeat Steps 3 through 8 until you have viewed all the on-demand most active Web sites reports in which you are interested.

Step 10 To close the HTML-browser view, click any node in the Navigator pane.

Generating and Viewing the Most Active FTP Sites Report on Demand

The most active FTP sites report presents the list of FTP sites that users who request services from behind the selected Policy Enforcement Point have accessed the most within the specified time period. This report provides statistics for up to 25 sites.

You can generate the most active FTP sites reports upon request. The reports appear in the web browser used to define the report type. Using the built-in HTML browser on the local server or a browser from a remote workstation, you can view all HTML-based or ASCII text-based on-demand reports as they are generated.

Note To generate a service report, of which FTP-based reports are a specific type, you must log the statistical audit events for the FTP network service. For more information on logging the statistical audit events, see the "Defining Event Filtering Rules based on Service Statistics" section.

To generate and view the most active FTP sites report on-demand, perform the following task:

Result: The Cisco Secure Policy Manager Reports page appears in the View pane.

Step 2 In the Cisco Secure Policy Manager Reports page, click the On Demand hyperlink.

Result: The On-Demand Reports page appears in two panes. The CSPM Report menu, in the far left pane, lists the report categories and style of reports that you can generate. The Report Configuration pane, on the far right, enables you to specify the parameters of the report and displays the completed report.

Step 3 To specify the file format to use to store this generated report, click that format in the CSPM Report menu.

The following file formats are available:

• HTML Format Reports. Stores the generated report as an HTML file that you can view with any standard web browser. (Default)

• Text Format Reports. Stores the generated report as an ASCII text file that you can view with a standard text file viewer or editor.

Step 4 To specify that you want to generate the most active FTP sites report, click Top Ftp Sites in the CSPM Report menu.

Result: The Enter Network Password dialog box appears.

Note If you have previously authenticated during this report editing session, the Enter Network Password dialog box will not appear. Instead, the parameter settings page for the selected report type appears in the Reports Configuration pane.

Step 5 To authenticate to the reporting agent, type the username and password of the GUI client's administrative account that you want to use to generate and view this report.

Result: The parameter settings page for the selected report type appears in the Reports Configuration pane.

Step 6 To specify the Policy Enforcement Points for which you want to study the network service activity, select those network objects in the Device box.

The Device box identifies the network devices defined under the Network Topology tree that generate the audit event records used in the reports. In the case of a network service report, the Device box lists all the Policy Enforcement Points defined under the Network Topology tree in Cisco Secure Policy Manager.

Tips To select more than one value from this list, press and hold the Shift key or the Ctrl key while clicking an item in the list. The Shift+Click option enables you to select a range of items. The Ctrl+Click option enables you to select items in any order.

Step 7 To specify the time range for which you want to review the most requested FTP sites, click that option and specify the values required to define that option.

You can use one of the following two options to specify the time range:

• Last <Period> <Unit> Identifies a range to evaluate prior to the current date and time. The Period box specifies a whole number, while the Unit box denotes the unit of time by which the first box is interpreted. The Unit box enables you to specify the last hour or day.

• Start <MM>/<DD>/<YYYY> <HH>:<MM>:<SS>
  End   <MM>/<DD>/<YYYY> <HH>:<MM>:<SS>

Start and end times should be expressed in the MM/DD/YYYY HH:MM:SS format. Start identifies the start of the time period to study, while End identifies the end of the period to study. If you specify an end time that is in the future, the report only contains data up to the current time.

Step 8 To generate the most active FTP sites report, click View.

Result: The Most Active FTP Sites report appears in the Reports Configuration pane.

Tips The View button displays the specified report in the Report Configuration pane. The View (Window) button displays the specified report in a new Web browser window.

Step 9 Repeat Steps 3 through 8 until you have viewed all the on-demand most active FTP sites reports in which you are interested.

Step 10 To close the HTML-browser view, click any node in the Navigator pane.

Generating and Viewing Detailed Event Reports

Event reports provide information about the state of the Cisco Secure Policy Manager servers and the Policy Enforcement Points installed on your network. These reports list audit events that are related to the security and normal operation of the primary and secondary servers, as well as the Policy Enforcement Points. Each recorded audit event is classified as informational, related to system integrity, or security relevant. They are also prioritized as normal (green), important (yellow), or severe (red).

You can generate detailed event reports upon request. The reports appear in the web browser used to define the report type. Using the built-in HTML browser on the local server or a browser from a remote workstation, you can view all HTML-based or ASCII text-based on-demand reports as they are generated.

To generate and view on-demand detailed event reports, perform the following task:

Result: The Cisco Secure Policy Manager Reports page appears in the View pane.

Step 2 In the Cisco Secure Policy Manager Reports page, click the On Demand hyperlink.

Result: The On-Demand Reports page appears in two panes. The CSPM Report menu, in the far left pane, lists the report categories and style of reports that you can generate. The Report Configuration pane, on the far right, enables you to specify the parameters of the report and displays the completed report.

Step 3 To specify the file format to use to store this generated report, click that format in the CSPM Report menu.

The following file formats are available:

• HTML Format Report. Stores the generated report as an HTML file that you can view with any standard web browser. (Default)

• Text Format Report. Stores the generated report as an ASCII text file that you can view with any standard text file viewer or editor.

Step 4 To specify that you want to generate a detailed warning event report, click Event Detail in the CSPM Report menu.

Result: The Enter Network Password dialog box appears.

Note If you have previously authenticated during this report editing session, the Enter Network Password dialog box will not appear. Instead, the parameter settings page for the selected report type appears in the Reports Configuration pane.

Step 5 To authenticate to the reporting agent, type the username and password of the GUI client's administrative account that you want to use to generate and view this report.

Result: The parameter settings page for the selected report type appears in the Report Configuration pane.

Step 6 To specify which Cisco Secure Policy Manager servers or Policy Enforcement Points should be polled for event data, select the network object in the Host box.

The Host box lists all the primary and secondary servers and Policy Enforcement Points defined under the Network Topology tree in Cisco Secure Policy Manager.

Step 7 To specify the time range for which you want to review the warning events, click that option and specify the values required to define that option.

You can specify the time range using one of the following two options:

• Last <Period> <Unit> Identifies a range to evaluate prior to the current date and time. The Period box specifies a whole number while the Unit box denotes the unit of time by which the first box is interpreted. The Unit box enables you to specify the last day, hour, minute, or second.

• Start <MM>/<DD>/<YYYY> <HH>:<MM>:<SS>
  End   <MM>/<DD>/<YYYY> <HH>:<MM>:<SS>

Start and end times should be expressed in the MM/DD/YYYY HH:MM:SS format. Start identifies the start of the time period to study, while End identifies the end of the period to study. If you specify an end time that is in the future, the report only contains data up to the current time.

Step 8 To specify the event priorities that you want to review in the generated report, select those priorities in the Event Type box.

You can select one or more of the following values for this parameter:

• Security. These audit events are related to the state of security on the selected data source. Such audit events require immediate attention to ensure the integrity of your network.

• Warning. These audit events identify exceptions to normal operation of the selected data source.

• Information. The audit events provide status about the normal and expected operations of the selected data source.

For more information on the classification of event priorities, refer to the "Event Classifications" section.

Tips To select more than one value from this list, press and hold the Shift key or the Ctrl key while clicking an item in the list. The Shift+Click option enables you to select a range of items. The Ctrl+Click option enables you to select items in any order.

Step 9 To specify that you want to include the informational icons in the detailed event report, click True under Show Icons. Otherwise, click False.

For a translation map of the informational icons, refer to the "Event Classifications" section.

Step 10 To generate the detailed event report, click View.

Result: The Event Detail Report appears in the Report Configuration pane.

Tips The View button displays the specified report in the Report Configuration pane. The View (Window) button displays the specified report in a new Web browser window.

Step 11 Repeat Steps 3 through 10 until you have viewed all the on-demand detailed event reports in which you are interested.

Step 12 To close the HTML browser view, click any node in the Navigator pane.

Generating and Viewing Detailed Network Service Activity Reports on Demand

Network service activity reports provide summary and transaction information about specific network service sessions that transpire during a given time interval traversing a specific Policy Enforcement Point. The services included in a service activity report are those network services that are defined under the Network Services branch of the Tools and Services tree.

You can generate detailed service reports upon request. The reports appear in the web browser used to define the report type. Using the built-in HTML browser on the local server or a browser from a remote workstation, you can view all HTML-based or ASCII text-based on-demand reports as they are generated.

Note To generate a detailed network service activity report, you must log the statistical audit events for the network service. For more information on logging the statistical audit events, see the "Defining Event Filtering Rules based on Service Statistics" section.

To generate and view on-demand detailed network service activity reports, perform the following task:

Result: TheCisco Secure Policy Manager Reports page appears in the View pane.

Step 2 In the Cisco Secure Policy Manager Reports home page, click the On Demand hyperlink.

Result: The On-Demand Reports page appears in two panes. The CSPM Report menu, in the far left pane, lists the report categories and style of reports that you can generate. The Report Configuration pane, on the far right, enables you to specify the parameters of the report and displays the completed report.

Step 3 To specify the file format to use to store this generated report, click that format in the CSPM Report menu.

The following file formats are available:

• HTML Format Reports. Stores the generated report as an HTML file for which you can use any standard web browser to view. (Default)

• Text Format Reports. Stores the generated report as an ASCII text file for which you can use a standard text file viewer or editor to view.

Step 4 To specify that you want to generate a detailed service activity report, click Network Service Detail in the CSPM Report menu.

Result: The Enter Network Password dialog box appears.

Note If you have previously authenticated during this report editing session, the Enter Network Password dialog box will not appear. Instead, the parameter settings page for the selected report type appears in the Reports Configuration pane.

Step 5 To authenticate to the reporting agent, type the username and password of the GUI client's administrative account that you want to use to generate and view this report.

Result: The parameter settings page for the selected report type appears in the Reports Configuration pane.

Step 6 To specify the Policy Enforcement Point for which you want to study the network service activity, select that network object in the Device box.

The Device box identifies the network devices defined under the Network Topology tree that generate the audit event records used in the reports. In the case of a network service report, the Device box lists all the Policy Enforcement Points defined under the Network Topology tree in Cisco Secure Policy Manager.

Step 7 To specify the time range for which you want to review the service events, click that option and specify the values required to define that option.

You can use one of the following two options to specify the time range:

• Last <Period> <Unit> Identifies a range to evaluate prior to the current date and time. The Period box specifies a whole number, while the Unit box denotes the unit of time by which the first box is interpreted. The Unit box enables you to specify the last hour or day.

• Start <MM>/<DD>/<YYYY> <HH>:<MM>:<SS>
  End   <MM>/<DD>/<YYYY> <HH>:<MM>:<SS>

Start and end times should be expressed in the MM/DD/YYYY HH:MM:SS format. Start identifies the start of the time period to study, while End identifies the end of the period to study. If you specify an end time that is in the future, the report only contains data up to the current time.

Step 8 To specify the network service that you want to study, click that network service in the Service box.

The Service box lists the network services defined under the Network Service branch under the Tools and Services tree in the Navigator pane. In addition, it includes two options that cover a broad range of services: All Services, which selects all network services defined under the Network Services branch, and Unknown, which enables you to specify that you want to view a report about those services traversing the Policy Enforcement Point for which you do not have network services defined.

Step 9 To generate the detailed network service activity report, click View.

Result: The Network Service Detail Report appears in the Report Configuration pane.

Tips The View button displays the specified report in the Report Configuration pane. The View (Window) button displays the specified report in a new Web browser window.

Step 10 Repeat Steps 3 through 9 until you have viewed all the on-demand detailed network service activity reports in which you are interested.

Step 11 To close the HTML-browser view, click any node in the Navigator pane.

Generating and Viewing Detailed User Activity Reports on Demand

Detailed user activity reports provide detailed information about all network sessions and transactions that individual users conduct during a given time interval and that traverse one or more Policy Enforcement Points. These reports are generated on a per-user basis.

You can generate summary user reports upon request. The reports appear in the web browser used to define the report type. Using the built-in HTML browser on the local server or a browser from a remote workstation, you can view all HTML-based or ASCII text-based on-demand reports as they are generated.

Note To generate a service report, of which user-based reports are a specific type, you must log the statistical audit events for the network service. For more information on logging the statistical audit events, see the "Defining Event Filtering Rules based on Service Statistics" section.

To generate and view on-demand detailed user activity reports, perform the following task:

Result: The Cisco Secure Policy Manager Reports page appears in the View pane.

Step 2 In the Cisco Secure Policy Manager Reports page, click the On Demand hyperlink.

Result: The On-Demand Reports page appears in two panes. The CSPM Report menu, in the far left pane, lists the report categories and style of reports that you can generate. The Report Configuration pane, on the far right, enables you to specify the parameters of the report and displays the completed report.

Step 3 To specify the file format to use to store this generated report, click that format in the CSPM Report menu.

The following file formats are available:

• HTML Format Reports. Stores the generated report as an HTML file that you can view with any standard web browser. (Default)

• Text Format Reports. Stores the generated report as an ASCII text file that you can view with a standard text file viewer or editor.

Step 4 To specify that you want to generate a detailed user activity report, click User Activity Detail in the CSPM Report menu.

Result: The Enter Network Password dialog box appears.

Note If you have previously authenticated during this report editing session, the Enter Network Password dialog box will not appear. Instead, the parameter settings page for the selected report type appears in the Reports Configuration pane.

Step 5 To authenticate to the reporting agent, type the username and password of the GUI client's administrative account that you want to use to generate and view this report.

Result: The parameter settings page for the selected report type appears in the Reports Configuration pane.

Step 6 To specify the Policy Enforcement Point for which you want to study the network service activity, select that network object in the Device box.

The Device box identifies the network devices defined under the Network Topology tree that generate the audit event records used in the reports. In the case of a network service report, the Device box lists all the Policy Enforcement Points defined under the Network Topology tree in Cisco Secure Policy Manager.

Step 7 To specify the time range for which you want to review the service events, click that option and specify the values required to define that option.

You can use one of the following two options to specify the time range:

• Last <Period> <Unit> Identifies a range to evaluate prior to the current date and time. The Period box specifies a whole number, while the Unit box denotes the unit of time by which the first box is interpreted. The Unit box enables you to specify the last day, hour, minute, or second.

• Start <MM>/<DD>/<YYYY> <HH>:<MM>:<SS>
  End   <MM>/<DD>/<YYYY> <HH>:<MM>:<SS>

Start and end times should be expressed in the MM/DD/YYYY HH:MM:SS format. Start identifies the start of the time period to study, while End identifies the end of the period to study. If you specify an end time that is in the future, the report only contains data up to the current time.

Step 8 To specify the user whose activities you want to study, type that user's IP address in the User/IP Addr box.

The User/IP Addr box specifies that you want to review only those audit records that were generated based on the fact that a particular host originated the network traffic that the selected Policy Enforcement Point received. This parameter enables you to study the network activity originating from a specific host or network.

Step 9 To generate the detailed user activity report, click View.

Result: The User Activity Detail report appears in the Report Configuration pane.

Tips The View button displays the specified report in the Report Configuration pane. The View (Window) button displays the specified report in a new web browser window.

Step 10 Repeat Steps 3 through 9 until you have viewed all the on-demand detailed user activity reports in which you are interested.

Step 11 To close the HTML-browser view, click any node in the Navigator pane.

Generating and Viewing Reports Remotely on Demand

Using a browser from a remote workstation, you can generate and view all HTML-based or ASCII text-based on-demand reports.

To generate and view on-demand reports from a remote workstation, perform the following task:

Step 2 In the Address box, type the IP address of the primary server and the TCP port number that the reporting agent (8080 by default) is configured to use and press Enter.

The value used in the address box should use the following format:

• http://<IP Address>:<Port Number>/

• Example:  http://192.186.1.1:8080/

For more information on configuring or reviewing the TCP port on which the reporting agent listens, refer to Cisco Secure Policy Manager Administrator's Guide: System Configuration and Maintenance.

Step 3 To continue defining the report, perform the task below that matches the type of report that you want to generate. Begin these tasks with Step 3.

• Generating and Viewing Summary Event Reports on Demand

• Generating and Viewing Network Service Activity Summary Reports on Demand

• Generating and Viewing User Activity Summary Reports on Demand

• Generating and Viewing User Activity Summary Reports on Demand

• Generating and Viewing the Top Web Sites Report on Demand

• Generating and Viewing the Most Active FTP Sites Report on Demand

• Generating and Viewing Detailed Event Reports

• Generating and Viewing Detailed Network Service Activity Reports on Demand

• Generating and Viewing Detailed User Activity Reports on Demand

Printing an On-Demand Report

You can print an on-demand report either from the embedded web browser in the GUI client or from a standalone web browser. This section explains how to print a report from the embedded browser within the GUI client. For instructions on printing from a standalone browser, refer to the online help provided with that browser.

To print an on-demand report, perform the following task:

Step 2 To print the report, click the Print icon on the browser toolbar.

Result: The Print dialog box appears.

Step 3 To ensure that only the selected frame is printed, verify that the Only the selected frame option is selected under Print frames.

Step 4 To print the report to the selected printer, click OK.

Result: The report is printed to the selected printer.

Posted: Fri May 26 15:03:22 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.