Getting reports

wadeski · ‎03-25-2002

I click on Reports\Summary Report Templates\text\Most Active Web Sites and I get the message:

SENSNAT01: No audit event records exist for the most active FTP sites by volume.

Possible causes include no audit events have occurred, Service Statistics

audit event records are not being logged by the selected device for the FTP

network service, the device-specific log settings for the selected devices

are not set to generate debug-level syslog messages, or your security

policies do not allow FTP site access through the selected devices.

How do I set up my IDSM to generate reports? Thanks in advance!

marcabal · ‎03-25-2002

That specific report is only useable when monitoring the syslogs from routers and firewalls.

You want to use the IDS reports when monitoring the IDSM or Appliance Sensors:

Step 3 Click the report type that you want to generate and follow the instructions on the form to specify how to filter events in that report.

The following reports and filtering options are available under IDS Reports (HTML):

Intrusion Detection Summary Report—Filterable by Date/Time, Organization, Source Direction, Destination Direction, Signature or Signature Category, and

Alarm Level.

Top Sources of Alarms Report—Filterable by Date/Time, Top n, Destination Direction, Destination Address, Signature or Signature Category, Sensor, and

Alarm Level.

Top Destinations of Alarms Report—Filterable by Date/Time, Top n, Source Direction, Source Address, Signature or Signature Category, Sensor, and Alarm

Level.

Top Alarms Report—Filterable by Date/Time, Top n, Source Direction, Destination Direction, Source Address, Destination Address, Signature or Signature

Category, Sensor, Alarm Level, and Signature or Signature Category.

Top Source/Destination Pairs of Alarms Report—Filterable by Date/Time, Top n, Signature or Signature Category, Sensor, Alarm Level, Source Direction,

Destination Direction, Source Address, and Destination Address.

Alarm Source Report—Filterable by Date/Time, Destination Direction, Destination Address, Signature or Signature Category, Sensor, Alarm Level, Alarm

Count, Source Direction, and Source Address.

Alarm Destination Report—Filterable by Date/Time, Source Direction, Source Address, Signature or Signature Category, Sensor, Alarm Level, Alarm Count,

Destination Direction, and Destination Address.

Alarm Report—Filterable by Date/Time, Source Direction, Destination Direction, Source Address, Destination Address, Sensor, Alarm Level, Alarm Count,

and Signature or Signature Category.

Alarm Source/Destination Pair Report—Filterable by Date/Time, Signature or Signature Category, Sensor, Alarm Level, Alarm Count, Source Direction,

Destination Direction, Source Address, and Destination Address.

Alarms by Hour Report—Filterable by Date/Time, Source Direction, Destination Direction, Source Address, Destination Address, Signature or Signature

Category, Sensor, Alarm Level, and Alarm Count.

Alarms by Day Report—Filterable by Date/Time, Source Direction, Destination Direction, Source Address, Destination Address, Signature or Signature

Category, Sensor, Alarm Level, and Alarm Count.

Alarms by Sensor Report—Filterable by Date/Time, Source Direction, Destination Direction, Source Address, Destination Address, Signature or Signature

Category, Sensor, Alarm Level, and Alarm Count.

Sensor Alarm Correlation Report—Filterable by Date/Time, Source Direction, Destination Direction, Source Address, Destination Address, Signature or

Signature Category, Sensor, Alarm Level, and Alarm Count.

duchesne_ced · ‎03-26-2002

Is there a way to automate report's generation ?

A+

mhicks · ‎03-26-2002

I too would like to see away to automate the IDS reports.

jballay · ‎03-26-2002

Currently, there is no way to automate/schedule reports. It's one of the big shortcomings of the current 2.x version.