Cisco Cisco Email Security Appliance C650 Guía Del Usuario
29-33
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 29 Using Email Security Monitor
Reporting Overview
Timestamps
Exports that stream data show begin and end timestamps for each raw “interval” of time. Two begin and
two end timestamps are provided — one in numeric format and the other in human-readable string
format. The timestamps are in GMT time, which should make log aggregation easier if you have
appliances in multiple time zones.
two end timestamps are provided — one in numeric format and the other in human-readable string
format. The timestamps are in GMT time, which should make log aggregation easier if you have
appliances in multiple time zones.
Note that in some rare cases where the data has been merged with data from other sources, the export
file does not include timestamps. For example, the Outbreak Details export merges report data with
Threat Operations Center (TOC) data, making timestamps irrelevant because there are no intervals.
file does not include timestamps. For example, the Outbreak Details export merges report data with
Threat Operations Center (TOC) data, making timestamps irrelevant because there are no intervals.
Keys
Exports also include the report table key(s), even in cases where the keys are not visible in the report. In
cases where a key is shown, the display name shown in the report is used as the column header.
Otherwise, a column header such as “key0,” “key1,” etc. is shown.
cases where a key is shown, the display name shown in the report is used as the column header.
Otherwise, a column header such as “key0,” “key1,” etc. is shown.
Streaming
Most exports stream their data back to the client because the amount of data is potentially very large.
However, some exports return the entire result set rather than streaming data. This is typically the case
when report data is aggregated with non-report data (e.g. Outbreaks Detail.)
However, some exports return the entire result set rather than streaming data. This is typically the case
when report data is aggregated with non-report data (e.g. Outbreaks Detail.)
Reporting Overview
Reporting in AsyncOS involves three basic actions:
•
You can create Scheduled Reports to be run on a daily, weekly, or monthly basis.
•
You can generate a report immediately (“on-demand” report).
•
You can view archived versions of previously run reports (both scheduled and on-demand).
Configure scheduled and on-demand reports via the Monitor > Scheduled Reports page. View archived
reports via the Monitor > Archived Reports page.
reports via the Monitor > Archived Reports page.
Your appliance will retain the most recent reports it generates, up to 1000 total versions for all reports.
You can define as many recipients for reports as you want, including zero recipients. If you do not
specify an email recipient, the system will still archive the reports. If you need to send the reports to a
large number of addresses, however, it may be easier to create a mailing list rather than listing the
recipients individually.
You can define as many recipients for reports as you want, including zero recipients. If you do not
specify an email recipient, the system will still archive the reports. If you need to send the reports to a
large number of addresses, however, it may be easier to create a mailing list rather than listing the
recipients individually.
By default, the appliance archives the twelve most recent reports of each scheduled report. Reports are
stored in the
stored in the
/saved_reports
directory of the appliance. (See
for more information.)
Related Topics
•
•
Scheduled Report Types
You can choose from the following report types: