User Guide for Cisco IPS Manager 3.0 - Reports [Cisco Security Manager]

Table Of Contents

Reports

Understanding Report Templates in IPS MC

Predefined Report Definitions

Understanding the Reporting Workflow

Creating a Report Definition

Running a Report

Scheduling a Report

Viewing a Summary of Report Definition Details

Editing Report Parameters

Deleting a Report Definition

Working with Pending Reports

Editing A Pending Report Schedule

Deleting a Pending Report

Working with Completed Reports

Viewing a Completed Report

Printing a Completed Report

Exporting a Completed Report

Emailing a Completed Report

Deleting a Completed Report

Reports

The Reports tab is where you can generate and view audit log reports about network activities monitored by sensors on your network.

When you generate a report, you can run it immediately or you can schedule it to run at a later time. You can run scheduled reports once or repeatedly.

This chapter contains the following topics:

•Understanding Report Templates in IPS MC

•Predefined Report Definitions

•Understanding the Reporting Workflow

–Creating a Report Definition

–Running a Report

–Scheduling a Report

–Viewing a Summary of Report Definition Details

–Editing Report Parameters

–Deleting a Report Definition

•Working with Pending Reports

–Editing A Pending Report Schedule

–Deleting a Pending Report

•Working with Completed Reports

–Viewing a Completed Report

–Printing a Completed Report

–Exporting a Completed Report

–Emailing a Completed Report

–Deleting a Completed Report

Understanding Report Templates in IPS MC

Reports are available in Management Center for IPS Sensors (IPS MC) to provide information about server events. The following report templates are available:

•Audit Log Report—Reports audit records by the server and application. Unlike the other report templates, this report template provides a broad, non-task-specific view of audit records in the database. Filterable by Date/Time, Event Severity, Applications, Subsystem, and Task Type.

•Detailed Sensor Configuration Deployment Report—Reports detailed information on all managed devices. Filterable by Date/Time and Device.

•Subsystem Report—Reports audit records ordered by the IDS subsystem, which includes systems from IPS MC and Monitoring Center for Security (Security Monitor) and systems common to each. Filterable by Date/Time, Event Severity, and Subsystem.

•Console Notification Report—Reports the console notification records generated by the notification subsystem. Filterable by Date/Time and Event Severity.

•IDS Sensor Versions—Provides version information and modification time for all managed IDS sensors. There are no filter options for this report.

•Device Inventory Report—Reports information about the managed devices in IPS MC. There are no filter options for this report.

Predefined Report Definitions

IPS MC includes several predefined report definitions to help you get started using the reporting features. You can edit the filtering parameters to customize a report definition to fit your particular needs. For more information, see Editing Report Parameters.

The following predefined report definitions are available:

•1-Day Application Errors—The following filters are defined for this report:

–Task Type—Any

–Date/Time—Last 1 Day

–Event Severity—fatal, error

–Subsystem—Any

–Applications—Any

•1-Day Console Notifications—The following filters are defined for this report:

–Date/Time—Last 1 Day

–Event Severity—fatal, error, warning, information, debug

•Device Inventory Report—This report has no filtering options.

•1-Day Pruning Activity—The following filters are defined for this report:

–Date/Time—Last 1 Day

–Event Severity—fatal, error, warning, information, debug

–Subsystem—IDS_Database Prune

Understanding the Reporting Workflow

The following is a basic workflow for working with reports:

1. Create a report definition or select a predefined report.

A report definition is a report template that you customize. Report definitions that you create are saved so that you can run or schedule a report based on that definition at any time. For more information, see Creating a Report Definition and Predefined Report Definitions.

2. Run the report or create a report schedule.

After you create a report definition, you can run a report based on that definition. You can also schedule a report to run later or at regular intervals. For more information, see Running a Report and Scheduling a Report.

3. View the completed report.

After you run a report, you can view it from the Completed Reports page. You can also email completed reports and export them to PDF or CSV files. For more information, see Working with Completed Reports.

In addition to performing the tasks of the basic workflow, you can also edit and delete pending reports. Pending reports include reports that are running or are scheduled to run in the future. For more information, see Working with Pending Reports.

This section contains the following topics:

•Creating a Report Definition

•Running a Report

•Scheduling a Report

•Viewing a Summary of Report Definition Details

•Editing Report Parameters

•Deleting a Report Definition

Creating a Report Definition

From the Reports page, you can define the parameters for the report you want to run. You must create a report definition (or select one previously defined) before you can run or schedule a report.

To define a report, follow these steps:

Step 1 Select Reports > Definitions. Then, click Create.

The Select Report Template page appears.

Step 2 Select a template for the report type that you want to define.

Tip If you are using Security Monitor, you can filter the report templates that appear on the page. From the Report Group list, select All to show all report templates, Audit Log to show only audit report templates, IDS Alarms to show only IDS alarm templates, IDS Alarms (summaries only) to show only IDS alarm summary templates, CSA Alarms to show only CSA alarm templates, or Firewall Reports to show only firewall report templates.

Step 3 Enter a name for your report in the Report Title field. The default report title is the name of the report type you selected in the previous step. Then, click Next.

The Report Filtering page appears.

Step 4 Enter the report parameters for the report type you selected. Then, click Next.

The Confirm page appears.

Step 5 Confirm that the report options are correct. Then, perform the appropriate step below:

a. To save the report definition without running or scheduling a report, click Finish.

The Reports page appears. The report definition you just created appears in the list.

b. To run a report now based on the report definition you just created, click the Run now radio button. Then, click Finish.

The Reports page appears. The report definition you just created appears in the list. To view the completed report, select Reports > Completed.

c. To schedule a report based on the report definition you just created, click the Launch "Run with Options" radio button. Then, click Finish.

The Schedule window appears. You must define the scheduling options. For more information, see the procedure in Scheduling a Report.

Running a Report

After a report has been defined, you can run it on demand.

To run a report, follow these steps:

Step 1 Select Reports > Definitions. Then, click the Create button.

The Reports page appears.

Step 2 Select the check box corresponding to the title of the report definition that you want to run.

Tip If you are using Security Monitor, you can filter the report definitions that appear on the page. From the Report Group list, select All to show all report definitions, Audit Log to show only audit log report definitions, IDS Alarms to show only IDS alarm report definitions, IDS Alarms (summaries only) to show only IDS alarm summary report definitions, CSA Alarms to show only CSA alarm report definitions, or Firewall Reports to show only Firewall report definitions.

A check mark appears next to the report you selected.

Step 3 Click Run.

The Pending Reports page appears. You can view the status of your report on this page. You can view the completed report by selecting Reports > Completed.

Scheduling a Report

After a report has been defined, you can define a schedule for the report to run. Scheduled reports run either one or more times based on the parameters you select.

Tip Before you can schedule a report, you must create a report definition unless you are using one of the predefined reports. For more information, see "Creating a Report Definition" section.

To schedule a report, follow these steps:

Step 1 Select Reports > Definitions.

The Reports page appears.

Step 2 Click Run with Options next to the report title you want to schedule to run.

The Schedule pop-up window appears.

Step 3 Select the Use a schedule check box.

The scheduling options appear in the Schedule pop-up window.

Step 4 Specify the date that you want the report to run in the Date field. The date is specified by day, month, and year. Click the calendar icon next to the Date field to select a date from the built-in calendar.

Step 5 Specify the time that you want the report to run in the Time field. The time is specified in hours, minutes, and seconds. The time zone used to determine the time is to the right of the Time field.

Step 6 To run the report at regular intervals, select the Repeat every check box, then select an option in the list box. You can schedule the report to run every day, week, weekday, weekend day, hour, or minute.

Step 7 To export the generated report to a file:

a. Select the Export to a File on the VMS Server check box.

The exporting options appear in the Schedule pop-up window.

b. Select a format for the file from the Format list. You can export to an HTML, PDF, or comma-separated value (CSV) file.

c. Specify the exact path to the file that is to contain the generated report in the File field. The path should include the filename and, if you do not select the Append default file extension when saved check box in the following step, the desired extension; for example, /<dir>[/<dir>/[...]]/<filename>[.<ext>].

Note If you generate a report with the same path, filename, and extension as a previously generated report, the previous report will be overridden.

d. To automatically append the file extension to the filename, select the Append default file extension when saved check box. By default, the check box is selected.

Step 8 To send an email notification to someone when the report runs:

Note Before you can send email notifications, you must specify the email server that IPS MC should use. For more information, see Defining the Email Server Settings.

a. Select the Notify via Email (when generated) check box.

The email notification options appear in the Schedule pop-up window.

b. Enter an email address in the To field. Use commas to separate multiple addresses.

c. Enter a subject for the email in the Subject field. By default, the subject includes the name of the CiscoWorks2000 Server and the report name.

d. Select the Attach a copy of the exported file check box to send a copy of the report as an attachment with the email notification.

e. Enter a message for your email in the text box. The default message informs the recipient that the report has been generated and includes a link to view the report on the CiscoWorks2000 Server.

Step 9 Click Create Schedule.

You can view the scheduled report definition by selecting Reports > Pending.

Viewing a Summary of Report Definition Details

After you create a report definition, it appears on the Reports page. You can view a summary of the report definition details from the Reports page.

To view a report definition details, follow these steps:

Step 1 Select Reports > Definitions.

The Reports page appears.

Step 2 Click the report title in the Title column of the report you want to review.

Tip If you are using Security Monitor, you can filter the report definitions that appear on the page. From the Report Group list, select All to show all report definitions, Audit Log to show only audit log report definitions, IDS Alarms to show only IDS alarm report definitions, IDS Alarms (summaries only) to show only IDS alarm summary report definitions, CSA Alarms to show only CSA alarm report definitions, or Firewall Reports to show only Firewall report definitions.

The Report Definition Details dialog box appears. The window displays the report definition attributes such as the report title, the date it was created, who created it, and the report template used to create it. The window also displays the scheduling and data filtering information, if applicable.

Tip If there is a scroll bar on the right side of the window, you can select an option from the Go to list to quickly navigate the window.

Editing Report Parameters

To edit the parameters of a report definition, follow these steps:

Step 1 Select Reports > Definitions.

The Reports page appears.

Step 2 Select the check box corresponding to the title of the report definition that you want to edit, and then click Edit.

Tip If you are using Security Monitor, you can filter the report definitions that appear on the page. From the Report Group list, select All to show all report definitions, Audit Log to show only audit log report definitions, IDS Alarms to show only IDS alarm report definitions, IDS Alarms (summaries only) to show only IDS alarm summary report definitions, CSA Alarms to show only CSA alarm report definitions, or Firewall Reports to show only Firewall report definitions.

The Select Report Template page appears.

Step 3 To change the report type, click the radio button next to a different report type.

Step 4 To change the report name, enter a new name for your report in the Report Title field.

Step 5 Click Next

The Report Filtering page appears.

Step 6 Change any report parameters that you want to. Then, click Next.

The Confirm page appears.

Step 7 Confirm the report options are correct. Then, click Finish.

The Reports page appears. The changes you made are saved to the report definition.

Deleting a Report Definition

You can delete any unwanted report definitions. If you delete a report definition, any scheduled reports based on that definition are also deleted, however any completed reports based on that definition are not deleted.

To delete a report definition, follow these steps:

Step 1 Select Reports > Definitions.

The Reports page appears.

Tip If you are using Security Monitor, you can filter the report definitions that appear on the page. From the Report Group list, select All to show all report definitions, Audit Log to show only audit log report definitions, IDS Alarms to show only IDS alarm report definitions, IDS Alarms (summaries only) to show only IDS alarm summary report definitions, CSA Alarms to show only CSA alarm report definitions, or Firewall Reports to show only Firewall report definitions.

Step 2 Select the check box corresponding to the title of the report you want to delete.

Tip You can delete more than one report definition at a time. To do so, select the check boxes corresponding to all report definitions that you want to delete.

A check mark appears next to each selected report.

Step 3 To delete the report definition, click Delete.

The selected report definition is deleted.

Working with Pending Reports

On the Pending Reports page, which you access by selecting Reports > Pending, you can view pending reports. Pending reports include reports that are running or are scheduled to run in the future.

The status of a pending report can be one of the following:

•Running—The system is retrieving the report data from the database and generating the report.

•Queued—The report generator can generate only one report at a time. This state indicates that the system recognizes that the report is ready to be generated and that the report is waiting for its turn to run. The Queued state usually occurs when another report is already in the Running state ahead of this one.

•Waiting—The report is not ready to run and is waiting for its run time to arrive. Pending reports in this state usually have a repeating schedule and are between scheduled run times.

You can edit the schedule of a pending report. You can also delete a pending report. When you delete a pending report, no future iterations of the report, if scheduled, will run. For more information, see the following:

•Editing A Pending Report Schedule

•Deleting a Pending Report

Editing A Pending Report Schedule

When you schedule a report to run in the future, once or at regular intervals, the report appears on the Pending Reports page, which you access by selecting Reports > Pending. From the Pending Reports page, you can edit the report schedule.

For information about scheduling a report, see Scheduling a Report.

To edit a pending report schedule, follow these steps:

Step 1 Select Reports > Pending.

The Pending Reports page appears.

Step 2 Select the check box next to the report whose schedule you want to edit. Then, click Edit.

The Schedule pop-up window appears.

Step 3 Edit any parameters that you want to change, and then click Save.

Any changes you made are saved.

Deleting a Pending Report

You can delete from the schedule any pending reports that you no longer want to run. If you delete a pending scheduled report, no future iterations of that report will run.

Deleting a pending report does not delete the report definition. To delete a report definition, see Deleting a Report Definition.

To delete a pending report, follow these steps:

Step 1 Select Reports > Pending.

The Pending Reports page appears.

Step 2 Select the check box next to the report you want to delete, and then click Delete.

The report is deleted. No future iterations of the report, if scheduled, will run.

Working with Completed Reports

From the Completed Reports page, you can view generated reports, export reports, and email reports. You can also delete unwanted reports.

This section contains the following topics:

•Viewing a Completed Report

•Printing a Completed Report

•Exporting a Completed Report

•Emailing a Completed Report

•Deleting a Completed Report

Viewing a Completed Report

After a report is generated, you can view it.

Tip To understand how data is sorted in a report, refer to the numbers that appear in the column headings of the generated report. These numbers represent the sort keys. For example, data is sorted first based on the data in the column with a (1) in it, followed by the data in the column with a (2) in it, and so on.

To view a report, follow these steps:

Step 1 Select Reports > Completed.

The Completed Reports page appears.

Step 2 Click the title of the report that you want to view.

Tip If you are using Security Monitor, you can filter the reports that appear on the page. From the Report Group list, select All to show all completed reports, Audit Log to show only audit log reports, IDS Alarms to show only IDS alarm reports, IDS Alarms (summaries only) to show only IDS alarm summary reports, CSA Alarms to show only CSA alarm reports, or Firewall Reports to show only firewall reports.

The report appears in a new browser window.

Printing a Completed Report

After you have generated a report, you can view the report in a printer-friendly format and then use your browser's print feature to print that report.

To print a completed report, follow these steps:

Step 1 Select Reports > Completed.

The Completed Reports page appears.

Step 2 Click the title of the report that you want to view.

Tip If you are using Security Monitor, you can filter the reports that appear on the page. From the Report Group list, select All to show all completed reports, Audit Log to show only audit log reports, IDS Alarms to show only IDS alarm reports, IDS Alarms (summaries only) to show only IDS alarm summary reports, CSA Alarms to show only CSA alarm reports, or Firewall Reports to show only firewall reports.

The report appears in a new browser window.

Step 3 Click the Printer Friendly Format icon.

A printer-friendly version of the report appears in a new browser window.

Step 4 Print the report using your browser's print function.

Exporting a Completed Report

After you generate a report, you can export the completed report to a PDF or CSV file.

To export a report, follow these steps:

Step 1 Select Reports > Completed.

The Completed Reports page appears.

Step 2 Click the title of the report that you want to export.

Tip If you are using Security Monitor, you can filter the reports that appear on the page. From the Report Group list, select All to show all completed reports, Audit Log to show only audit log reports, IDS Alarms to show only IDS alarm reports, IDS Alarms (summaries only) to show only IDS alarm summary reports, CSA Alarms to show only CSA alarm reports, or Firewall Reports to show only firewall reports.

The report appears in a new browser window.

Step 3 Click the Export Current Report icon.

The Exporting Report dialog box appears.

Step 4 To export the file in PDF:

a. Click the PDF radio button, and then click OK.

The file appears in a new browser window.

b. Perform the appropriate step below to save the PDF file to disk:

•To use Internet Explorer to save the PDF file, click the Save Copy icon on the Adobe toolbar. Browse to the location where you want to save the file and enter a filename. Then, click Save.

The report is saved using the filename and location you specified.

•To use Netscape Navigator to save the PDF file, click Save File. Browse to the location where you want to save the file and enter a filename. Then, click Save.

The report is saved using the filename and location you specified.

Step 5 To export the file in CSV format:

a. Click the CSV radio button, and then click OK.

The File Download dialog box appears.

b. Perform the appropriate step below to save the CSV file to disk:

•To use Internet Explorer to save the CSV file, click Save. The Save As dialog box appears. Browse to the location where you want to save the file and enter a filename. Then, click Save.

The report is saved using the filename and location you specified.

•To use Netscape Navigator to save the CSV file, select Save this file to disk and click OK. The Enter name of file to save to dialog box appears. Browse to the location where you want to save the file and enter a filename. Then, click Save.

The report is saved using the filename and location you specified.

Emailing a Completed Report

After you generate a report, you can email a copy of the completed report to one or more people. The report file will be sent as an email attachment in HTML, PDF, or comma-separated value (CSV) format.

Tip You can also schedule a report to be generated on a regular basis and have the resulting report emailed to one or more interested parties. For more information, see Scheduling a Report.

To email a completed report, follow these steps:

Step 1 Select Reports > Completed.

The Completed Reports page appears.

Step 2 Select the check box next to the completed report that you want to email, and then click Email....

The Email Report page appears.

Step 3 Enter an email address in the To field. Use commas to separate multiple addresses.

Step 4 Enter a subject for the email in the Subject field. For example, you might include the name of the CiscoWorks2000 Server and the report name.

Step 5 Select the file format for the report file from the Format list. You can choose from HTML, PDF, or comma-separated value (CSV).

Step 6 Select the Append default file extension check box if you want the system to append the default file extension to the report file. This check box is selected by default.

Step 7 Enter a name for the report file. If you did not select the Append default file extension check box, you must manually append the file extension to the file name.

Step 8 Enter a message for your email in the text box.

Step 9 Click Send.

The system sends the email with the report as an attachment.

Deleting a Completed Report

You can delete completed reports. If the report was generated from a recurring scheduled report, deleting the report does not delete the scheduled report settings and will not prevent future versions of the report from being generated.

To delete a report, follow these steps:

Step 1 Select Reports > Completed.

The Completed Report page appears.

Tip If you are using Security Monitor, you can filter the reports that appear on the page. From the Report Group list, select All to show all completed reports, Audit Log to show only audit log reports, IDS Alarms to show only IDS alarm reports, IDS Alarms (summaries only) to show only IDS alarm summary reports, CSA Alarms to show only CSA alarm reports, or Firewall Reports to show only firewall reports.

Step 2 Select the check box next to the title of the report you want to delete.

Tip You can delete more than one report at a time. To delete more than one report, select the check boxes next to all reports that you want to delete.

A check mark appears next to each report you selected.

Step 3 To delete the selected report, click Delete.

The report is deleted. The report name is removed from the list of available reports.

	User Guide for Cisco IPS Manager 3.0
	Reports
User Guide for Cisco IPS Manager 3.0 Preface Introduction Advanced User Interface Design Features Managing Sensors with IPS MC Working with Groups and Sensors Configuring Sensors and Signature Settings Generating, Approving, and Deploying Sensor Configurations Monitoring Sensor Health Using Update Files Administering the System Configuration Administering the Database Reports Moving from the Unix Director or CSPM to IPS MC Solving Common Problems in IPS MC Employing Cisco Secure ACS with IPS MC Index	Download this chapter Reports Download the complete book User Guide for Cisco IPS Manager 3.0 (PDF - 3 MB) Table Of Contents Reports Understanding Report Templates in IPS MC Predefined Report Definitions Understanding the Reporting Workflow Creating a Report Definition Running a Report Scheduling a Report Viewing a Summary of Report Definition Details Editing Report Parameters Deleting a Report Definition Working with Pending Reports Editing A Pending Report Schedule Deleting a Pending Report Working with Completed Reports Viewing a Completed Report Printing a Completed Report Exporting a Completed Report Emailing a Completed Report Deleting a Completed Report Reports The Reports tab is where you can generate and view audit log reports about network activities monitored by sensors on your network. When you generate a report, you can run it immediately or you can schedule it to run at a later time. You can run scheduled reports once or repeatedly. This chapter contains the following topics: •Understanding Report Templates in IPS MC •Predefined Report Definitions •Understanding the Reporting Workflow –Creating a Report Definition –Running a Report –Scheduling a Report –Viewing a Summary of Report Definition Details –Editing Report Parameters –Deleting a Report Definition •Working with Pending Reports –Editing A Pending Report Schedule –Deleting a Pending Report •Working with Completed Reports –Viewing a Completed Report –Printing a Completed Report –Exporting a Completed Report –Emailing a Completed Report –Deleting a Completed Report Understanding Report Templates in IPS MC Reports are available in Management Center for IPS Sensors (IPS MC) to provide information about server events. The following report templates are available: •Audit Log Report—Reports audit records by the server and application. Unlike the other report templates, this report template provides a broad, non-task-specific view of audit records in the database. Filterable by Date/Time, Event Severity, Applications, Subsystem, and Task Type. •Detailed Sensor Configuration Deployment Report—Reports detailed information on all managed devices. Filterable by Date/Time and Device. •Subsystem Report—Reports audit records ordered by the IDS subsystem, which includes systems from IPS MC and Monitoring Center for Security (Security Monitor) and systems common to each. Filterable by Date/Time, Event Severity, and Subsystem. •Console Notification Report—Reports the console notification records generated by the notification subsystem. Filterable by Date/Time and Event Severity. •IDS Sensor Versions—Provides version information and modification time for all managed IDS sensors. There are no filter options for this report. •Device Inventory Report—Reports information about the managed devices in IPS MC. There are no filter options for this report. Predefined Report Definitions IPS MC includes several predefined report definitions to help you get started using the reporting features. You can edit the filtering parameters to customize a report definition to fit your particular needs. For more information, see Editing Report Parameters. The following predefined report definitions are available: •1-Day Application Errors—The following filters are defined for this report: –Task Type—Any –Date/Time—Last 1 Day –Event Severity—fatal, error –Subsystem—Any –Applications—Any •1-Day Console Notifications—The following filters are defined for this report: –Date/Time—Last 1 Day –Event Severity—fatal, error, warning, information, debug •Device Inventory Report—This report has no filtering options. •1-Day Pruning Activity—The following filters are defined for this report: –Date/Time—Last 1 Day –Event Severity—fatal, error, warning, information, debug –Subsystem—IDS_Database Prune Understanding the Reporting Workflow The following is a basic workflow for working with reports: 1. Create a report definition or select a predefined report. A report definition is a report template that you customize. Report definitions that you create are saved so that you can run or schedule a report based on that definition at any time. For more information, see Creating a Report Definition and Predefined Report Definitions. 2. Run the report or create a report schedule. After you create a report definition, you can run a report based on that definition. You can also schedule a report to run later or at regular intervals. For more information, see Running a Report and Scheduling a Report. 3. View the completed report. After you run a report, you can view it from the Completed Reports page. You can also email completed reports and export them to PDF or CSV files. For more information, see Working with Completed Reports. In addition to performing the tasks of the basic workflow, you can also edit and delete pending reports. Pending reports include reports that are running or are scheduled to run in the future. For more information, see Working with Pending Reports. This section contains the following topics: •Creating a Report Definition •Running a Report •Scheduling a Report •Viewing a Summary of Report Definition Details •Editing Report Parameters •Deleting a Report Definition Creating a Report Definition From the Reports page, you can define the parameters for the report you want to run. You must create a report definition (or select one previously defined) before you can run or schedule a report. To define a report, follow these steps: Step 1 Select Reports > Definitions. Then, click Create. The Select Report Template page appears. Step 2 Select a template for the report type that you want to define. Tip If you are using Security Monitor, you can filter the report templates that appear on the page. From the Report Group list, select All to show all report templates, Audit Log to show only audit report templates, IDS Alarms to show only IDS alarm templates, IDS Alarms (summaries only) to show only IDS alarm summary templates, CSA Alarms to show only CSA alarm templates, or Firewall Reports to show only firewall report templates. Step 3 Enter a name for your report in the Report Title field. The default report title is the name of the report type you selected in the previous step. Then, click Next. The Report Filtering page appears. Step 4 Enter the report parameters for the report type you selected. Then, click Next. The Confirm page appears. Step 5 Confirm that the report options are correct. Then, perform the appropriate step below: a. To save the report definition without running or scheduling a report, click Finish. The Reports page appears. The report definition you just created appears in the list. b. To run a report now based on the report definition you just created, click the Run now radio button. Then, click Finish. The Reports page appears. The report definition you just created appears in the list. To view the completed report, select Reports > Completed. c. To schedule a report based on the report definition you just created, click the Launch "Run with Options" radio button. Then, click Finish. The Schedule window appears. You must define the scheduling options. For more information, see the procedure in Scheduling a Report. Running a Report After a report has been defined, you can run it on demand. To run a report, follow these steps: Step 1 Select Reports > Definitions. Then, click the Create button. The Reports page appears. Step 2 Select the check box corresponding to the title of the report definition that you want to run. Tip If you are using Security Monitor, you can filter the report definitions that appear on the page. From the Report Group list, select All to show all report definitions, Audit Log to show only audit log report definitions, IDS Alarms to show only IDS alarm report definitions, IDS Alarms (summaries only) to show only IDS alarm summary report definitions, CSA Alarms to show only CSA alarm report definitions, or Firewall Reports to show only Firewall report definitions. A check mark appears next to the report you selected. Step 3 Click Run. The Pending Reports page appears. You can view the status of your report on this page. You can view the completed report by selecting Reports > Completed. Scheduling a Report After a report has been defined, you can define a schedule for the report to run. Scheduled reports run either one or more times based on the parameters you select. Tip Before you can schedule a report, you must create a report definition unless you are using one of the predefined reports. For more information, see "Creating a Report Definition" section. To schedule a report, follow these steps: Step 1 Select Reports > Definitions. The Reports page appears. Step 2 Click Run with Options next to the report title you want to schedule to run. The Schedule pop-up window appears. Step 3 Select the Use a schedule check box. The scheduling options appear in the Schedule pop-up window. Step 4 Specify the date that you want the report to run in the Date field. The date is specified by day, month, and year. Click the calendar icon next to the Date field to select a date from the built-in calendar. Step 5 Specify the time that you want the report to run in the Time field. The time is specified in hours, minutes, and seconds. The time zone used to determine the time is to the right of the Time field. Step 6 To run the report at regular intervals, select the Repeat every check box, then select an option in the list box. You can schedule the report to run every day, week, weekday, weekend day, hour, or minute. Step 7 To export the generated report to a file: a. Select the Export to a File on the VMS Server check box. The exporting options appear in the Schedule pop-up window. b. Select a format for the file from the Format list. You can export to an HTML, PDF, or comma-separated value (CSV) file. c. Specify the exact path to the file that is to contain the generated report in the File field. The path should include the filename and, if you do not select the Append default file extension when saved check box in the following step, the desired extension; for example, /<dir>[/<dir>/[...]]/<filename>[.<ext>]. Note If you generate a report with the same path, filename, and extension as a previously generated report, the previous report will be overridden. d. To automatically append the file extension to the filename, select the Append default file extension when saved check box. By default, the check box is selected. Step 8 To send an email notification to someone when the report runs: Note Before you can send email notifications, you must specify the email server that IPS MC should use. For more information, see Defining the Email Server Settings. a. Select the Notify via Email (when generated) check box. The email notification options appear in the Schedule pop-up window. b. Enter an email address in the To field. Use commas to separate multiple addresses. c. Enter a subject for the email in the Subject field. By default, the subject includes the name of the CiscoWorks2000 Server and the report name. d. Select the Attach a copy of the exported file check box to send a copy of the report as an attachment with the email notification. e. Enter a message for your email in the text box. The default message informs the recipient that the report has been generated and includes a link to view the report on the CiscoWorks2000 Server. Step 9 Click Create Schedule. You can view the scheduled report definition by selecting Reports > Pending. Viewing a Summary of Report Definition Details After you create a report definition, it appears on the Reports page. You can view a summary of the report definition details from the Reports page. To view a report definition details, follow these steps: Step 1 Select Reports > Definitions. The Reports page appears. Step 2 Click the report title in the Title column of the report you want to review. Tip If you are using Security Monitor, you can filter the report definitions that appear on the page. From the Report Group list, select All to show all report definitions, Audit Log to show only audit log report definitions, IDS Alarms to show only IDS alarm report definitions, IDS Alarms (summaries only) to show only IDS alarm summary report definitions, CSA Alarms to show only CSA alarm report definitions, or Firewall Reports to show only Firewall report definitions. The Report Definition Details dialog box appears. The window displays the report definition attributes such as the report title, the date it was created, who created it, and the report template used to create it. The window also displays the scheduling and data filtering information, if applicable. Tip If there is a scroll bar on the right side of the window, you can select an option from the Go to list to quickly navigate the window. Editing Report Parameters To edit the parameters of a report definition, follow these steps: Step 1 Select Reports > Definitions. The Reports page appears. Step 2 Select the check box corresponding to the title of the report definition that you want to edit, and then click Edit. Tip If you are using Security Monitor, you can filter the report definitions that appear on the page. From the Report Group list, select All to show all report definitions, Audit Log to show only audit log report definitions, IDS Alarms to show only IDS alarm report definitions, IDS Alarms (summaries only) to show only IDS alarm summary report definitions, CSA Alarms to show only CSA alarm report definitions, or Firewall Reports to show only Firewall report definitions. The Select Report Template page appears. Step 3 To change the report type, click the radio button next to a different report type. Step 4 To change the report name, enter a new name for your report in the Report Title field. Step 5 Click Next The Report Filtering page appears. Step 6 Change any report parameters that you want to. Then, click Next. The Confirm page appears. Step 7 Confirm the report options are correct. Then, click Finish. The Reports page appears. The changes you made are saved to the report definition. Deleting a Report Definition You can delete any unwanted report definitions. If you delete a report definition, any scheduled reports based on that definition are also deleted, however any completed reports based on that definition are not deleted. To delete a report definition, follow these steps: Step 1 Select Reports > Definitions. The Reports page appears. Tip If you are using Security Monitor, you can filter the report definitions that appear on the page. From the Report Group list, select All to show all report definitions, Audit Log to show only audit log report definitions, IDS Alarms to show only IDS alarm report definitions, IDS Alarms (summaries only) to show only IDS alarm summary report definitions, CSA Alarms to show only CSA alarm report definitions, or Firewall Reports to show only Firewall report definitions. Step 2 Select the check box corresponding to the title of the report you want to delete. Tip You can delete more than one report definition at a time. To do so, select the check boxes corresponding to all report definitions that you want to delete. A check mark appears next to each selected report. Step 3 To delete the report definition, click Delete. The selected report definition is deleted. Working with Pending Reports On the Pending Reports page, which you access by selecting Reports > Pending, you can view pending reports. Pending reports include reports that are running or are scheduled to run in the future. The status of a pending report can be one of the following: •Running—The system is retrieving the report data from the database and generating the report. •Queued—The report generator can generate only one report at a time. This state indicates that the system recognizes that the report is ready to be generated and that the report is waiting for its turn to run. The Queued state usually occurs when another report is already in the Running state ahead of this one. •Waiting—The report is not ready to run and is waiting for its run time to arrive. Pending reports in this state usually have a repeating schedule and are between scheduled run times. You can edit the schedule of a pending report. You can also delete a pending report. When you delete a pending report, no future iterations of the report, if scheduled, will run. For more information, see the following: •Editing A Pending Report Schedule •Deleting a Pending Report Editing A Pending Report Schedule When you schedule a report to run in the future, once or at regular intervals, the report appears on the Pending Reports page, which you access by selecting Reports > Pending. From the Pending Reports page, you can edit the report schedule. For information about scheduling a report, see Scheduling a Report. To edit a pending report schedule, follow these steps: Step 1 Select Reports > Pending. The Pending Reports page appears. Step 2 Select the check box next to the report whose schedule you want to edit. Then, click Edit. The Schedule pop-up window appears. Step 3 Edit any parameters that you want to change, and then click Save. Any changes you made are saved. Deleting a Pending Report You can delete from the schedule any pending reports that you no longer want to run. If you delete a pending scheduled report, no future iterations of that report will run. Deleting a pending report does not delete the report definition. To delete a report definition, see Deleting a Report Definition. To delete a pending report, follow these steps: Step 1 Select Reports > Pending. The Pending Reports page appears. Step 2 Select the check box next to the report you want to delete, and then click Delete. The report is deleted. No future iterations of the report, if scheduled, will run. Working with Completed Reports From the Completed Reports page, you can view generated reports, export reports, and email reports. You can also delete unwanted reports. This section contains the following topics: •Viewing a Completed Report •Printing a Completed Report •Exporting a Completed Report •Emailing a Completed Report •Deleting a Completed Report Viewing a Completed Report After a report is generated, you can view it. Tip To understand how data is sorted in a report, refer to the numbers that appear in the column headings of the generated report. These numbers represent the sort keys. For example, data is sorted first based on the data in the column with a (1) in it, followed by the data in the column with a (2) in it, and so on. To view a report, follow these steps: Step 1 Select Reports > Completed. The Completed Reports page appears. Step 2 Click the title of the report that you want to view. Tip If you are using Security Monitor, you can filter the reports that appear on the page. From the Report Group list, select All to show all completed reports, Audit Log to show only audit log reports, IDS Alarms to show only IDS alarm reports, IDS Alarms (summaries only) to show only IDS alarm summary reports, CSA Alarms to show only CSA alarm reports, or Firewall Reports to show only firewall reports. The report appears in a new browser window. Printing a Completed Report After you have generated a report, you can view the report in a printer-friendly format and then use your browser's print feature to print that report. To print a completed report, follow these steps: Step 1 Select Reports > Completed. The Completed Reports page appears. Step 2 Click the title of the report that you want to view. Tip If you are using Security Monitor, you can filter the reports that appear on the page. From the Report Group list, select All to show all completed reports, Audit Log to show only audit log reports, IDS Alarms to show only IDS alarm reports, IDS Alarms (summaries only) to show only IDS alarm summary reports, CSA Alarms to show only CSA alarm reports, or Firewall Reports to show only firewall reports. The report appears in a new browser window. Step 3 Click the Printer Friendly Format icon. A printer-friendly version of the report appears in a new browser window. Step 4 Print the report using your browser's print function. Exporting a Completed Report After you generate a report, you can export the completed report to a PDF or CSV file. To export a report, follow these steps: Step 1 Select Reports > Completed. The Completed Reports page appears. Step 2 Click the title of the report that you want to export. Tip If you are using Security Monitor, you can filter the reports that appear on the page. From the Report Group list, select All to show all completed reports, Audit Log to show only audit log reports, IDS Alarms to show only IDS alarm reports, IDS Alarms (summaries only) to show only IDS alarm summary reports, CSA Alarms to show only CSA alarm reports, or Firewall Reports to show only firewall reports. The report appears in a new browser window. Step 3 Click the Export Current Report icon. The Exporting Report dialog box appears. Step 4 To export the file in PDF: a. Click the PDF radio button, and then click OK. The file appears in a new browser window. b. Perform the appropriate step below to save the PDF file to disk: •To use Internet Explorer to save the PDF file, click the Save Copy icon on the Adobe toolbar. Browse to the location where you want to save the file and enter a filename. Then, click Save. The report is saved using the filename and location you specified. •To use Netscape Navigator to save the PDF file, click Save File. Browse to the location where you want to save the file and enter a filename. Then, click Save. The report is saved using the filename and location you specified. Step 5 To export the file in CSV format: a. Click the CSV radio button, and then click OK. The File Download dialog box appears. b. Perform the appropriate step below to save the CSV file to disk: •To use Internet Explorer to save the CSV file, click Save. The Save As dialog box appears. Browse to the location where you want to save the file and enter a filename. Then, click Save. The report is saved using the filename and location you specified. •To use Netscape Navigator to save the CSV file, select Save this file to disk and click OK. The Enter name of file to save to dialog box appears. Browse to the location where you want to save the file and enter a filename. Then, click Save. The report is saved using the filename and location you specified. Emailing a Completed Report After you generate a report, you can email a copy of the completed report to one or more people. The report file will be sent as an email attachment in HTML, PDF, or comma-separated value (CSV) format. Tip You can also schedule a report to be generated on a regular basis and have the resulting report emailed to one or more interested parties. For more information, see Scheduling a Report. To email a completed report, follow these steps: Step 1 Select Reports > Completed. The Completed Reports page appears. Step 2 Select the check box next to the completed report that you want to email, and then click Email.... The Email Report page appears. Step 3 Enter an email address in the To field. Use commas to separate multiple addresses. Step 4 Enter a subject for the email in the Subject field. For example, you might include the name of the CiscoWorks2000 Server and the report name. Step 5 Select the file format for the report file from the Format list. You can choose from HTML, PDF, or comma-separated value (CSV). Step 6 Select the Append default file extension check box if you want the system to append the default file extension to the report file. This check box is selected by default. Step 7 Enter a name for the report file. If you did not select the Append default file extension check box, you must manually append the file extension to the file name. Step 8 Enter a message for your email in the text box. Step 9 Click Send. The system sends the email with the report as an attachment. Deleting a Completed Report You can delete completed reports. If the report was generated from a recurring scheduled report, deleting the report does not delete the scheduled report settings and will not prevent future versions of the report from being generated. To delete a report, follow these steps: Step 1 Select Reports > Completed. The Completed Report page appears. Tip If you are using Security Monitor, you can filter the reports that appear on the page. From the Report Group list, select All to show all completed reports, Audit Log to show only audit log reports, IDS Alarms to show only IDS alarm reports, IDS Alarms (summaries only) to show only IDS alarm summary reports, CSA Alarms to show only CSA alarm reports, or Firewall Reports to show only firewall reports. Step 2 Select the check box next to the title of the report you want to delete. Tip You can delete more than one report at a time. To delete more than one report, select the check boxes next to all reports that you want to delete. A check mark appears next to each report you selected. Step 3 To delete the selected report, click Delete. The report is deleted. The report name is removed from the list of available reports.
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.