Cisco user-based monitoring and reporting
When attackers try to bypass firewalls and gain access to networks, they do so by tampering with firewall policies or other configurations. Unauthorized changes to firewall policies and configurations are any admin's biggest nightmare, because anyone who has access to your network's firewalls can control critical security parameters. The best way to secure your network is by auditing your firewall devices' logs with EventLog Analyzer, which monitors and controls the incoming and outgoing traffic that passes through your Cisco devices.
Cisco devices have web interfaces that allow administrators and end users to log on in a few different ways. With multiple logon methods, Cisco devices' user access logs act as a common point for obtaining all logon-related information.
Use EventLog Analyzer to gain valuable insights from your Cisco devices' log data, including logs from routers, switches, firewalls, intrusion detection systems, and intrusion prevention systems. Archive these Cisco logs to meet compliance mandates and conduct a thorough forensic investigation when things go wrong, like if a network intrusion occurs.
EventLog Analyzer automates the auditing process by providing clear, predefined reports and alerts to monitor user activities happening in Cisco devices. EventLog Analyzer's Cisco user monitoring reports can be broadly classified into four groups for ease of access:
User activity overview reports: Track more than 20 different user activities to see when users change permissions, create groups, modify computer accounts, delete user accounts, change audit policies, update user account passwords, and more.
User-based reports: Monitor a variety of user activities for each user individually to keep track of when they access an object, terminate a process, clear audit logs, or successfully validate an account.
Successful logon reports: View all successful logons to Cisco firewalls, as well as the hosts and users with the most logons. Identify trends in individual user logon patterns and VPN logon activities.
Failed logon reports: View all failed attempts to log on to a firewall and the hosts and users with the greatest number of failed logons; identify trends for failed logons.
Export any of the reports above in CSV or PDF format, or schedule them to be sent to any email address.