Cisco Cisco Content Security Management Appliance M390
R E T R I E V I N G C S V D A T A V I A A U T O M A T E D P R O C E S S E S
C H A P T E R 1 : R E P O R T I N G A P I
3
• The first row contains column headers that match the display names shown in the report.
Note that timestamps (see “Timestamps” on page 3) and keys (see “Keys” on page 4) also
appear.
appear.
Email Security Appliance Download URL
The download URL for IronPort Email Security appliances begins with
http://hostname/
monitor/reports
.
Security Management Appliance Download URL
The download URL for IronPort Security Management appliances begins with
http://
hostname/monitor_email/reports
.
Sample URL for ESA Using the ‘Export’ Link
http://example.com/monitor/reports/
content_filters?format=csv&sort_col_ss_0_0_0=MAIL_CONTENT_FILTER_INCOM
ING.RECIPIENTS_MATCHED§ion=ss_0_0_0&date_range=current_day&sort_or
der_ss_0_0_0=desc&report_def_id=mga_content_filters
Note — Some of the URL parameters in the above example are not essential for a CSV
download. For example, you can use the following simplified URL to download the same
data:
download. For example, you can use the following simplified URL to download the same
data:
http://example.com/monitor/reports/
content_filters?format=csv§ion=ss_0_0_0&date_range=current_day&rep
ort_def_id=mga_content_filters
Adding Basic HTTP Authentication credentials
To specify basic HTTP Authentication credentials to the URL:
http://example.com/monitor/reports
becomes:
http://username:password@example.com/monitor/reports
File Format
The downloaded file is in CSV format and has a .csv file extension. The file header has a
default filename, which starts with the name of the report, then the section of the report.
default filename, which starts with the name of the report, then the section of the report.
Timestamps
Exports that stream data show begin and end timestamps for each raw “interval” of time. Two
begin and two end timestamps are provided - one in numeric format and the other in human
readable string format. The timestamps are in GMT time, which should make log aggregation
easier if you have servers in multiple time zones.
begin and two end timestamps are provided - one in numeric format and the other in human
readable string format. The timestamps are in GMT time, which should make log aggregation
easier if you have servers in multiple time zones.
Note that in some rare cases where the data has been merged with data from other sources,
the export file does not include timestamps. For example, the Virus Outbreak Details export
merges report data with Threat Operations Center (TOC) data, making timestamps irrelevant
because there are no intervals.
the export file does not include timestamps. For example, the Virus Outbreak Details export
merges report data with Threat Operations Center (TOC) data, making timestamps irrelevant
because there are no intervals.