Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
2-43
Cisco IronPort AsyncOS 7.6 for Email Daily Management Guide
OL-25138-01
Chapter 2 Using Email Security Monitor
Reporting Overview
Timestamps
Exports that stream data show begin and end timestamps for each raw “interval” of time. Two begin and
two end timestamps are provided — one in numeric format and the other in human-readable string
format. The timestamps are in GMT time, which should make log aggregation easier if you have
appliances in multiple time zones.
two end timestamps are provided — one in numeric format and the other in human-readable string
format. The timestamps are in GMT time, which should make log aggregation easier if you have
appliances in multiple time zones.
Note that in some rare cases where the data has been merged with data from other sources, the export
file does not include timestamps. For example, the Outbreak Details export merges report data with
Threat Operations Center (TOC) data, making timestamps irrelevant because there are no intervals.
file does not include timestamps. For example, the Outbreak Details export merges report data with
Threat Operations Center (TOC) data, making timestamps irrelevant because there are no intervals.
Keys
Exports also include the report table key(s), even in cases where the keys are not visible in the report. In
cases where a key is shown, the display name shown in the report is used as the column header.
Otherwise, a column header such as “key0,” “key1,” etc. is shown.
cases where a key is shown, the display name shown in the report is used as the column header.
Otherwise, a column header such as “key0,” “key1,” etc. is shown.
Streaming
Most exports stream their data back to the client because the amount of data is potentially very large.
However, some exports return the entire result set rather than streaming data. This is typically the case
when report data is aggregated with non-report data (e.g. Outbreaks Detail.)
However, some exports return the entire result set rather than streaming data. This is typically the case
when report data is aggregated with non-report data (e.g. Outbreaks Detail.)
Reporting Overview
Reporting in AsyncOS involves three basic actions:
•
You can create Scheduled Reports to be run on a daily, weekly, or monthly basis.
•
You can generate a report immediately (“on-demand” report).
•
You can view archived versions of previously run reports (both scheduled and on-demand).
Configure scheduled and on-demand reports via the Monitor > Scheduled Reports page. View archived
reports via the Monitor > Archived Reports page.
reports via the Monitor > Archived Reports page.
Your Cisco IronPort appliance will retain the most recent reports it generates, up to 1000 total versions
for all reports. You can define as many recipients for reports as you want, including zero recipients. If
you do not specify an email recipient, the system will still archive the reports. If you need to send the
reports to a large number of addresses, however, it may be easier to create a mailing list rather than listing
the recipients individually.
for all reports. You can define as many recipients for reports as you want, including zero recipients. If
you do not specify an email recipient, the system will still archive the reports. If you need to send the
reports to a large number of addresses, however, it may be easier to create a mailing list rather than listing
the recipients individually.
By default, the appliance archives the twelve most recent reports of each scheduled report. Reports are
stored in the
stored in the
/saved_reports
directory of the appliance. (See
Appendix A, “Accessing the Appliance”
for more information.)
Scheduled Report Types
You can choose from the following report types:
•
Content Filters
•
Delivery Status
•
DLP Incident Summary
•
Executive Summary