Event Reporting

 < Day Day Up > 

Event reporting is a great way to create documents for your organization. You can present technicians providing remediation services a report identifying the systems that require maintenance. You can also create specific documents for management personnel who want to see detailed security policy enforcement reports. The CSA MC reporting mechanism is very flexible in its approach, and every organization will find uses for this feature.

The Reports menu enables you to obtain event reports by severity and event reports by group. The next sections describe both events.

Events by Severity Reports

When you choose Reports > Events by Severity any reports that you have already defined appear in the screen presented, as in Figure 9-4. To create a new report of this type, click the New button at the bottom of the page.

Figure 9-4. Available Report Listing


Creating this report, as shown in Figure 9-5, is very simple with only a few parameters to set, as follows:

  • Name Name the report.

  • Description Provide a description for the report you are creating to help others understand the report details.

  • Event Filter Choose the event set from the drop-down menu that you want to use to create the report. This is the most important piece of information selected when creating a report. The event set parameters are how you define which events are consolidated as part of this report.

  • Sort by Choose the order in which you want the information shown. Options to sort by are as follows:

    • Time

    • Host

    • Event Code

    In addition, check the check box to sort the information in ascending order versus the default of descending order.

  • Viewer Type Choose how the report should be presented. The two options are HTML Frame or ActiveX. HTML Frame presents the report in a standard HTML window. ActiveX reports use a Crystal Report viewer browser plug-in. ActiveX reports can easily be printed and saved for forwarding as a standalone file via e-mail or other methods.

Figure 9-5. Configuring a Report


After choosing the parameters, you can use the buttons at the bottom of the configuration page to either save the report, view the report, or delete the report.

The HTML Frame view of a report, as seen in Figure 9-6, uses standard HTML frames for displaying the report requested. This view is very similar to the ActiveX display, but does not enable you to export and share the document as a standalone file. To navigate to specific sections of the report, use the links in the left frame. You can also use the navigation tools in the top frame to skip to a specific page or view page by page and search the document for specific text. Click the lightning bolt icon when you need to refresh the displayed report with current information.

Figure 9-6. Sample HTML Frame Report


The report shown in Figure 9-7 uses the Crystal Report ActiveX viewer. To navigate this view, you can either use the scroll bar on the right side of the report or click the links in the left window that enable you to maneuver to the specific portion of the report needed. As with the HTML Frame view, you can skip through the report page by page or enter the specific page number you want to view. You can also search this report by clicking the binocular icon and entering the text you want to find. Access the icons at the top of the page for other options not available in the HTML Frame view. To print the report, for example, click the printer icon and follow the typical printing instructions for your printer. Save or export the report to view later or share with others by clicking the envelope icon. After making your selection, you can export to one of the following formats:

  • Crystal Report

  • Crystal Report 7.0

  • Rich Text Format (RTF)

  • Word document

  • Excel 5.0 document

Figure 9-7. Sample ActiveX Report


The lightning bolt icon enables you to refresh the report with current data in the CSA MC event database.

Events by Group Reports

Reporting events by group is similar to reporting events by severity. The only difference is how the report is sorted. If you recall, groups provide a unique way to associate hosts. You can create a group from specific application servers, specific host types, or even geographic location. Figure 9-8 shows how a report differs based just on the sorting options on the left side of the screen.

Figure 9-8. Reporting Events by Group


     < Day Day Up > 


    Cisco Security Agent
    Cisco Security Agent
    ISBN: 1587052059
    EAN: 2147483647
    Year: 2005
    Pages: 145
    Authors: Chad Sullivan

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net