After you have installed the Framework Manager, all command control requests have records automatically created in the audit database. The default Sample Report displays all of the collected audit records and any associated keystroke captures. In the Command Control Reporting console, you add reports that can be customized by using the
tab to display records according to your preferences. You can also assign custom roles to the report, which allows you to restrict the read and write access your Framework Manager users have to these reports.Click
on the home page of the console.Click
in the navigation pane.Click
in the task pane.Configure the following fields:
Name: Specify a name for the report.
Description: (Optional) Describe the purpose of the report.
Click
.Continue with one or more of the following:
To modify the report so that it displays only a portion of the available records, continue with Section 6.4.3, Filtering the Viewable Records.
To assign roles so that a specific group of Framework Manager users can view the reports, continue with Section 6.4.4, Modifying General Report Information.
Click
on the home page of the console.Click
in the navigation pane.Select the report in the navigation pane.
The navigation pane displays the following information about each instance of the report.
Use the
tab to build a list of matching conditions that allows you to customize the records that are displayed in the tab. This allows you to build reports that show only the information that your users require.Click
on the home page of the console.Click
in the navigation pane.Select the report in the navigation pane.
Click the
tab in the navigation pane.Select from the following conditions. You can combine conditions with AND logic, which requires the report to match all conditions that have been joined with an AND. You can also combine conditions with OR logic, which requires the report to match either the conditions before the OR or the conditions after the OR.
Authorized: Select this option to use session authorization by the Command Control as a matching criteria. Use the Yes/No drop-down list to specify whether the session matches when the session was authorized or not.
Session Capture: Select this option to use session capture as a matching criteria. Use the Yes/No drop-down list to specify whether the report matches when the session capture was authorized or not.
User: Select whether you want to match on the submitting user or the run user. For the matching type, select one of the following:
Select
or , then specify an exact value or a value with an asterisk (*) wildcard such as jo*.Select
or , then specify a regular expression.Host: Select whether you want to match on the submitted host or the run host. For the matching type, select one of the following:
Select
or , then specify an exact value or a value with an asterisk (*) wildcard such as jo*.Select
or , then specify a regular expression.Command: Select whether you want to match on the submitted command or the audited command. An audited command is a command that has been audited within a session capture. Audited commands are collected when the session used the rush shell with the audit option. For the matching type, select one of the following:
Select
or , then specify an exact value or a value with an asterisk (*) wildcard such as jo*.Select
or , then specify a regular expression.Audit ID: Select to match the session on the audit ID assigned to the session. For the matching type, select one of the following:
Select
or , then specify an exact value or a value with an asterisk (*) wildcard such as 4bd*.Select
or , then specify a regular expression.Time: Select to match the session on when it started or when it ended. Select either
or , select or for the matching operator, then use the calendar to specify a date and use the time fields to specify the hour and minute.(): Select to group conditions so that the record is displayed if it matches the conditions defined by one group in the filter.
Click
.To view the results, click the
tab.Use the
tab to keep the report’s name and description in sync with the configured filter and to restrict access to the report by assigning read and update roles.Click
on the home page of the console.Click
in the navigation pane.Select the report in the navigation pane.
Click the
tab in the navigation pane.Modify the values of the following fields:
Report name: Specify a new name for the report.
Description: Describe the type of records that the report displays.
Roles: Specify values if you want to allow users read access to this report and the ability to update specific information such as its name, description, and filters.
Read: To enable read access, specify a unique name for the read role for this report.
Update: To enable update rights, specify a unique name for the update role for this report.
If you use the same name for a role on multiple reports, the role grants rights to multiple reports. If you use the same name for both the read role and the update role, the role grants both read and update rights.
To assign these roles to a group, see Audit Report Roles.
To save your changes, click
, or to discard your changes, click .Any rolled-over audit database is indexed by the Audit Manager. You use the
tab to select which of these rolled-over databases is used to display information in the tab. This allows you to review archived data or current activity.Only the audit databases currently in the audit directory view are displayed. If an audit database has been taken offline (zipped or moved), it does not appear in the list.
Click
on the home page of the console.Click
in the navigation pane.Select the report in the navigation pane.
Click the
tab in the navigation pane.Select the log files that are required for the report.
To include all available log files, select the
box.Click
.Where a rule has been configured to capture session information, you can review the entire session in the report.
Click
on the home page of the console.Click
in the navigation pane.Select the report in the navigation pane.
In the navigation pane, select the session that you want to review
Commands for the session data that has been captured are indicated by a Yes in the
column.Click
in the task pane.Edit the following fields:
Terminal Type: Change the terminal type if it is set incorrectly.
Find: To find a specify command or string in the report, specify the text in the text box, then click
. If the report contains hundreds of lines, this allows you to find the command you are interested in.Decryption key: If an encryption password has been defined on the Command Control Audit Settings page to encrypt the sensitive password data in the reports (see Defining Audit Settings), specify this password in the text box, then click to display the passwords.
Show control characters: Use this option to show or hide control characters on the screen.
Show audited commands: Use this option to show or hide the full list of audited commands. If this option is enabled, the screen shows the actual commands that are being run when a user types a command. You can also view each input command individually by mousing over the command.
Show profile commands: Use this option to show or hide the commands run in the user’s login profile when the user’s rush login shell has auditing configured to level 2.
From the list of input commands, select a command, then click
.Use the
, , and buttons to review the data.Click
to return to the list of reports.IMPORTANT:This action can not be undone.
Click
on the home page of the console.Click
in the navigation pane.Select the report you want to delete.
Click
in the task pane.Click
.The Activity Report option allows you to generate a graphical snapshot of all the audit records currently being displayed in the report. The activity report can then be printed, providing a visual record for managers to see the number of commands each host is processing, the names of users requesting sessions, and the number of session accepted or rejected.
Click
on the home page of the console.Click
in the navigation pane.Select the report you want generate an activity report for.
Click
in the task pane.The navigation pane displays the selected activity report.
To print the report, click
.To return to the list of reports, click