In the RSA Authentication Manager Reports dialog box, you can select reports from two lists: Standard Reports and Custom Reports.
• Standard Reports are ready-made reports that cannot be modified or removed.
The set of standard reports includes four histogram reports and four token list reports.
• Custom Reports are reports that you can create, modify, and delete. Until you or another administrator creates one or more custom reports, the Custom Reports list is empty.
Using the Run List
The Report Creation Utility is designed so that reports can be run only from the Run List. In order to run a report, you must first move it from the Standard List or Custom List to the Run List.
• To move reports to the Run List, highlight the reports in the Standard List or Custom List and click Add. You can highlight multiple reports by clicking each selection while you press CTRL.
• To remove a report from the Run List, highlight it and click Remove. When you remove reports from the Run List, each report returns to its original list.
You can use the Run List for the reports you select to run during a single session, or you can save the list contents so that the same set of files are ready to be run whenever you start the Report Creation Utility. If you never save the list, it is always empty when the utility opens. Otherwise, the list contains the same files that it contained when last saved.
Although the utility comes with eight standard reports and no custom reports, you may, over time, create large numbers of custom reports—some that you run regularly and others that you run infrequently. By saving the Run List you can keep the reports that you run most often in a place where they are easy to find. Reports run infrequently are not lost—they remain on the Standard List and Custom List.
To save the Run List, click File > Save Run List. When you want to change the contents of your standard run list, create a new version and save it in place of the old one.
RSA Authentication Manager 6.1 Administrator’s Guide
186 9: Reports
To run reports from the Run List:
1. Enter the From and To log dates to define the date range for the report or reports you are going to run.
If you do not specify a date range, all available relevant information is included without regard to the log record dates.
2. Highlight the report or reports you want to run.
3. Select Run Report(s).
Standard Report Types
Histogram Reports
A Histogram report is a series of numbers that represents an hourly activity count.
This count is useful for plotting peak activity or load by time. The output file (with extension .xls) can be imported into a spreadsheet and graphed.
• Histogram – Accepted shows the number of successful authentications during each hour of the specified period.
• Histogram – Attempts shows the number of access attempts, both successful and unsuccessful, during each hour of the specified period.
• Histogram – Bad PASSCODE shows the number of login attempts that failed because of an invalid passcode during each hour of the specified period.
• Histogram – Bad PIN shows the number of login attempts that failed because a valid tokencode was entered with an incorrect PIN during each hour of the specified period. (This count applies to RSA SecurID standard cards and key fobs only.)
Token List Reports
The following token lists can help you troubleshoot users’ authentication problems.
Use the Token Statistics Report Builder, described in “Creating Token Statistics Reports” on page 190, to create similar listings specific to your needs.
• Token – Disabled lists the token serial number and the assigned user’s name and login for each disabled token.
• Token – New PIN lists the token serial number and the assigned user’s name and login mode for each token in New PIN mode.
• Token – Wait 1 Tokencode lists the tokens that are in Next Tokencode mode with one good tokencode already entered. Each token serial number and the assigned user’s name and login are identified.
• Token – Wait 2 Tokencodes lists the tokens for which the system needs two good tokencodes before granting access to their users. Each token is identified by serial number and assigned user’s name and login.
9: Reports 187
Report Output Files
When you run a report from the Reports dialog box, the output is stored in two text files. One of the files has a .txt extension and is in an easy-to-read format. The other file has a .xls extension and is in a format compatible with spreadsheets.
For standard reports, the full filename is based on the report content and format. For example, complete filenames for Histogram – Attempts output are attempts.txt and attempts.xls. Each standard report type has a unique, predefined name. For a custom report, you specify the filename and the Report Creation Utility adds the extension.
You must ensure that the filename you supply is not used for any other report regardless of type.
Report output files are stored in a subdirectory of the ACEUTILS\output directory.
The subdirectory is created automatically if it does not exist, and it is named for the date on which the report was run (in yyyymmdd format). If the same report type is run more than once during a single day, the latest output overwrites the previous output.
Example: On March 1, 2005, you highlight Histogram – Accepted on the Run List and select Run Report(s). Two files are created, accepted.txt and accepted.xls, both stored in ACEUTILS/output/20050301.
Creating and Managing Custom Reports
The Report Creation Utility provides three custom report dialog boxes. You can use these dialog boxes not only to create new reports but also to edit or delete existing reports.
To create, edit, or delete custom reports:
1. Press F3 to enter the RSA Authentication Manager Reports dialog box menu bar and R to open the Reports menu.
2. Select Create New Report and press RETURN.
The Select Report Type dialog box opens.
3. Select one of three types: Log Entry, Histogram, or Token Statistics.
Depending on your selection, one of the following dialog boxes opens:
• Log Messages Report Builder
• Log Messages Histogram Builder
• Token Statistics Report Builder
RSA Authentication Manager 6.1 Administrator’s Guide
188 9: Reports
One feature common to all of these dialog boxes is the Custom Reports list, which lists by name any custom reports of the selected type that are currently defined. For an example, see the right side of the Log Messages Report Builder dialog box.
4. One way to create a new report is to select an existing report and change the definition. When you select any report, the settings that define it are displayed on the screen. (In the Log Messages Report Builder dialog box, for example, the messages specified as the report contents are highlighted in the Select Message list.) You can change these settings and select Replace to save the new report definition in place of the old one.
5. To create a new report without using an existing one, select Create. New reports are added to the Custom Reports list. (Complete procedures for creating the three types of report are provided in the next three sections.)
6. To delete a report from the Custom Reports list, highlight it and select Delete.
7. To save editable 4GL code for a report you create, press TAB to move to the Save generated source code box and press RETURN to mark it.
When this box is not marked, only compiled 4GL code is generated. When this box is marked, readable and editable 4GL source code is generated in addition to the compiled code.
Creating Log Entry Reports
The Log Messages Report Builder dialog box enables you to create reports that include all log records of one or more event types by selecting the corresponding log messages from the Select Message box. For example, you could define a report showing every instance of the RSA Authentication Manager disabling a token.
Another report might include all log records that represent changes to a user record or a token record.
Log reports include the detailed information available from the Authentication Manager audit trail. Entries show the time and date of the event, the current and affected users (as appropriate), and a one-line description of the event.
9: Reports 189 To define a custom log entry report:
1. Press F3 to enter the RSA Authentication Manager Reports dialog box menu bar and R to open the Reports menu.
2. Select Create New Report and press RETURN.
The Select Report Type dialog box opens.
3. Select Log Entry and then OK.
The Log Messages Report Builder dialog box opens.
4. In the Select Message list, select a message for inclusion in the report by highlighting the message and pressing RETURN. To select additional messages, repeat the procedure.
The number of occurrences of each event indicated by one of the selected messages is reported (for the dates you specify) when this report is run.
5. When you have made all of your message selections, highlight OK below the Select Message list and press RETURN.
6. Highlight Create below the Custom Reports list and press RETURN.
The Create a New Report dialog box opens and prompts you for a description and a filename for the new report.
7. Enter a short, descriptive name (up to 25 characters) by which users of the Report Generation Utility can identify the new report. This name will appear in the Custom Reports list or Run List.
In addition to the descriptive name, enter a filename (up to eight characters) for the report output files (and for the report source code file if you requested one).
Note: Do not use a description or a filename that is already used for another report, even if the report type is different.
8. Select OK and press RETURN.
The new report appears in the Custom Reports list in the Log Messages Report Builder dialog box.
9. Select OK in the Log Messages Report Builder dialog box and press RETURN.
The new report appears on the Custom Reports list in the RSA Authentication Manager Reports dialog box.
Creating a Histogram of Log Activity
A histogram is an activity account by the hour. This report does not include event details, such as user name or Agent Host name.
The Log Messages Histogram Builder dialog box is identical to the Log Messages Report Builder dialog box except for its title. You define a report in the same way—by selecting the log messages that correspond to the events you want reported. The only difference between these two report types is in the output: detailed log entries in one report, statistics without details in the other.
RSA Authentication Manager 6.1 Administrator’s Guide
190 9: Reports
To create a histogram of log activity:
1. Press F3 to enter the RSA Authentication Manager Reports dialog box menu bar and R to open the Reports menu.
2. Select Create New Report and press RETURN.
The Select Report Type dialog box opens.
3. Select Histogram and then OK.
The Log Messages Histogram Builder dialog box opens.
4. Press TAB to move into the Select Message list.
5. Select a message by pressing the arrow keys to highlight the message, and then press RETURN to select the message. To select more than one message, repeat the procedure for each message you want to select.
Each occurrence of the selected messages is counted in the report output.
6. When you have made all of your message selections, highlight OK below the Select Message list and press RETURN.
7. Highlight Create below the Custom Reports list and press RETURN.
The Create a New Report dialog box opens and prompts you for a description and a filename for the new report.
8. Enter a short, descriptive name (up to 25 characters) by which users of the Report Generation Utility can identify the new report. This name will appear in the Custom Reports list or Run List.
In addition to the descriptive name, enter a filename (up to eight characters) for the report output files (and for the report source code file if you requested one).
Note: Do not use a description or a filename that is already used for another report, even if the report type is different.
9. Select OK and press RETURN.
The new report appears in the Custom Reports list in the Log Messages Histogram Builder dialog box.
10. Select OK in the Log Messages Histogram Builder dialog box and press RETURN.
The new report appears on the Custom Reports list in the RSA Authentication Manager Reports dialog box.
Creating Token Statistics Reports
Token statistics reports display the number of tokens in each category that you specify in the report definition. In addition to these numbers, the output data lists the token serial number, the user’s first name, and the user’s last name for each token included.
The default settings in the Token Statistics dialog box define the report so that it includes every token in your realm. Your selections and entries modify these settings and restrict the report to a more closely defined set of tokens.
9: Reports 191 To create a token statistics report:
1. Press F3 to enter the RSA Authentication Manager Reports dialog box menu bar and R to open the Reports menu.
2. Select Create New Report and press RETURN.
The Select Report Type dialog box opens.
3. Select Token Statistics and then OK.
The Token Statistics Report Builder dialog box opens.
4. Indicate the criteria you want to include in the custom report:
Tokens which shut down before. All tokens that will shut down (expire) before this date are included in the report.
Logins which occurred after. All logins made after this date are included in the report.
Bad tokencode counts greater than. When the number of incorrect tokencodes entered in a single login attempt exceeds the number you enter in this field, the event is included in the report.
Bad PIN counts greater than. When the number of incorrect PINs entered in a single login attempt exceeds the number you enter in this field, the event is included in the report.
Token type. Mark one or more token types that you want to include in this report.
For more information about token types, see “RSA SecurID Tokens and Two-Factor Authentication” on page 14.
Token Enabled, New PIN Mode, Token Lost, and Next Tokencode Status.
Mark the selections you want to include in the report.
5. When you have indicated all the report criteria, select OK below your selections and press RETURN.
6. Select Create below the Custom Reports list and press RETURN.
You are prompted to provide a description and a filename for the new report.
7. Enter a short, descriptive name (up to 25 characters) by which users of the Report Generation Utility can identify the new report. This name will appear in the Custom Reports list or Run List.
In addition to the descriptive name, enter a filename (up to eight characters) for the report output files (and for the report source code file if you requested one).
Note: Do not use a description or a filename that is already used for another report, even if the report type is different.
8. Select OK and press RETURN.
The new report appears in the Custom Reports list in the Token Statistics Report Builder dialog box.
9. Select OK in the Token Statistics Report Builder dialog box and press RETURN.
The new report appears on the Custom Reports list in the RSA Authentication Manager Reports dialog box.
RSA Authentication Manager 6.1 Administrator’s Guide
192 9: Reports
Displaying User Information
To display user information:
Press F3 to enter the RSA Authentication Manager Reports dialog box menu bar and U to open the Users menu.
1. Select User Information and press RETURN.
The User Selection dialog box opens with a list of the entries in the User list.
2. To locate a user in the list, enter information in the selection criteria fields at the top of the dialog box.
3. To see data about the selected user, select User Information and press RETURN.
The User Information dialog box opens with detailed information about the selected user, such as first and last name, token serial number, and so on.