Cisco Cisco Web Security Appliance S170 Guía Del Usuario
1-16
Cisco Advanced Web Security Reporting Installation, Setup, and User Guide
Chapter 1 Installation and Setup
Set Up Department Membership Query (Optional)
Step 4
Verify that the script populated
departments.csv
with the user data:
<install_home>/etc/apps/CiscoWSA/lookups/departments.csv
Note
On Windows, if the
departments.csv
file is not populated with data at this point, change
directory to
<install_home>\etc\apps\cisco_wsa_reporting\bin
, and run
cscript
discovery.vbs
, where
<install_home>
is
C:\Program Files\Cisco\CiscoWSAReporting
.
The membership script is set to run every day by default. The interval is set in seconds and can be
changed as per the deployment requirements.
changed as per the deployment requirements.
Restrict Access to Department Reports by Role
Before You Begin
•
Understand that if users are restricted to viewing data from specific departments or groups, Layer 4
Transport Monitor (L4TM) data will only be available to administrators because L4TM data is not
linked to a department or role.
Transport Monitor (L4TM) data will only be available to administrators because L4TM data is not
linked to a department or role.
•
Log into Advanced Reporting’s Enterprise Web as
admin
.
Step 1
In Enterprise Web,
•
Select Settings > Access controls > Roles.
Step 2
Click New or edit an existing role.
Step 3
Define search restrictions for the role.
Example: To restrict a role to viewing data for the Sales Department, in the Restrict search terms field,
enter
enter
department=sales
.
Step 4
Click Save.
Troubleshooting Department Membership Reporting
Tip
•
Linux users: Verify that
ldapsearch
tool is in the Enterprise user’s path.
•
Verify that the
departments.csv
file exists in the application’s lookup folder.
•
Windows users: Comment out
option explicit
to reveal more specific information about the origin
and cause of an error.
•
Verify the LDAP paths are syntactically correct.
•
Verify the bind service account name is correct.
•
Verify the correct bind password is entered.
•
Test connection to the remote machine over port 389.
•
Verify the correct attribute was configured for the member name.