Chapter 6 Generating and Working with Reports

  • Article

 

Applies to: Forefront Server Security Management Console

Microsoft Forefront Server Security Management Console (FSSMC) provides centralized reporting, which enables administrators to closely monitor the servers in an enterprise and to evaluate the effectiveness of antivirus software. It regularly polls all managed servers to gather information about the trends in virus, spam, filter, and update activity.

The main report categories, each with its own set of reports:

  • Detection Reports provide overall statistics on viruses, spam, and filter detections including detection rates, actions taken, and filter efficiency.
  • SMTP Traffic Reports give statistics about SMTP traffic for both messages and bytes processed.
  • Engine Versions Reports offer a quick view of the signature file versions deployed throughout the environment. This allows administrators to easily determine which servers are current and which need updating.
  • New Servers Reports supply a listing of all new servers added (Exchange, SharePoint, or both) during a specified time period, showing those that are managed by Forefront Server Security Management Console and those that are not.

You can run reports manually as you need them or you can schedule them to run at certain times. You can also direct Forefront Server Security Management Console to e-mail them to anyone you name.

In this chapter

Configuring and running reports

Configure and run Detection and SMTP Traffic Reports

Configure and run Engine and Signature Versions reports

Configure and run the New Servers Report

Saving reports

Scheduling reports

Configuring and running reports

Reports are grouped by the type of server (Exchange Server 2003 or Exchange Server 2007).

Note

Before running reports manually, make sure that Forefront Server Security Management Console has the most recent data from the servers it manages. To do this, open the Global Configuration work pane and click Poll Now. (This may take a few minutes.) For more information, see “Configuring Global Configuration Settings” in the “Getting Started” chapter of the Microsoft Forefront Server Security Management Console User Guide.

Configure and run Detection and SMTP Traffic Reports

We’ll use the Virus Detection Report as an example.

To configure and run Detection and SMTP Traffic Reports

  1. Under Reports at screen left, click Detection Reports.

  2. In the Select Detection Reports work pane, click to select the report you want to run—the Virus Detection Report in this example.

    149f3fc6-d583-4f8e-ab7e-0e37d672cc11

  3. In the Select Products section of the Report Parameters work pane, check the products to include in the report.

    3d2b22b7-b1cb-4cba-bb40-a19165e60ae4

  4. In the Start Date and Time section, specify the starting point of the data collection.

  5. In the Time Interval section, indicate the period that the report should cover.

    Examples:

    • To collect information for the past week, enter a Start Date of one week ago, and select 1 Week as the interval.
    • To collect information for the month of April 2008, enter 4/1/2008 as the Start Date and 1 Month as the interval.

  6. In the Select Servers section, check the servers and server groups to include in the report.

  7. If you’re running the Top n Viruses Report, enter the value of n, a number from 1 to 15.

  8. Click Next to generate the report, which is displayed in a separate window (as in the example below).

    If the type of report you chose does not apply to one or more of the servers or groups because the product type installed on the server does not support it, you will see a note listing those servers.

    9459eb9a-836a-4b9a-9174-736de7b1e169

Configure and run Engine and Signature Versions reports

There are two types of Engine and Signature Versions reports:

  • The Full Engine and Signature Versions Report lists the engine and signature versions for each of your engines.
  • The Out-of-Date Engine and Signature Versions Report lists those engines on each server that do not have the latest signatures. Because it is critical to keep all your engines updated, run this regularly.

To configure and run Engine and Signature Versions reports

  1. Under Reports at screen left, click Engine and Signature Versions.

  2. In the Select Engine and Signature Versions Reports work pane, choose the report you want.

    4276b734-60a6-4dfa-ae1b-b170fbe0b857

  3. In the Select Servers section of the Report Parameters work pane, check the servers and server groups to include in the report.

    730b5e4d-3da9-449f-8724-2651185ccd79

  4. In the Engine Selection section, check the engines you want to include in the report.

    Note

    There is a difference in engines between Antigen Enterprise Manager and Forefront Server Security Management Console. For example:

    • Worm List. There is both an Antigen Worm List and a Forefront Worm List. If you have a mixed environment, make sure you download both versions of these engines. If you have only Antigen or only Forefront, simply download the one that's appropriate for your environment.
    • Kaspersky Engine. There are different versions of the Kaspersky Engine for Antigen 9 and for Forefront 10. If you have a mixed environment, make sure you download both versions of these engines. If you have only Antigen or only Forefront, simply download the one that's appropriate for your environment.
    • SpamCure Engine is ONLY available for Antigen 9; it is NOT available for Forefront Security for Exchange. If you’re using only Forefront Security for Exchange, you won't need to download the SpamCure Engine.

  5. Click Next to generate the report, which is displayed in a separate window (shown below):

    47a90f86-114c-4343-af9c-ccdc38b334cf

Configure and run the New Servers Report

The New Servers Report lists all the servers that have been added during a time you specify.

To configure and run the New Servers Report

  1. Under Reports at screen left, click New Servers.

  2. In the Select Products section of the Report Parameters work pane, check the products to include in the report.

  3. In the Time Interval section, indicate the period that the report should cover, between 1 and 30 days.

  4. Click Next to generate the report which is displayed in a separate window.

Saving reports

You can save reports as either HTM or MHT files.

  • HTM files. Forefront Server Security Management Console creates a sub-directory to store the image files used in the report. Later, if you copy or move the report file, it automatically copies or moves the associated image directory.
  • MHT files (Web archive). Forefront Server Security Management Console creates an HTML archive file that includes all the image files used in the report. This simplifies sending reports as they are completely self-contained.

To save reports

  1. Run the desired report.

  2. In the Report window, click Save As from the File menu.

  3. Specify a name and location for the file.

    We recommend creating a separate folder for each report.

  4. Indicate the type of file to create: HTM or MHT

  5. Click Save.

Scheduling reports

You can schedule reports to be e-mailed to a list of recipients you specify. Reports are sent as MHT (Web archive) files, which anyone can open using Internet Explorer®, Microsoft Word, Microsoft Outlook®, and other Microsoft products.

Note

If you have not scheduled the report, you can run it manually by selecting it on the Manage Jobs work pane, and clicking Run Now. Then, in the Run Job Now work pane, click View Report to run and view the report or Send Report to run and e-mail it to anyone you name.

To schedule reports

  1. Under Job Management at screen left, click Jobs.

  2. In the Manage Jobs work pane, select Schedule Report Jobs and click Create.

  3. In the Schedule Report Job work pane, type a name for the report in the Job Name box.

    21fcb207-7647-46cb-93f0-98e53a3866c8

  4. In the Schedule Report section, schedule the report:

    • Set the Report Frequency in minutes, hours, or days.
      For example, you could request a report every six hours.
    • Clear the check from Do not schedule.
      If you want to start the deployment job manually, leave the check in the Do not schedule box. (Get more detail in the Note above.)
    • Set the Start Date and Start Time for the report to be run.

  5. In the E-mail Notification section:

    • Type an E-mail Subject line.
    • Type any E-mail Body text you wish to include.
    • For E-mail Recipients, type the e-mail address of the person who should receive the report, and then click Add.
      Enter as many addresses as you want, one at a time. Use the Test button to make sure the address is correct.

  6. Click Next to continue.

  7. In the Report Parameters work pane, select the report you want to run, and click Next. You may schedule only one report at a time.

    b0525fb7-27a5-407e-ad30-b9f74c60e3d4

  8. In the Select Products section of the Report Parameters work pane, check the products to include in the report.

    f1de40f9-e8e7-44da-a06e-9b5b690d3154

  9. In the Time Interval section, indicate the period of time to be covered by the report.

  10. In the Select Servers section, check the servers to include in the report.

  11. Click Finish to save the scheduled report job.

    Forefront Server Security Management Console will run the report at the time you specified and send it to the recipients you designated.