Centralized Web Reporting and Tracking Overview
The Cisco Content Security Management appliance aggregates information from security features on multiple Web Security appliances and records data that can be used to monitor your web traffic patterns and security risks. You can run reports in real-time to view an interactive display of system activity over a specific period of time, or you can schedule reports and run them at regular intervals. Reporting functionality also allows you to export raw data to a file.
The Centralized Web Reporting feature not only generates high-level reports, allowing administrators to understand what is happening on their network, but it also allows an administrator to drill down and see traffic details for a particular domain, user, or URL category.
For a domain, the web reporting feature can generate the following data elements to be on a domain report. For example, if you are generating a report on the Facebook.com domain, the report may contain:
A list of the top users who accessed Facebook.com
A list of the top URLs that were accessed within Facebook.com
For a user, the web reporting feature can generate data elements to be on a user report. For example, for the user report titled ‘Jamie’, the report may contain:
- A list of the top domains that the user ‘Jamie’ accessed
- A list of the top URLs that were malware or virus positive
- A list of the top categories that the user ‘Jamie’ accessed
For a URL category, the web reporting feature can generate data to be included in a category report. For example, for the category ‘Sports’, the report may contain:
- A list of the top domains that were in the ‘Sports’ category
- A list of the top users who accessed the ‘Sports’ category
In all of these examples, these reports are intended to give a comprehensive view about a particular item on the network so that the administrator can take action.
For a detailed description on logging pages versus reporting pages, see the Logging Versus Reporting.
You can retrieve all the domain information that a user goes to, not necessarily the specific URL that is accessed. For information on a specific URL that the user is accessing, what time they went to that URL, whether that URL is allowed, etc., use the Searching for Transactions Processed by Web Proxy Services on the Web Tracking page.
The Web Security appliance only stores data if local reporting is used. If centralized reporting is enabled for the Web Security appliance then the Web Security appliance retains ONLY System Capacity and System Status data. If Centralized Web Reporting is not enabled, the only reports that are generated are System Status and System Capacity.
There are multiple ways to view web reporting data on the Security Management appliance.
- To view interactive report pages, see Web Reporting Page Descriptions.
- To generate a report on demand, see Generating Web Reports on Demand.
- To schedule generation of reports on a regular, recurring basis, see About Scheduled and On-Demand Web Reports.
- To view archived versions of previously run reports (both scheduled and generated on demand), see Viewing and Managing Archived Web Reports.
- To view information about individual transactions, see Web Tracking.