REPORT CONFIGURATION

These reports are compiled based on logs saved on the firewall. These logs are analyzed and the most frequently recurring values are stored within a database. The top 10 and 11th value corresponding to “Others” is therefore based on these values.

Data is refreshed every minute (5 minutes for U30/U70, U30S/U70S and SN200/SN300 models without SD cards and SN150). The refreshment includes a calculation of a new Top 50 over the last few hours and days in order to better represent the recurrent values and to avoid overloading the database.

Data stored on SD cards can be read by other platforms equipped with an SQLite engine.

Reports are based on all traffic processed by the firewall, meaning for connections passing through all interfaces, internal and external.

WARNING

Even though the generation of reports does not have priority over other treatments, the number of reports enabled or the type of traffic may have a real impact on the performance of the appliance (Dashboard: CPU and memory).

 

This module also allows enabling history graphs available in the Monitoring module.

This screen is divided into 2 sections:

  • Top: the options that make it possible to enable report management and/or history graphs.
  • Bottom: table listing all reports and history graphs that may be selected in two tabs.

NOTE

Certain reports or history graphs require some features (such as antivirus, vulnerability management or authentication) to be enabled. Please refer to the monitoring module to find out which features are required and the possible interactions.

"General" menu

Enable reports

This option makes it possible to enable reports calculated based on logs stored on the hard disk or on an SD card (S series firewalls).

Enable history graphsThis option allows enabling history graphs that can be viewed in the Monitoring module.

Table of reports and history graphs

"List of reports" tab

The table sets out the following columns:

Status

Allows enabling/disabling the report in question.

Category of contact

Indicates the data category to which the report belongs. The report can be viewed in a menu bearing the name of this category in the Reports module.

 

The report categories are the following:

  • Network
  • Industrial networks
  • Sandboxing
  • Spam
  • Security
  • Virus
  • vulnerability
  • Web
DescriptionThe name of the report as it appears in the Reports module.
WarningA warning message may appear if, for example, an option needed for building a report has not been enabled.
Private dataThe symbol appears on the line in the report containing private data (source IP address, host name, user name, etc.).
This means that the user will need to obtain the Full access to logs (private data) privilege in order to view the corresponding report.

At the bottom right of the table, the disk space used by the SQLite database will be shown.

NOTE

Such data may be sent via Syslog to the Virtual Log Appliance for Stormshield solution in order to build reports or archive them.

"List of history graphs" tab

The table sets out the following columns:

Status

Allows enabling/disabling the report in question.

Description

Specifies the type of history graph.

WarningA warning message may appear if, for example, an option needed for building a graph has not been enabled.