To generate an RSA Authentication Manager report:
1. Select Report Format on the Report menu.
The Report Format dialog box opens.
The report you are about to run will use the values that appear here. These formatting specifications are saved across Database Administration application sessions. To make modifications, see the following section, “Report Formatting.”
If you are using reports for the first time, consider setting the Output to value to Screen, so you can see what a report looks like.
2. Click OK.
9: Reports 163 3. From the Report menu, select the report by type (Activity, Exception, Incident,
Usage Summary).
The Selection Criteria box opens. The values are based on the last ones set during this Database Administration application session.
4. To accept the values and generate the report, click OK.
If selection criteria have been set but you want to see a report for all users, all Agent Hosts, all servers, and so on, click Clear. All selection criteria are set to “*”
so that all items will be included. Click OK.
For more information about criteria, see “Selection Criteria for Report Content”
on page 164.
When the report is displayed, its first page shows what selection criteria are in effect. The following pages show the selected log records in chronological order from oldest to most recent.
If the report is a log monitor report, select the Hold checkbox if you want to stop scrolling (for more information, see “Log Monitoring and Reporting” on
page 169).
5. To close the report, click Exit.
Report Formatting
When you run a report, the values in the Report Format dialog box are applied. Unlike content selection criteria, changes in formatting variables are saved from one
Database Administration application session to the next. If another administrator has made format changes since your last session, these changes are now the default.
Before you run a report, always check the Report Format variables to see if they are set as you want them.
To change the Report Format variables:
1. From the Report menu, select Report Format.
The Report Format dialog box opens.
2. Set the report format according to the following criteria:
Turn header printing on or off. This value applies only if the report is being sent to a file. When the Header checkbox is selected, the following information appears at the top of each page:
• Number of this page and total number of pages in the report
• Report title
• Time selection criteria used
• Date and time when the report was generated
Turn page breaks on or off. This value applies only if the report is being sent to a file. When the Page break checkbox is selected, a page break character is included after each page. If the Page break checkbox is cleared, the report is essentially one page long with a single header and no page breaks.
RSA Authentication Manager 6.1 Administrator’s Guide
164 9: Reports
Specify the number of lines each page should include. This value applies only if the report is being sent to a file and page breaking is turned on. A page can be set to have as many as 98 lines before the page break. Enter an even number of lines per page. If you enter an odd number, it will be rounded to the previous even number.
Specify how user names are shown. If the Full User names checkbox is selected, each affected user’s full first and last names (up to 48 characters) appear in the third line of each recorded event. If the Full User names box is not selected, the user’s full name appears in the first line of the recorded event and no third line appears.
Specify how affected tokens/users are identified. When a token is identified in the Affected User column of a report, its serial number, its assigned user’s name, or both, can be listed. Select the appropriate Affected token identifier button:
Serial No./Name for both to display, Serial No. only, or Name only.
Customize report titles. The default report titles indicate the report type. You can enter different text in the title fields of the Report Format dialog box. Each title can contain up to 34 characters, and all characters are allowed.
Selection Criteria for Report Content
To limit what records are included in a report, from the Report menu, select the Selection Criteria option.
The Report Selection Criteria dialog box opens.
Specify the report range in the Specify report by area.
• To limit the report to a specific number of pages, click Pages and specify the number of pages in the Last pages box. The page size is calculated depending on the number of lines per page you specify in the Report Format dialog box. For more information, see “Report Formatting” on page 163.
Note: The number of pages is calculated with the assumption that the report will appear on the screen. This number may differ if you output the report to a file.
• To limit the report to a specific number of days, click Days and enter the number of days in the Last days box.
• To see all records from the start of the log database to the present, click Entire.
• To limit the report to a specific range of dates, click Date. The default date range for the report is 30 days prior to the current day. To enter a different range, enter a time period based on a 24-hour clock in local time (not Coordinated Universal Time) in the From Date and To Date boxes. Use the mm/dd/yyyy format (mm for the month, dd for the date, and yyyy for the year). In the From Date fields, enter the date and time of the oldest record you want included. In the To Date fields, enter the date and time of the most recent record you want included. To see the latest records stored in the database, leave this field blank.
Enter specifications in one or more of the selection fields. An asterisk (*) alone in a selection field indicates that no restrictions based on this variable apply.
9: Reports 165 Note: When generating an activity, exception, incident, or usage summary report, you can improve query response time by entering criteria in only one field. You can enter an exact match in a field or use a wildcard. For example, in the Affected User field, if you entered (Joshua Abr*), you would generate a report for all users in the database whose first name is Joshua and whose last name begins with the letters Abr. If you entered an exact match (Joshua Abrams), you would generate a report for all users in the Authentication Manager database named Joshua Abrams.
The selection criteria shown in the screen illustration will produce a report of activities that share all of the following characteristics:
• Were performed by a user whose login is “jba”
• Changed the record of a user named “Abrams, Joshua”
• Changed the record of a token with serial number 000000000267
• Were performed on an Agent Host named “cassatt”
No log records are excluded on the basis of server or site information. Details about each selection field are presented later in this section.
You can also generate a report restricted to a particular time period, not just the most recent events. Select the Date button. Enter a time period based on a 24-hour clock in local time (not Coordinated Universal Time). Use the mm/dd/yyyy format (mm for the month, dd for the date, and yyyy for the year.) In the From Date fields, enter the date and time of the oldest record you want included. To see all records from the start of the log database, leave this field blank. In the To Date fields, enter the date and time of the most recent record you want included. To see the latest records stored in the database, leave this field blank.
RSA Authentication Manager 6.1 Administrator’s Guide
166 9: Reports
You can select log records for inclusion in a report using a variety of criteria. There are Select buttons next to each box for this. If you type in the fields instead of using the Select buttons, enter the specifications carefully. The system does not verify that the names or serial numbers you enter are valid identifiers. For example, if you enter Market in the Group field and the group name is Marketing, the system will find no records to report, but you will not know this until you run a report.
To reset all selection criteria to the default values, click Clear.
After choosing the selection criteria, click OK to close the dialog box.
The next report you run will contain only records that meet all the specifications you entered. The selection values will remain in effect until you or another administrator changes them or until you end the current Database Administration application session.
Selection Criterion Activities Included
Current Login Activity performed by the specified user. Enter the user’s login, not the user’s name.
Affected User Records for operations that affected a specific user. Enter the user’s name, not the user’s login.
Affected Token Records for operations that affected a specific token. Specify the token serial number.
Agent Host Activity that relates to the named Agent Host. Login attempts on the named Agent Host and changes to the Agent Host information stored in the Authentication Manager’s sdserv database are reported.
Group Administrative actions that affect the specified group (for example, adding or deleting group members). A report selected by group will not include the login activity of the group’s members.
Authentication Manager Activity on the specified Primary or Replica or in a specified realm.
Site All administrative actions that affect the specified site (for example, creating a group or Agent Host within the site). A report selected by site will not include any login activity.
9: Reports 167