WatchGuard Firebox System 7.0 User Guide
WatchGuard Firebox System 7.0 User Guide WatchGuard Firebox System 7.0 User Guide
Chapter 14: Generating Reports of Network Activity4 Select a time interval.For a custom interval, select Custom and then enter the intervalin hours.5 Select the first date and time the report should run.The report will run automatically at the time selected and then ateach selected interval thereafter.6 Click OK.Manually running a reportAt any time, you can run one or more reports using HistoricalReports. From Historical Reports:1 Select the checkbox next to each report you would liketo generate.2 Click Run.Report Sections and Consolidated SectionsYou can use Historical Reports to build a report thatincludes one or more sections. Each section represents adiscrete type of information or network activity.You can consolidate certain sections to summarize particulartypes of information. Consolidated sections summarizethe activity of all devices being monitored as a group asopposed to individual devices.Report sectionsReport sections can be divided into two basic types:• Summary – Sections that rank information bybandwidth or connections.• Detailed – Sections that display all activity with nosummary graphs or ranking.The following is a listing of the different types of reportsections and consolidated sections.246 WatchGuard Firebox System
Report Sections and Consolidated SectionsFirebox StatisticsA summary of statistics on one or more log files fora single Firebox.Authentication DetailA detailed list of authenticated users sorted byconnection time. Fields include: authenticated user,host, start date of authenticated session, start timeof authenticated session, end time of authenticatedsession, and duration of session.Time Summary – Packet FilteredA table, and optionally a graph, of all acceptedconnections distributed along user-definedintervals and sorted by time. If you choose theentire log file or specific time parameters, thedefault time interval is daily. Otherwise, the timeinterval is based on your selection.Host Summary – Packet FilteredA table, and optionally a graph, of internal andexternal hosts passing packet-filtered trafficthrough the Firebox sorted either by bytestransferred or number of connections.Service SummaryA table, and optionally a graph, of traffic for eachservice sorted by connection count.Session Summary – Packet FilteredA table, and optionally a graph, of the topincoming and outgoing sessions, sorted either bybyte count or number of connections. The format ofthe session is: client -> server : service. If theconnection is proxied, the service is represented inall capital letters. If the connection is packetfiltered, Historical Reports attempts to resolve theserver port to a table to represent the service name.If resolution fails, Historical Reports displays theport number.User Guide 247
- Page 217 and 218: Integrating Intrusion DetectionUsin
- Page 219 and 220: Integrating Intrusion Detectionposs
- Page 221 and 222: CHAPTER 12Setting Up Loggingand Not
- Page 223 and 224: Developing Logging and Notification
- Page 225 and 226: WatchGuard Logging Architecturehost
- Page 227 and 228: Designating Log Hosts for a Firebox
- Page 229 and 230: Setting up the WatchGuard Security
- Page 231 and 232: Setting up the WatchGuard Security
- Page 233 and 234: Setting Global Logging and Notifica
- Page 235 and 236: Setting Global Logging and Notifica
- Page 237 and 238: Customizing Logging and Notificatio
- Page 239 and 240: Customizing Logging and Notificatio
- Page 241 and 242: Customizing Logging and Notificatio
- Page 243 and 244: CHAPTER 13Reviewing andWorking with
- Page 245 and 246: Viewing Files with LogViewer2 Brows
- Page 247 and 248: Displaying and Hiding FieldsCopying
- Page 249 and 250: Displaying and Hiding Fieldsthen co
- Page 251 and 252: Working with Log Filescurrent log f
- Page 253 and 254: Working with Log Files5 Stop and re
- Page 255 and 256: Working with Log Filesappear until
- Page 257 and 258: CHAPTER 14Generating Reportsof Netw
- Page 259 and 260: Creating and Editing Reports2 Enter
- Page 261 and 262: Specifying Report Sections3 From th
- Page 263 and 264: Exporting ReportsSetting a Firebox
- Page 265 and 266: Using Report Filtersdrive:\WatchGua
- Page 267: Scheduling and Running ReportsDelet
- Page 271 and 272: Report Sections and Consolidated Se
- Page 273 and 274: Report Sections and Consolidated Se
- Page 275 and 276: CHAPTER 15 Controlling Web SiteAcce
- Page 277 and 278: Getting Started with WebBlockerYou
- Page 279 and 280: Configuring the WebBlocker Service3
- Page 281 and 282: Configuring the WebBlocker ServiceF
- Page 283 and 284: Configuring the WebBlocker ServiceF
- Page 285 and 286: Automating WebBlocker Database Down
- Page 287 and 288: CHAPTER 16Connecting with Outof-Ban
- Page 289 and 290: Enabling the Management StationInst
- Page 291 and 292: Configuring the Firebox for OOBConf
- Page 293 and 294: APPENDIX ATroubleshootingFirebox Co
- Page 295 and 296: Method 1: Ethernet Dongle Method7 O
- Page 297 and 298: Method 2: The Flash Disk Management
- Page 299 and 300: Method 4: Serial Dongle (Firebox II
- Page 301 and 302: IndexSymbols.cfg files 49.ftr files
- Page 303 and 304: default lease time for 67described
- Page 305 and 306: viewing active connections on 97vie
- Page 307 and 308: log rollover 212loggingarchitecture
- Page 309 and 310: Pestablishing connection 269install
- Page 311 and 312: and FTP 115, 149and HTTP 115and POP
- Page 313 and 314: and wg_dvcp service 127described 5V
Report Sections and Consolidated Sections<strong>Firebox</strong> StatisticsA summary of statistics on one or more log files fora single <strong>Firebox</strong>.Authentication DetailA detailed list of authenticated users sorted byconnection time. Fields include: authenticated user,host, start date of authenticated session, start timeof authenticated session, end time of authenticatedsession, and duration of session.Time Summary – Packet FilteredA table, and optionally a graph, of all acceptedconnections distributed along user-definedintervals and sorted by time. If you choose theentire log file or specific time parameters, thedefault time interval is daily. Otherwise, the timeinterval is based on your selection.Host Summary – Packet FilteredA table, and optionally a graph, of internal andexternal hosts passing packet-filtered trafficthrough the <strong>Firebox</strong> sorted either by bytestransferred or number of connections.Service SummaryA table, and optionally a graph, of traffic for eachservice sorted by connection count.Session Summary – Packet FilteredA table, and optionally a graph, of the topincoming and outgoing sessions, sorted either bybyte count or number of connections. The format ofthe session is: client -> server : service. If theconnection is proxied, the service is represented inall capital letters. If the connection is packetfiltered, Historical Reports attempts to resolve theserver port to a table to represent the service name.If resolution fails, Historical Reports displays theport number.<strong>User</strong> <strong>Guide</strong> 247
Change language