67-15
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter67 Managing Reports
Understanding the Predefined System Reports in Report Manager
Malware Site—The domain name or IP address in the dynamic filter database to which the
traffic was initiated.
List Type—Whether the site is on the black list or the grey list.
Connections Logged—The count of the number of connections logged or monitored for each
site.
Connections Blocked—The count of the number of connections that were blocked (dropped) by
botnet traffic filtering for each site.
Threat Level—The botnet threat level for the site, from very low to very high, or none.
Category—The category of threat the site poses as defined in the botnet database, such as
botnet, Trojan, spyware, and so on.
The parameters used to define the number of hosts, ports, or sites in the report and the reporting time
period are defined in the system defaults as described in Configuring Default Settings for Reports,
page 67-24. You can also edit the report settings and create custom versions of the reports, as described
in the following topics:
Editing Report Settings, page 67-21
Creating Custom Reports, page 67-20
Understanding VPN Top Reports
Report Manager includes predefined system reports that you can use to identify the top remote access
VPN users based on bandwidth usage, duration of connection to your network, and data throughput.
Separate reports are provided based on the type of connection made by the user.
These reports are available in the System Reports > VPN folder in the AnyConnect (SSL) Remote
Access VPN, Cisco VPN Client (IPsec) Remote Access VPN, and Clientless SSL VPN.
The following reports are available in each folder. Each report is specific to the connection type indicated
by the folder name and also included in parentheses in the report name.
Top Bandwidth Users—This report ranks the VPN users who consumed the most bandwidth. The
report shows the usernames, the bandwidth in total number of bytes sent and received, and the
percentage of reported bandwidth used by each user.
Top Duration Users—This report ranks the VPN users who remained connected to the network for
the longest time. The report shows the usernames, the connection duration time in days
hours:minutes:seconds format, and the percentage of the reported duration by each user. The chart
shows duration in seconds.
Top Throughput Users—This report ranks the VPN users who sent and received data at the highest
throughput rate. The report shows the usernames, the throughput for each user in kbps, and the
percentage of reported throughput by each user. The throughput is calculated as 8.0*(bandwidth of
the user in bytes)/(duration for which the user is connected in seconds*1000.0).
The parameters used to define the number of users included in the report and the reporting time period
are defined in the system defaults as described in Configuring Default Settings for Reports, page67-24.
You can also edit the report settings and create custom versions of the reports, including focusing on
specific users, as described in the following topics:
Editing Report Settings, page 67-21
Creating Custom Reports, page 67-20