Руководство Пользователя для Cisco Cisco Web Security Appliance S670
40
S A W M I L L F O R I R O N P O R T 7 . 3 . 2 U S E R G U I D E
WO R K I N G W I T H R E P O R T S
When you create a profile, Sawmill for IronPort generates different types of reports depending
on the profile type used. You can view reports at any time by clicking Show Reports next to
the name of a profile in the administrative profile list. You can also switch to the reports when
you are editing the profile options by clicking the Reports link in the upper left.
on the profile type used. You can view reports at any time by clicking Show Reports next to
the name of a profile in the administrative profile list. You can also switch to the reports when
you are editing the profile options by clicking the Reports link in the upper left.
For more information on the reports Sawmill for IronPort defines for each profile, see “Sawmill
for IronPort Reports” on page 4.
for IronPort Reports” on page 4.
Creating Reports
You can report on information in the following ways:
• Create a new report. You can use the Config page for a profile to create reports in
addition to the ones Sawmill for IronPort defines when you create a profile. For more
information, see “Creating a New Report” on page 40.
information, see “Creating a New Report” on page 40.
• Drill down in an existing report. You can “drill down” on links in existing reports to zoom
in on particular subsets of data in the report. This is the most common way to create
reports on the data you are interested in. For more information, see “Drilling Down in an
Existing Report” on page 41.
reports on the data you are interested in. For more information, see “Drilling Down in an
Existing Report” on page 41.
Creating a New Report
You can use the Config page for a profile to create reports in addition to the ones Sawmill for
IronPort defines when you create a profile. This section includes instructions for creating a
new report that four particular fields.
IronPort defines when you create a profile. This section includes instructions for creating a
new report that four particular fields.
For more details on creating reports, see the Sawmill documentation at http://
www.sawmill.net.
www.sawmill.net.
To create a report with the MalwareID, Server, Auth User, and Client IP fields:
1. Navigate to the Config page for the profile where you want to create the report.
2. In the Reports Menu, choose Manage Reports > Reports/Reports Menu, and then click
New Report.
3. On the Report Options tab of the New Report dialog box, enter a menu name. This will be
the name that appears in the Reports Menu area.
4. Click the Report Elements tab, and click New Report Element.
5. In the Report Element Type field, select Log detail.
6. On the General tab of the New Report Element dialog box, enter a report element name.
You might want to enter a name that indicates the fields this report will show.
7. In the Report element filter field, enter:
not (field_malware_id matches_regexp '^\(empty')
8. Click the Fields tab and remove all fields except for the following:
MalwareID, Server, Auth User, Client IP
WSA_Sawmill.book Page 40 Monday, March 15, 2010 10:31 AM