67-2
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 67 Managing Reports
Understanding Report Management
Note Report Manager does not report on FWSM events even though Event Viewer works with FWSM.
The following topics explain Report Manager and its available reports in more detail, and also describe
the other types of reports available in Security Manager:
Understanding the Types of Reports Available in Security Manager, page 67-2
Preparing Devices for Report Manager Reporting, page 67-3
Understanding Report Manager Data Aggregation, page 67-4
Understanding Report Manager Access Control, page 67-5
Understanding the Predefined System Reports in Report Manager, page67-13
Understanding the Types of Reports Available in Security Manager
Security Manager provides a variety of reporting capabilities. The following are the types of reports
available:
Security and Usage Reports (Report Manager application)—You can use the Report Manager
application to view aggregated information collected by the Event Manager service from monitored
devices. Some information is also obtained directly from the devices. These reports can provide
information on network security and remote access IPsec and SSL VPN usage.
Activity (Configuration Session) Change Reports—These reports provide detailed information
about the policies changed within a specific activity (in Workflow mode) or configuration session
(in non-Workflow mode). For more information, see Viewing Change Reports, page 4-16.
Out of Band Change Report—These reports identify inconsistencies between the configuration
that exists on a device and the configuration for the device maintained in Security Manager. You can
use this information to proactively address these inconsistencies before deploying configurations,
where the change will either be overwritten or the deployment will fail, depending on the behavior
you select in the deployment job. For more information, see Detecting and Analyzing Out of Band
Changes, page 8-46.
Audit Report—This report provides information about changes to Security Manager and the objects
contained in the database. The report includes information about the runtime environment, such as
logins and authentication failures, changes to objects, such as activity changes and deployments, and
changes to managed devices, such as inventory additions and deletions. For more information, see
Generating the Audit Report, page 10-20.
Inventory Status—This report provides information on policy deployment status. For more
information, see Viewing Inventory Status, page 69-1.
Policy Discovery Status reports—When you discover policies from a device, either while adding
it to the inventory or when rediscovering policies on a managed device, the information about the
policy discovery is maintained so that you can view it at a later time. For more information, see
Viewing Policy Discovery Task Status, page 5-21.
Deployment Status reports—When you deploy configurations to managed devices, information
about the deployment is maintained so that you can view it at a later time. For more information, see
Viewing Deployment Status and History for Jobs and Schedules, page8-27.
Deployment and Discovery Status reports for troubleshooting—You can export deployment and
policy discovery status reports in a form suitable for sending to Cisco Technical Support (TAC) to
help troubleshoot problems. You might also find these reports useful for your own purposes. For
more information, see Generating Deployment or Discovery Status Reports, page 10-28.