Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
10-19
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 10 Managing the Security Manager Server
Working with Audit Reports
Because certificates are stored, if you upgrade to Security Manager 4.4 from a previous version, all
communication with Cisco.com will fail. To resolve this problem, you must retrieve the certificates from
the image meta-data locator and the download site URL.
If the stored certificate table in the user interface does not show the addition of a particular certificate,
check to see if the daily checks for certificate revocation and validity have removed it because of
revocation or expiration. You can do this by looking for the Certificate Revocation Check Task in the
tomcat log; that log will enable you to determine the exact reason for the removal of the stored
certificate.
Working with Audit Reports
When state changes occur in Security Manager, an audit entry is created in the audit log, which you can
view by selecting Manage > Audit Report. The following topics provide more detailed information
about audit reports:
Understanding Audit Reports, page 10-19
Generating the Audit Report, page 10-20
Purging Audit Log Entries, page 10-22
Understanding Audit Reports
When state changes occur in Security Manager, an audit entry is created in the audit log, which you can
view by selecting Manage > Audit Report.
The state changes that generate an event and create an audit entry are:
Changes to the runtime environment:
System changes, such as login attempts (successful or failed), logout, and scheduled backups.
Authorization issues, such as failed attempts and security breaches.
Map changes, such as saving, deleting, and changing background map views.
Administrative changes, such as changing workflow modes.
Changes to the state of Security Manager objects:
Activity changes, such as creating, editing, submitting, or approving an activity.
Deployment changes, such as creating, editing, or submitting a deployment job.
Changes to the state of managed devices:
Object changes, such as changes to policy objects.
Inventory changes, such as adding, deleting, or modifying devices in the inventory.
Policy changes, such as creating, restoring, modifying, or deleting policies.
VPN changes, such as creating, modifying, or deleting a VPN.
When viewing the audit report, you can view subsets of entries by specifying search criteria to select
only the desired records.
Related Topics
Generating the Audit Report, page 10-20