Table Of Contents
Tools User Interface Reference
Policy Discovery Status Page
Discovery Details Pane
Import Details Pane
Catalyst 6500/7600 Device Manager
IPS Manager
Audit Report Page
Audit Message Details Dialog Box
Configuration Archive Window
Configuration Version Viewer
New Config Version Dialog Box
Tools User Interface Reference
These topics describe the pages that are accessed from the Tools menu:
•
Device Properties Page, page A-47
•Policy Object Manager General Reference, page C-28
•Site-to-Site VPN Manager Window, page B-2
•Deployment User Interface Reference, page H-1
•Activity Manager Window, page G-1
•Policy Discovery Status Page
•Device Status Page, page C-482
•Catalyst 6500/7600 Device Manager
•IPS Manager
•Preview Config Dialog Box, page H-8
•Audit Report Page
•Configuration Archive Window
•Backup and Restore, page 17-17
•Administrative Settings User Interface Reference, page F-1
Policy Discovery Status Page
Use the Policy Discovery Status page to view the status of policy discovery and device import.
Navigation Path
Select Tools > Policy Discovery Status.
Related Topics
•Understanding Policy Discovery Status, page 17-3
•Viewing Policy Discovery Status Information, page 17-4
Field Reference
Table E-1 Policy Discovery Status Page
Element
|
Description
|
Tasks—Provides information and status of the overall discovery or device import task.
|
Name
|
The unique task name that you entered in the Discovery Task Name field in the Discover Policies on Device page.
|
Type
|
One of the following:
•Discovery—Initiated from the Discover Policies on Device page.
•Device Import—Initiated after you add a new device into Security Manager, then select the Policies and Inventory option.
|
Start Time
|
The time the task started.
|
End Time
|
The time the task stopped.
|
Status
|
The overall status of the task. One of the following:
•Completed successfully—Discovery or device import task succeeded.
•Completed with errors—Discovery and device import were partially successful. This could occur if all policies were not discovered or if device import succeeded, but no policies were discovered. Look at the Messages text box for details.
•Completed with warnings—Discovery and device import were successful but a minor problem occurred. Look at the Messages text box for details.
•Failed—No polices were discovered or device import failed because of errors or because you stopped discovery.
|
Refresh button
|
Refreshes the task list if the tasks are running in the background or new tasks were created.
|
Delete button
|
Deletes the selected task from the database.
|
Discovery Details or Import Details—Depending on the type of task, discovery or device import, this pane is called either Discovery Details or Import Details.
For a description of the fields in Discovery Details, see Discovery Details Pane.
For a description of the fields in Import Details, see Import Details Pane.
|
Messages
|
Displays messages about the selected device.
|
Severity
|
Information about the severity of the problem. An icon for one of the following is displayed:
•Error—A problem was detected.
•Warning—A minor problem occurred during discovery.
•Information—Informational message about the selected device.
|
Description
|
Details about each message. When you click a message row, detailed information about that message appears in the Description text box.
|
Action
|
The steps you can take to resolve the problem.
|
Close button
|
Closes the page.
|
Help button
|
Opens help for this page.
|
Discovery Details Pane
If the task type you selected in the Policy Discovery Status page is Discovery, the Discovery Details pane is displayed.
Navigation Path
Select Tools > Policy Discovery Status.
Related Topics
•Policy Discovery Status Page
Field Reference
Table E-2 Discovery Details
Element
|
Description
|
Device
|
The name of each device that was involved in the policy discovery for a selected task.
|
Severity
|
An icon for one of the following is displayed:
•Error—Discovery failed.
•Information—Discovery completed successfully.
|
State
|
The status of the policy discovery for each device that was involved in the policy discovery for a selected task. Displays one of the following:
•Discovery Completed—Discovery succeeded and the discovered policies are added to the Security Manager database.
•Discovery Failed—No polices were discovered because errors occurred.
|
Discovered from
|
One of the following:
•Live Device—Security Manager contacted the device to obtain configuration and policy information.
•File—Security Manager obtained the configuration and policy information from a configuration file.
|
Import Details Pane
If the task type you selected in the Policy Discovery Status page is Device Import, the Import Details pane is displayed.
Navigation Path
Select Tools > Policy Discovery Status.
Related Topics
•Policy Discovery Status Page
Field Reference
Table E-3 Import Details
Element
|
Description
|
Device
|
The name of each device that was involved in device import and policy discovery for a selected task.
|
Config File
|
The location of the configuration file. This field is displayed only if you are importing from a configuration file.
|
Task Type
|
One of the following:
•Import only—Adding devices to Security Manager.
•Import and Discover—Adding devices and discovering policies and inventory, or adding devices and discovering policies.
|
Severity
|
An icon for one of the following is displayed:
•Error—Device add failed.
•Information—Device was added successfully.
|
State
|
The status of the device addition: Device Added or Device Add Failed.
|
Catalyst 6500/7600 Device Manager
The Catalyst 6500/7600 Device Manager (DM-6500/7600) component is embedded in Security Manager. For information, please see Using the Catalyst 6500/7600 Device Manager, page 14-1.
Navigation Path
Highlight a Catalyst 6500/7600 device and select Tools > Catalyst 6500/7600 Device Manager.
IPS Manager
IPS Manager opens from the Tools menu. For more information, please see the IPS Manager context-sensitive online help.
Navigation Path
Select Tools > IPS Manager.
Audit Report Page
When state changes occur in Security Manager, an audit entry is created. You can display the aggregated results of the audit entries by defining the parameters in the Audit Report page. See Understanding Audit Reports, page 17-6.
Navigation Path
Select Tools > Audit Report.
Related Topics
•Understanding Audit Reports, page 17-6
•Audit Message Details Dialog Box
Field Reference
The Audit Report page contains two panes. Use the left pane to define the parameters for generating the audit report.
Table E-4 Audit Report Page Left Pane
Element
|
Description
|
Search by action
|
The action that generates the audit report: Objects, License, Admin, PolicyManager, Devices, Cofig Archive, Deployment, System, and Activity.
|
Search by date
|
From—The date to begin the audit report search. Click the calender icon to open a calender, then select the start date.
To—The date to finish the audit report search. Click the calender icon to open a calender, then select the end date.
|
Search for activity by state
|
Filters the activity by state. If the action has an associated activity, such as, Approved, Created, Discarded, Submitted, Edited and so on, click the arrow in the filter field, then select the activity from the list.
Note This field applies only if you are in workflow-enable mode. Only policies and objects can have activities associated to them.
Associated activities are a set of actions that you perform on a particular activity. For example, when you assign policies to a device, you create an activity. Later, to make policy changes, you open that activity in the edit state, make the policy changes, then submit it for approval. The approver, before approving or rejecting the activity, might choose to review the proposed policy changes and all the actions (associated activities) performed on that policy, such as, created and edited in this example.
|
Search by message warning level
|
The message warning level: Information, Warning, Success, Failure and Internal System Error.
|
Search by user name
|
The username of the person who performed the action.
For example, if you select Activity in the Actions field, and you know the username of the person who created that activity, enter that name in the username field.
|
Search by phrase in the message body
|
A search string. You can enter a maximum of 1025 characters.
|
Search by all or part of the object name
|
A search string. You can enter a maximum of 1025 characters.
|
Search button
|
Starts generating the report.
|
Reset button
|
Deletes the values in each field.
|
The right pane displays the audit report. The contents of the audit report depends on the parameters you defined in the left pane. Therefore, all columns listed in the table might not be displayed in the generated audit report.
Table E-5 Audit Report Page Right Pane
Element
|
Description
|
Message Level
|
Messages, such as Information, Warning, Success, Failure and Internal System Error.
|
Date
|
The date and time the action occurred.
|
Source
|
The origin of the audit entry: Objects, License, Admin, PolicyManager, Devices, Cofig Archive, Deployment, System, and Activity.
|
Action
|
The action performed on the category: Create, Assign, Purge, and Delete.
|
Object
|
The identifier of the action. For example, if the category is device, then the object identifier could be device name or IP address. If the category is deployment, then the object identifier could be job name, job id, and so on.
|
Username
|
The username of the person performing the action.
|
Activity
|
The name of the activity.
|
# of rows per page
|
The number of rows to display on each page.
|
< arrow
|
Returns to the previous page of the audit report.
|
> arrow
|
Advances to the next page of the audit report.
|
Close button
|
Closes the window.
|
Help button
|
Opens help for this page.
|
Audit Message Details Dialog Box
Use the Audit Message Details dialog box to see details about an audit message. Double-click a message row in the audit report page to display details about that message.
Navigation Path
You can access the Audit Report Details dialog box from the Audit Reports page. To access the Audit Report page, select Tools > Audit Report.
Related Topics
•Audit Report Page
•Generating the Audit Report, page 17-7
Field Reference
Table E-6 Audit Message Details
Element
|
Description
|
Date
|
The date and time the action occurred.
|
User
|
The username of the person performing the action.
|
Source
|
The origin of the audit entry: Objects, License, Admin, PolicyManager, Devices, Cofig Archive, Deployment, System, and Activity.
|
Action
|
The action performed on the category: Create, Assign, Purge, and Delete.
|
Message Level
|
Message levels: Information, Warning, Success, Failure, and Internal System Error.
|
Associated Activity
|
The action associated with the activity.
Note This field applies only if you are in workflow-enable mode. Only policies and objects can have activities associated to them.
Associated activities are a set of actions that you perform on a particular activity. For example, when you assign policies to a device you create an activity. Later, to make policy changes, you open that activity in the edit state, make the policy changes, then submit it for approval. The approver, before approving or rejecting the activity, might choose to review the proposed policy changes and all the actions (associated activities) performed on that policy such as created and edited in this example.
|
Object Id
|
The identifier of the category. For example, if the category is device, the object identifier could be device name or IP address. If the category is deployment, the object identifier could be job name, job id, and so on.
|
Description
|
Describes the operation.
|
Top and bottom arrows
|
Moves to the next or previous task:
•The top arrow advances you to the next task row.
•The bottom arrow returns you to the previous task row.
|
OK button
|
Closes the dialog box.
|
Configuration Archive Window
Configuration Archive stores configuration versions for each device managed by Security Manager.
Note Security Manager does not support the archiving of VLAN configurations.
You can use Configuration Archive to:
•View the transcript of a configuration deployment for a selected device.
•View and compare configuration versions.
•View CLI differences between deployed configuration versions.
•Rollback to an earlier configuration version.
•Add a configuration from file.
•Retrieve a current running device configuration.
The Configuration Archive window lists device configuration versions that have been added to the archive. You can view and sort the configuration file versions by certain criteria as shown in Table E-7. You can view and compare configuration versions for a specific device. You can also view deployment transcripts and delta configurations. For detailed procedures, see Using the Configuration Archive Tool.
Navigation Path
Select Tools > Configuration Archive.
Related Topics
•Customizing the Configuration Archive Toolbar
•Configuration Version Viewer
•New Config Version Dialog Box
•Defining Configuration Archive Settings, page 2-46
•Using Rollback to Deploy Archived Configurations
•Viewing and Comparing Configurations
•Viewing Transcripts
Field Reference
Table E-7 Configuration Archive Window
Element
|
Description
|
Version ID
|
The version number of the configuration version.
|
Created On
|
The date and time that the configuration version was archived.
|
Created By
|
The user ID or system ID associated with adding the configuration version to Configuration Archive.
|
Archival Source
|
The origin of the archiving event (for example, User Request, Job Name).
|
Creation Comment
|
Information about the configuration version created.
|
Transcript Icon
|
When double-clicked, displays a transcript of a configuration version that deployed to a device. A transcript is the log file of Security Manager server and device transactions captured during a deployment or rollback operation. It includes commands sent and received between server and device from the time of deployment or rollback request.
|
View button
|
Opens the configuration version viewer in which you can view or compare selected configuration versions for a device.
Note Configuration files deployed to Catalyst 6000/7600 series devices will appear as two entries in Configuration Archive due to deployment constraints of those device types. These are duplicates of the same version, not separate configuration versions.
|
Rollback button
|
Rolls back to the selected configuration version.
|
Add button
|
Displays two options that enable you to add a device configuration version to Configuration Archive:
•Add New Version—Enables you to add a new configuration version to a specific device archive for later use.
•Fetch New Version From Device—Enables you to retrieve a current configuration from a device and add it to the archive for that device. This is useful for any device whose configuration might have been changed directly in its CLI.
For more information on adding configuration versions, see Adding Configuration Versions to Archive, page 17-15.
|
Close button
|
Closes the Configuration Archive window.
|
Help button
|
Opens help for this window.
|
Transcript Viewer
|
Viewing Area
|
Opens when the Transcript icon is double-clicked. The viewing area contains text of a transcript file created during the roll back of a configuration or a message stating that no transcript is available. If a configuration was added to the archive from a file, no transcript is available.
|
Close button
|
Closes the Transcript viewer.
|
Configuration Version Viewer
From the Configuration version viewer you can view full and delta configuration versions line by line for a selected device. You can compare any version to any other version in the archive for a selected device. The selected version appears in the left pane, and you can select another version for comparison from the list on the upper right of this window. For information on viewing full and delta configuration versions, see Viewing and Comparing Configurations, page 17-12.
Related Topics
•Adding Configuration Versions to Archive, page 17-15
Field Reference
Table E-8 Configuration Version Viewer Window
Element
|
Description
|
Version ID
|
Lists the configuration versions that are available for the selected device. You can select a version for viewing in the left pane.
•Previous—Displays the version in the sequence before the one showing.
•Next—Displays the version in the sequence after the one showing.
•Last—Displays the last version in the list.
•Version n—Displays the version in the sequence by ID.
|
Compare with version
|
Lists the configuration versions that are available for the selected device. You can select a version for viewing in the right pane.
•Previous—Displays the version in the sequence before the one showing in the left pane.
•Next—Displays the version in the sequence after the one showing in the left pane.
•Last—Displays the last version in the sequence.
•Version X—Displays the version by ID.
|
Config Type
|
Types of configurations that are available for viewing:
•Full Configuration—The full configuration for the selected device as saved in the Configuration Archive. You can compare full configurations for a device.
•Delta Configuration—The file that is generated by Security Manager during deployment and that represents policy changes between the configuration selected in the Version ID field and the most recently deployed version.
Note Configuration versions resulting from out-of-band changes (for example, in the CLI) can be added to Configuration Archive using Fetch, but no delta configuration file is generated.
|
Left pane
|
Displays the configuration version that you selected in the Configuration Archive window or from the Version ID list.
|
Right pane
|
Displays the configuration version that you selected in the Configuration Archive window or from the Compare with version list.
|
Line Numbers
|
Configuration text line numbers.
|
First Difference button
|
Moves the view of the config forward or backward to the next difference.
Note Text is color-coded to show the type and number of changes according to legend to the right of change indicator buttons.
|
Previous Difference button
|
Moves the cursor to the previous difference noted between the configuration versions.
|
Current Difference button
|
Using the cursor, focuses on the currently selected difference in the window.
|
Next Difference button
|
Moves the cursor to the next difference noted between the configuration versions.
|
Last Difference button
|
Moves the cursor to the last difference noted between the configuration versions.
|
Close button
|
Closes the configuration viewer window.
|
Help button
|
Opens help for this window.
|
New Config Version Dialog Box
Use the New config version dialog box to add a new configuration file to the archive for a particular device. You can enter the device credential information and configuration file in real time, or cut and paste from a file. For information on adding configurations, see Adding Configurations from a File to Configuration Archive, page 17-15.
Related Topics
•Configuration Version Viewer
•Using Rollback to Deploy Archived Configurations, page 17-14
Field Reference
Table E-9 New Config Version Dialog Box
Element
|
Description
|
Commands
|
Cut and paste a new configuration version for the device chosen from the Device Selector, or enter it real time, in this text box.
|
Username
|
The username for logging on to device.
|
Password
|
The password (associated with username above) used to log in to the device during rollback if this configuration version is deployed.
|
Enable Password
|
The password needed for the selected device to permit configuration rollback.
|
Confirm
|
Reenter enable password to verify.
|
OK button
|
Saves your changes locally on the client and closes the dialog box.
Note To save your changes to the server so that they are not lost when you log out or close your client, click Save on the source page.
|
Cancel button
|
Closes the window without saving your changes.
|
Help button
|
Opens help for this window.
|
