Cisco Cisco Web Security Appliance S170 Guida Utente
18-6
AsyncOS 10.0 for Cisco Web Security Appliances User Guide
Chapter 18 Generate Reports to Monitor End-user Activity
Enabling Centralized Reporting
Exporting Report Data
Most reports include an Export link that allows you to export raw data to a comma-separated values
(CSV) file. After exporting the data to a CSV file, you can access and manipulate the data in it using
applications such as Microsoft Excel.
(CSV) file. After exporting the data to a CSV file, you can access and manipulate the data in it using
applications such as Microsoft Excel.
The exported CSV data displays all message tracking and reporting data in Greenwich Mean Time
(GMT) regardless of the time zone set on the Web Security appliance. The purpose of the GMT time
conversion is to allow data to be used independently from the appliance, or when referencing data from
appliances in multiple time zones.
(GMT) regardless of the time zone set on the Web Security appliance. The purpose of the GMT time
conversion is to allow data to be used independently from the appliance, or when referencing data from
appliances in multiple time zones.
The following example is an entry from a raw data export of the Anti-Malware category report, where
Pacific Daylight Time (PDT) is displayed as GMT 07:00 hours:
Pacific Daylight Time (PDT) is displayed as GMT 07:00 hours:
Begin Timestamp, End Timestamp, Begin Date, End Date, Name, Transactions Monitored,
Transactions Blocked, Transactions Detected
1159772400.0, 1159858799.0, 2006-10-02 07:00 GMT, 2006-10-03 06:59 GMT, Adware, 525,
2100, 2625
Note
Category headers are different for each type of report.
Note
If you export localized CSV data, the headings may not be rendered properly in some browsers. This
occurs because some browsers may not use the proper character set for the localized text. To work around
this problem, you can save the file to your local machine, and open the file in any Web browser using
File > Open. When you open the file, select the character set to display the localized text.
occurs because some browsers may not use the proper character set for the localized text. To work around
this problem, you can save the file to your local machine, and open the file in any Web browser using
File > Open. When you open the file, select the character set to display the localized text.
Enabling Centralized Reporting
If your organization has multiple Web Security appliances and uses a Cisco Content Security
Management Appliance to manage and view aggregated report data, you must enable centralized
reporting on each Web Security appliance.
Management Appliance to manage and view aggregated report data, you must enable centralized
reporting on each Web Security appliance.
Category Header
Value
Description
Begin Timestamp
1159772400.0
Query start time in number of seconds from
epoch.
epoch.
End Timestamp
1159858799.0
Query end time in number of seconds from epoch.
Begin Date
2006-10-02 07:00 GMT
Date the query began.
End Date
2006-10-03 06:59 GMT
Date the query ended.
Name
Adware
Name of the malware category.
Transactions Monitored
525
Number of transactions monitored.
Transactions Blocked
2100
Number of transactions blocked.
Transactions Detected
2625
Total number of transactions = (Number
of transactions detected) + (Number of
transactions blocked).
of transactions detected) + (Number of
transactions blocked).