|
|
Cisco Secure Policy Manager Administrator's Guide: Policy Audit explains Cisco Secure Policy Manager's ability to audit the flow of traffic across your Policy Enforcement Points, such as a PIX Firewall or an IOS Router. Auditing enables two other features: notifications and reporting. This guide presents the tasks required to configure audit event filtering and notification rules, as well as those tasks required to study your network's activity using reports and notifications about activities in which you have expressed an interest.
The focus of this guide is on understanding how to audit your network's activities and presenting the procedures required to accomplish this task. Other topics, such as configuring the settings to maintain Cisco Secure Policy Manager and defining syslog hosts within the Network Topology tree, are discussed within other administrator's guides in this series. In particular, you may want to refer to Cisco Secure Policy Manager Administrator's Guide: System Configuration and Maintenance for information on configuring the Policy Monitor Point, Policy Report Point, and MAPI and TAPI settings and to the Cisco Secure Policy Manager Administrator's Guide: Network Topology Definition for information on configuring syslog servers and Policy Enforcement Points.
Using Cisco Secure Policy Manager to define your network requires a thorough knowledge of your network layout, the addresses and services running on hosts, and the connections that bind your firewalls, routers, and hosts together. In addition, we recommend that you be familiar with the Policy Enforcement Points that you intend to manage. This guide is intended for the administrator charged with representing your existing network within the Cisco Secure Policy Manager system.
This guide is organized into two parts and nine chapters:
Part 1 is Configuring Audit and Notification Settings.
Part 2 is Studying System and Network Activities.
This guide uses the following conventions:
screen font.
 |
Tips Identifies information to help you get the most benefit from your Cisco Secure Policy Manager product. |
 |
Note Means reader take note. Notes identify important information that you should reflect upon before continuing, contain helpful suggestions, or provide references to materials not contained in the manual. |
 |
Caution Means reader be careful. In this situation, you might do something that could result in equipment damage, loss of data, or a potential breach in your network's security. |
 |
Warning Identifies information that you must heed to prevent damaging yourself, the state of software, or equipment. Warnings identify definite security breaches that will result if the information presented is not followed carefully. |
The Cisco Secure Policy Manager documentation set is composed of the following items:
You can access the latest version of these documents on the World Wide Web at http://www.cisco.com/univercd/cc/td/doc/product/ismg/policy/.
In addition to the related documentation listed above, the following items should have been included with Cisco Secure Policy Manager. Please contact Cisco Systems or your reseller if you are missing one or more of these items.
You can access the most current Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly. Therefore, it is probably more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.
Registered CCO users can order the Documentation CD-ROM and other Cisco Product documentation through our online Subscription Services at http://www.cisco.com/cgi-bin/subcat/kaojump.cgi.
Nonregistered CCO users can order documentation through a local account representative by calling Cisco's corporate headquarters (California, USA) at 408 526-4000 or, in North America, call 800 553-NETS (6387).
Cisco provides Cisco Connection Online (CCO) as a starting point for all technical assistance. Warranty or maintenance contract customers can use the Technical Assistance Center. All customers can submit technical feedback on Cisco documentation using the web, e-mail, a self-addressed stamped response card included in many printed docs, or by sending mail to Cisco.
Cisco continues to revolutionize how business is done on the Internet. Cisco Connection Online is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.
CCO's broad range of features and services helps customers and partners to streamline business processes and improve productivity. Through CCO, you will find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online support services, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.
Customers and partners can self-register on CCO to obtain additional personalized information and services. Registered users may order products, check on the status of an order and view benefits specific to their relationships with Cisco.
You can access CCO in the following ways:
You can e-mail questions about using CCO to cco-team@cisco.com.
The Cisco Technical Assistance Center (TAC) is available to warranty or maintenance contract customers who need technical assistance with a Cisco product that is under warranty or covered by a maintenance contract.
To display the TAC web site that includes links to technical support information and software upgrades and for requesting TAC support, use www.cisco.com/techsupport.
To contact by e-mail, use one of the following:
| Language | E-mail Address |
|---|---|
English | tac@cisco.com |
Hanzi (Chinese) | chinese-tac@cisco.com |
Kanji (Japanese) | japan-tac@cisco.com |
Hangul (Korean) | korea-tac@cisco.com |
Spanish | tac@cisco.com |
Thai | thai-tac@cisco.com |
In North America, TAC can be reached at 800 553-2447 or 408 526-7209. For other telephone numbers and TAC e-mail addresses worldwide, consult the following web site: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml.
If you are reading Cisco product documentation on the World Wide Web, you can submit technical comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco.
You can e-mail your comments to bug-doc@cisco.com.
To submit your comments by mail, for your convenience many documents contain a response card behind the front cover. Otherwise, you can mail your comments to the following address:
Cisco Systems, Inc.
Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate and value your comments.
Posted: Fri May 26 15:03:25 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.