67-4
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 67 Managing Reports
Understanding Report Management
Understanding Report Manager Data Aggregation
Report Manager aggregates information that is collected from monitored devices by the Event Manager
service. Thus, to view reports about a device, you must also be monitoring the device in Event Viewer.
Report Manager collects data using two techniques. First, the Event Manager service provides re levant
events to Report Manager and then Report Manager decides if it should store those events based on the
predefined reports and custom reports that are currently configured. Second, some statistics, such as
VPN statistics, are obtained directly from the device through regular polling at five minute intervals.
Table67-1 Report Manager Data Sources
Reports Data Sources
FW Reports
Top Sources
Top Destinations
Top S erv ices
Built Syslogs:
302013,302015,302017,302020
Deny syslogs:
106001,106006,106007,106010,106011,106014,106015,106016,1060
17
Top Malware Sites
Top Malware Ports
Top Infected Hosts
BOTNET Syslogs:
338001,338002,338003,338004,338005,338006,338007,338008,3382
01,338202,338203,338204
IPS Reports
All IPS Reports All IPS Alerts
VPN Reports
Top Bandwidth Users
(Full-Client)
Top Duration Users
(Full-Client)
Top Throughput Users
(Full-Client)
For ASA version 8.3 and earlier:
show vpn-sessiondb full svc
For ASA version 8.4.1 and later:
show vpn-sessiondb full anyconnect
Top Bandwidth Users
(IPSec-RA)
Top Duration Users
(IPSec-RA)
Top Throughput Users
(IPSec-RA)
For ASA version 8.3 and earlier:
show vpn-sessiondb full remote
For ASA version 8.4.1 and later:
show vpn-sessiondb full ra-ikev1-ipsec
Top Bandwidth Users
(Clientless)
Top Duration Users
(Clientless)
Top Throughput Users
(Clientless)
For all ASA versions:
show vpn-sessiondb full webvpn
User Report All above show commands.
VPN Device Usage Report All above show commands.