|
|
You can configure Cisco Secure Policy Manager to generate and present reports about network activity and system status for the hosts running components of Cisco Secure Policy Manager, including the Policy Enforcement Points that are enforcing network policies. You can receive on-demand reports, which provide statistics about the running system at any given time, or you can generate scheduled reports on the basis of specified time periods and types of reports. Typical scheduled reports are user and network service usage statistics, summaries of warning events for Cisco Secure Policy Manager hosts, and network service breakdowns.
After you have defined the monitoring settings, you can specify which reports you want to generate on a periodic basis. At any time, you can generate a report on demand; however, scheduled reports can provide timely information about the security system or a specific network service. For example, you can schedule reports that provide a summary of the network traffic activity once every minute, hour, day, week, month, year, or any number of these periods. You can schedule four basic categories of reports:
You can use any web browser to generate all report types on demand, or you can use the GUI client to schedule them to run at regular intervals. The reports can be generated as ASCII text or HTML-formatted files. You can distribute scheduled reports via e-mail and store them on the special purpose web server that the Reporting Subsystem uses, enabling you and others to review the reports on an as-needed basis. In addition, you can use other scripts or programs to manipulate any scheduled reports.
The GUI client can present detailed and summary reports and notify administrators of suspicious network activity and possible problems in the state of the Primary Policy Database server, other Cisco Secure Policy Manager servers, and the Policy Enforcement Points being managed. However, how you define your monitoring settings (configure logging and notifications) affects the details of the many reports that you can generate about the operation of the security system or a specific network service or device.
The GUI client helps you stay abreast of the state of the security system and the network usage statistics by enabling you to define the rules for audit event logging, delivery of notifications, and scheduled reports.
Within Cisco Secure Policy Manager, you can use either scheduled or on-demand reports to study network activity and system status. This task involves defining the audit event filtering rules, selecting report type, specifying the scope of the data that you want to study, and either viewing the report immediately or specifying a schedule for which the report will be generated.
| Step | References | |
|---|---|---|
| 1. Define audit event filtering rules Based on the type of report that you want to generate, you must define the audit event filtering rules that retain the data that the specified report type requires. In other words, you must configure Cisco Secure Policy Manager to collect and retain the audit events that are required to populate the specified report data. For example, if you want to generate a report about the top FTP sites, you must log FTP under Service Statistics on the Configure Logging and Notification Settings panel. Result: All audit events required by the report types that you want to generate are logged by Cisco Secure Policy Manager. | |
| 2. Select the Cisco Secure Policy Manager host that will monitor each Policy Enforcement Point's syslog streams Within Cisco Secure Policy Manager, the Policy Monitor Point plays an important role. It collects the audit event streams from one or more Policy Enforcement Points and combines them into audit records that can be further refined into more meaningful data. | "Selecting the Policy Monitor Point Associated with a Policy Enforcement Point" section |
| The Policy Monitor Point provides this data to the Policy Report Point for administrative reports about network activity. It also combines audit events generated by Cisco Secure Policy Manager components running on primary and secondary servers, which provide status about the security system itself. Result: The Policy Enforcement Points direct all syslog streams to the Policy Monitor Point so that Cisco Secure Policy Manager can detect the audit events that you selected in Step 1. |
|
| 3. Define the report settings and view the resultant report Cisco Secure Policy Manager can generate a variety of reports about system status and activities, as well as about network activity across a specific Policy Enforcement Point. These report types are organized under the Reports tree in the Navigator pane. In addition, you can view a report immediately (in the case of an on-demand report) or when it is generated (in the case of a scheduled report). It is important to note that audit events must be recorded (meaning that first, they must occur, and second, they must be logged) before any report can present meaningful information. Result: Custom reports are created and saved, and the reports can be viewed after the audit events required by the report occur and are logged by Cisco Secure Policy Manager. | "Defining Report Settings" section |
Posted: Fri May 26 15:07:53 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.
