You are on page 1of 289

SonicWALL Reporting Solutions

REPORTING

SonicWALL ViewPoint

SonicWALL ViewPoint 5.0 Administrator’s Guide

SonicWALL ViewPoint Guide
Version 5.0 SonicWALL, Inc.
1143 Borregas Avenue Sunnyvale, CA 94089-1306 Phone: +1.408.745.9600 Fax: +1.408.745.9300 E-mail: info@sonicwall.com

Copyright Notice
© 2008 SonicWALL, Inc. All rights reserved. Under the copyright laws, this manual or the software described within, can not be copied, in whole or part, without the written consent of the manufacturer, except in the normal use of the software to make a backup copy. The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original. This exception does not allow copies to be made for others, whether or not sold, but all of the material purchased (with all backup copies) can be sold, given, or loaned to another person. Under the law, copying includes translating into another language or format. Specifications and descriptions subject to change without notice.

Trademarks
SonicWALL is a registered trademark of SonicWALL, Inc. Microsoft Windows 98, Windows NT, Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Internet Explorer, and Active Directory are trademarks or registered trademarks of Microsoft Corporation. Firefox is a trademark of the Mozilla Foundation. Netscape is a registered trademark of Netscape Communications Corporation in the U.S. and other countries. Netscape Navigator and Netscape Communicator are also trademarks of Netscape Communications Corporation and may be registered outside the U.S. Adobe, Acrobat, and Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the U.S. and/or other countries. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies and are the sole property of their respective manufacturers.

SonicWALL GPL Source Code
GNU General Public License (GPL)
SonicWALL will provide a machine-readable copy of the GPL open source on a CD. To obtain a complete machine-readable copy, please send your written request, along with a certified check or money order in the amount of US $25.00 payable to “SonicWALL, Inc.” to: General Public License Source Code Request SonicWALL, Inc. Attn: Jennifer Anderson 1143 Borregas Ave Sunnyvale, CA 94089

Limited Warranty
SonicWALL, Inc. warrants that commencing from the delivery date to Customer (but in any case commencing not more than ninety (90) days after the original shipment by SonicWALL), and continuing for a period of twelve (12) months, that the product will be free from defects in materials and workmanship under normal use. This Limited Warranty is not transferable and applies only to the original end user of the product. SonicWALL and its suppliers' entire liability and Customer's sole and exclusive remedy under this limited warranty will be shipment of a replacement product. At SonicWALL's discretion the replacement product may be of equal or greater functionality and may be of either new or like-new quality. SonicWALL's obligations under this warranty are contingent upon the return of the defective product according to the terms of SonicWALL's then-current Support Services policies. This warranty does not apply if the product has been subjected to abnormal electrical stress, damaged by accident, abuse, misuse or misapplication, or has been modified without the written permission of SonicWALL. DISCLAIMER OF WARRANTY. EXCEPT AS SPECIFIED IN THIS WARRANTY, ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, SATISFACTORY QUALITY OR ARISING FROM A COURSE OF DEALING, LAW, USAGE, OR TRADE PRACTICE, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW. TO THE EXTENT AN IMPLIED WARRANTY CANNOT BE EXCLUDED, SUCH WARRANTY IS LIMITED IN DURATION TO THE WARRANTY PERIOD. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM JURISDICTION TO JURISDICTION. This disclaimer and exclusion shall apply even if the express warranty set forth above fails of its essential purpose. DISCLAIMER OF LIABILITY. SONICWALL'S SOLE LIABILITY IS THE SHIPMENT OF A REPLACEMENT PRODUCT AS DESCRIBED IN THE ABOVE LIMITED WARRANTY. IN NO EVENT SHALL SONICWALL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION, LOSS OF INFORMATION, OR OTHER PECUNIARY LOSS ARISING OUT OF THE USE OR INABILITY TO USE THE PRODUCT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE HARDWARE OR SOFTWARE EVEN IF SONICWALL OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no event shall SonicWALL or its suppliers' liability to Customer, whether in contract, tort (including negligence), or otherwise, exceed the price paid by Customer. The foregoing limitations shall apply even if the above-stated warranty fails of its essential purpose. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.

Contributing SonicWALL ViewPoint Experts
Prasad Bevra works as Director of Software Engineering for SonicWALL. He is responsible for directing development of products in the areas of centralized remote management, reporting, and monitoring, including the award-winning SonicWALL GMS and ViewPoint products. Prior to SonicWALL, Bevra worked with Xerox and ScanSoft Corporations, where he has a patent in the area of User Interfaces. He has a B.S. degree in Computer Science from the Indian Institute of Technology, Bombay, and a Master’s degree in Computer Science from the University of Iowa. Jean-Marc Catalaa, SonicWALL Curriculum Developer, holds a B.S. in Electrical Engineering from San Jose State University. Catalaa worked for 5 years as an ASIC designer before moving to Proxim, where he was a Systems Engineer and a developer of the company’s Wireless Technical Certification Program. Catalaa has written numerous technical documents and developed curriculum on topics including multi-processor architecture, networking, and wireless communications. He has taught over 40 classes about wireless communication in English, Spanish, Portuguese and Italian, adjusting his training style for worldwide audiences. Jon Kuhn, who works in SonicWALL Product Management, has over 12 years of technology consulting and product management experience. Kuhn oversees product management and marketing for a number of product lines at SonicWALL. Prior to SonicWALL, he was a consultant to various companies, including GTE Internetworking, Johnson/Johnson and CIBER Inc. Kuhn has expertise and certifications in multi-level security design, highly redundant networking technology, application architecture, and security policy definition. He attended University of California, Los Angeles and graduated from Santa Clara University in the San Francisco bay area with a degree in Business Administration with emphasis in Computer Science. Joe Levy has worked in the networking and network security industry for over a decade. Joe has been with SonicWALL for six years in a number of critical and company-defining roles. In November 2006, he was appointed Chief Technology Officer. In this role, he is responsible for creating and communicating SonicWALL’s technical vision. Joe was previously Senior Director of Software Engineering for the Product Architecture and Publications groups where he and his architectural teams developed functional, implementation, and design specifications, infusing SonicWALL's products with unobtrusive and practicable security. Aligned with his effort to make technology accessible, he also directed the technical publications team which authors all technical documentation, including training source materials, FAQs, Technotes, Admin Guides, and Integrated Solutions Guides. Remaining engaged in various industry certification and design consortiums, and working closely with SonicWALL's vast and insighted reseller community provide an ongoing framework for relevant innovation, and have guided Joe and his development teams in proffering a number of patents in the areas of content security, wireless networking, and firewall design. An-chung Man, SonicWALL Senior Software Engineer, has over 7 years of industrial experience. Man is proficient in networking and expert in user interface design and development. He worked in FNC (Fujitsu Networks and Communications) as a key developer for over 6 years prior to joining SonicWALL. Man earned his Master’s degree in Information Science from University of Pittsburgh.

Santa Cruz. who manages the development of ViewPoint and Reporting in GMS at SonicWALL. including the Wall Street Journal. Network Computing. . As an Industry Analyst for Frost & Sullivan. CoSine Communications. has over 12 years of experience in product management. degree in Computer Science. Naderi earned B. Naderi led research projects and made contributions to key business and industry publications. Parry served as the senior systems engineer at Ignyte. Parry has been at SonicWALL since 2001 and works in the firmware architecture group. Rajavasireddy worked in development of Operating Systems IBM OS2 and Workplace OS for the Power PC. focusing on network security audits and distributed Firewall/VPN deployments. business strategy and development.Greg Naderi. PC Week. has over 14 years of experience in building Enterprise Applications in the network security. Software Engineering Manager. the San Francisco Chronicle. financial.S. InternetWeek. and holds a certificate in network management from U. He joined SonicWALL in 2001 as a member of the ViewPoint development team. Naderi has worked with notable security and mobile communication vendors such as Nokia.I. degrees in M. Rajavasireddy.C. including 8 years in the Silicon Valley. Prior to SonicWALL. Ajit Nair. Nair has a Bachelor’s degree in Mathematics and a Master’s degree in Information Systems. has over 12 years of software engineering experience.S. Blue-Silicon. SonicWALL's Product Line Manager. and Marketing from San Jose State University. While at Frost & Sullivan. and has performed network architecture design and deployment for more than 100 companies worldwide. Inc. a leading ASP/MSSP security integrator. Naderi became an authority in the network security and wireless markets. and transportation industries.S. and consulting in the network security and wireless industry. and BITS. and now manages the development of the Management and Monitoring modules in the application. and InformationWeek. Naveen Rajavasireddy. has an M. Senior Software Engineering Manager. Dave Parry has over 14 years experience in MIS/IT/IT field.

degree in Design Studies with concentration in Graphic Design from San Jose State University. and RF monitoring. Previously. Patrick holds a B. She manages internal engineering training video production and facilitates cross-functional meetings. Lydon worked as a Webmaster and graphic designer at San Valley Systems and Penton Media. Angela Mendoza is a Technical Writer with SonicWALL. wireless site surveying. He has a B.Contributing SonicWALL Writers Krystle Katen is an apprentice technical writer perfecting her craft in graphical design and end user documentation. secure remote access solutions. . both published by Cisco Press. Patrick Lydon has over 7 years of graphical design and networking documentation writing experience. respectively.A. She is currently completing a B. He has authored over 20 technical guides on UTM. Katen has an excellent eye and experience in project management. in English Literature.C. Angela has earned distinction with several 2008 Phelan Awards in the genres of Best Short Story and Best Metrical Poetry from San Jose State University. Berkeley and a certificate in Technical Communications from San Jose State University. with an emphasis in Creative Writing. Jeremy Pollock is a senior technical writer for SonicWALL with more than nine years of experience in networking documentation. in Physics from U. and a minor in Music from San Jose State University. Virtual Access Points.A.A. He was the lead author of Access VPDN Solutions Guide and a contributing writer to Deploying Cisco Voice over IP Solutions.

and Electronic Arts.C.Khai Tran. from the University of California. in History. AOL Time Warner.A. in Computer Science and a B. quality assurance. Tran has authored enterprise and service provider best-practice network integrated solution guides for SonicWALL. Tran holds a B. Stratus Computer. The Cisco IOS Release Model. Weigand holds both a B. and has worked for Cisco Systems. SonicWALL Documentation Manager. forward thinki ng visio n forward thinki ng visio n Susan Weigand is a senior technical writer for SonicWALL with over seventeen years of experience in computer programming.A. and Zilog. and network security documentation. . Cisco Systems. Tran has also worked as a Vietnamese bilingual public elementary school teacher in Northern California school districts. She has written technical manuals for Symantec. degree in English Pre-and-Early Modern Literature from the U. Santa Cruz and a California Bi-lingual Cross-Cultural Language Arts Degree (BCLAD) Teaching Credential from San Jose State University. Boeing Aerospace. Author of the SonicWALL Secure Wireless Integrated Solutions Guide. both with honors. Santa Cruz. and The Cisco IOS NetFlow Services Solutions Guide. has over 10 years of networking technical documentation experience.A.

....................................... 17 Chapter 3: Adding SonicWALL Appliances ............................................................. 21 About Signed Applets in SonicWALL ViewPoint ................................................................................................................5 Console Panel ........................................................................................................................................................................................................ 15 Registering the SonicWALL Appliance ........................................................viii Chapter 1: Introduction to SonicWALL ViewPoint ............. 13 Activating SonicWALL ViewPoint ........................................................................................................... 11 Installation ........................................................................................Table of Contents Table of Contents .......1 License and Registration Requirements ........................................9 Chapter 2: Installing SonicWALL ViewPoint .............................................................................3 SSL-VPN Panel ........ 16 Activating the ViewPoint Software ..................................................................................................................................... 15 Creating a mysonicwall....................6 ViewPoint Views and Status ......................................0 Administrator’s Guide viii ........................................... 20 Modifying SonicWALL Appliance Settings .. 16 Enabling the ViewPoint License on the SonicWALL Appliance ..............................................................................................................................................................................................................................................................................................................................................................................................................................2 Navigating the ViewPoint User Interface .................6 Using the ViewPoint TreeControl Menu ......................................... 21 Deleting SonicWALL Appliances from ViewPoint .................................................................................................................................................. 22 SonicWALL ViewPoint 5.........................................................................................................................................11 Installation Platform Requirements ................................................................................................................................................................................. 17 Logging In and Out of SonicWALL ViewPoint ...19 Adding SonicWALL Appliances to SonicWALL ViewPoint .............................................3 Firewall Panel .......................1 SonicWALL ViewPoint Overview ...........................................................................................................com Account ................................................................................................................................................................................................................................................... 19 Adding SonicWALL Appliances ............

Chapter 4: Using the SonicToday Panel ..........................................................23
Overview of the SonicToday Panel ............................................................................................................24 Editing a Component Window ...................................................................................................................24 Adding a Component Window ...................................................................................................................26 Application Widget .................................................................................................................................26 RSS Feed ..................................................................................................................................................28 To Add More Pages ...............................................................................................................................29 Other Features ........................................................................................................................................30

Chapter 5: Configuring User Settings ..............................................................33
General ............................................................................................................................................................33

Chapter 6: Configuring Log Settings ...............................................................35
Configuration .................................................................................................................................................35 View Log .........................................................................................................................................................36

Chapter 7: Configuring the Management Page ...............................................39
ViewPoint Settings ........................................................................................................................................39 Configuring Email Settings ...................................................................................................................40 Configuring Debug and Synchronizing Model Codes ......................................................................40 Alert Settings ..................................................................................................................................................41 Sessions ...........................................................................................................................................................42 Managing Sessions ..................................................................................................................................42 ViewPoint Updates .......................................................................................................................................43

Chapter 8: Managing Reports in the Console Panel ......................................45
Settings ............................................................................................................................................................45 Configuring Syslog Data Storage Configuration and Sort Settings .................................................46 Controlling the Number of Appliances with Log Viewer Enabled ................................................47 Summarizer ....................................................................................................................................................48 About Summary Data in Reports .........................................................................................................48 Summarizer Settings ...............................................................................................................................48 Email/Archive ...............................................................................................................................................51 Configuring Email/Archive Settings ...................................................................................................51 Scheduled Reports .........................................................................................................................................52 Management ...................................................................................................................................................57 Configuring Report Data Management ...............................................................................................58

Chapter 9: Using Diagnostics ...........................................................................59
Capacity Planning .........................................................................................................................................59 Summarizer Status .........................................................................................................................................62 ix
SonicWALL ViewPoint 5.0 Administrator’s Guide

Chapter 10: Granular Event Management ........................................................65
Granular Event Management Overview ................................................................................................... 65 What is Granular Event Management? ............................................................................................... 66 How Does Granular Event Management Work? ............................................................................. 66 Using Granular Event Management .......................................................................................................... 67 About Alerts ............................................................................................................................................ 68 Configuring Granular Event Management ............................................................................................... 69 Configuring Events on the Console Panel ......................................................................................... 69 Enabling or Disabling Alerts on the Firewall Panel ......................................................................... 75 Viewing Current Alerts ................................................................................................................................ 76

Chapter 11: ViewPoint Reporting Features .....................................................77
ViewPoint Reporting Overview ................................................................................................................. 77 Viewing ViewPoint Reports ................................................................................................................. 79 Navigating ViewPoint Reporting ............................................................................................................... 81 Global Views ........................................................................................................................................... 82 Unit View ................................................................................................................................................ 83 Using Interactive Reports ..................................................................................................................... 84 Searching for a Report ........................................................................................................................... 85 Collapsible TreeControl Pane .............................................................................................................. 90 Enable/Disable Scheduled Reports .................................................................................................... 91 Combined Reports ................................................................................................................................. 91 Improved Navigation ............................................................................................................................ 91 Managing ViewPoint Reports on the Console Panel .............................................................................. 93

Chapter 12: Scheduling and Configuring Reports ..........................................95
Configuring Scheduled Reports .................................................................................................................. 95 Viewing or Managing Scheduled Reports .......................................................................................... 96 Adding or Editing a Scheduled Report ............................................................................................... 97 Selecting Reports for Summarization ........................................................................................................ 99 Using Summarize Now .............................................................................................................................. 101 Configuring Dashboard Summary Reports ............................................................................................ 104 Exporting Reports to PDF ....................................................................................................................... 106 Compliance Report Overview ............................................................................................................ 106 Adding a New Scheduled Compliance Report ................................................................................ 107 Customizing Your Detailed Reports Page ....................................................................................... 110

Chapter 13: Viewing Reports ..........................................................................115
Managing Report Settings ......................................................................................................................... 116 Editing Report Settings ....................................................................................................................... 116 Selecting a Graphical Display ............................................................................................................. 116
SonicWALL ViewPoint 5.0 Administrator’s Guide

x

Setting a Date or Date Range .............................................................................................................117 Additional Settings ................................................................................................................................118 Troubleshooting Reports ...................................................................................................................118 Viewing General Status Reports ...............................................................................................................119 Viewing Dashboard Reports .....................................................................................................................120 Viewing the Dashboard Summary Report ........................................................................................120 Configuring and Using Custom Reports .................................................................................................123 Toggling Between Split Mode and Full Mode .................................................................................124 Configuring the Date and Time .........................................................................................................126 Configuring the Report Layout and Generating the Report ..........................................................128 Generating the Custom Report ..........................................................................................................135 Viewing a Custom Report ...................................................................................................................136 Printing a Page or Exporting a PDF of the Report ........................................................................138 Saving the Report Template ................................................................................................................139 Viewing Bandwidth Reports .....................................................................................................................139 Viewing the Bandwidth Summary Report ........................................................................................140 Viewing the Top Users of Bandwidth ...............................................................................................141 Viewing Bandwidth Usage Over Time ..............................................................................................143 Viewing the Top Users of Bandwidth Over Time ..........................................................................145 Viewing Services Reports ...........................................................................................................................147 Viewing the Services Summary Report .............................................................................................147 Viewing Web Usage Reports .....................................................................................................................149 Viewing the Web Usage Summary Report .......................................................................................150 Viewing the Top Web Sites .................................................................................................................151 Viewing the Top Users of Web Bandwidth .....................................................................................153 Viewing Web Usage by User ...............................................................................................................155 Viewing Web Usage By Site ................................................................................................................156 Viewing Web Usage By Category .......................................................................................................158 Viewing Web Usage Over Time .........................................................................................................159 Viewing Top Sites Over Time ............................................................................................................161 Viewing Top Users Over Time ..........................................................................................................163 Viewing Web Usage By User Over Time .........................................................................................165 Viewing Web Usage By Category Over Time ..................................................................................166 Viewing Web Filter Reports ......................................................................................................................168 Viewing the Web Filter Summary Report .........................................................................................169 Viewing the Web Filter Top Sites Report .........................................................................................170 Viewing the Top Users that Try to Access Blocked Sites ..............................................................172 Viewing the Blocked Sites for Each User .........................................................................................173 Viewing Blocked Sites Sorted By Site ................................................................................................174 Viewing Blocked Sites Sorted By Category ......................................................................................176 Viewing Blocked Site Attempts Over Time .....................................................................................177 xi
SonicWALL ViewPoint 5.0 Administrator’s Guide

Viewing the Top Blocked Site Attempts Over Time ..................................................................... 178 Viewing the Top Blocked Site Users Over Time ............................................................................ 180 Viewing Blocked Sites for Each User Over Time .......................................................................... 181 Viewing Blocked Sites By Category Over Time .............................................................................. 182 Viewing File Transfer Protocol Reports ................................................................................................. 183 Viewing the FTP Summary Report ................................................................................................... 184 Viewing the Top FTP Sites By User ................................................................................................. 185 Viewing FTP Bandwidth Usage Over Time .................................................................................... 187 Viewing the Top Users of FTP Bandwidth Over Time ................................................................ 189 Viewing Mail Usage Reports ..................................................................................................................... 190 Viewing the Mail Usage Summary Report ....................................................................................... 191 Viewing the Top Users of Mail Bandwidth ..................................................................................... 193 Viewing Mail Usage Over Time ......................................................................................................... 194 Viewing the Top Users of Mail Bandwidth Over Time ................................................................. 196 Viewing VPN Usage Reports ................................................................................................................... 197 Viewing the VPN Usage Summary Report ...................................................................................... 198 Viewing the Top VPN Users ............................................................................................................. 199 Viewing VPN Usage Over Time ....................................................................................................... 201 Viewing the Top VPN Users Over Time ......................................................................................... 202 Viewing VPN Usage By Policy .......................................................................................................... 204 Viewing the Top VPN Policies Over Time ..................................................................................... 205 Viewing Hourly VPN Usage By Policy ............................................................................................ 207 Viewing the VPN Services Summary Report .................................................................................. 208 Viewing Attacks Reports ........................................................................................................................... 209 Viewing the Attack Summary Report ............................................................................................... 210 Viewing the Attacks By Category ...................................................................................................... 212 Viewing the Errors Report ................................................................................................................. 213 Viewing Attack Reports Over Time .................................................................................................. 215 Viewing the Attacks By Category Over Time ................................................................................. 216 Viewing Errors Over Time ................................................................................................................. 217 Viewing Virus Attacks Reports ................................................................................................................ 219 Viewing the Top Viruses By Attack Attempts Report ................................................................... 221 Viewing the Virus Attack Attempts Report ..................................................................................... 222 Viewing the Virus Attacks By User Report ..................................................................................... 224 Viewing Anti-Spyware Reports ................................................................................................................ 226 Viewing a Spyware Summary ............................................................................................................. 228 Viewing Spyware Attempts By Category .......................................................................................... 229 Viewing Spyware Attempts Over Time ............................................................................................ 230 Viewing Spyware Attempts By Category Over Time ..................................................................... 232 Viewing Intrusion Prevention Reports ................................................................................................... 233 Viewing the Intrusion Prevention Summary Report ...................................................................... 235
SonicWALL ViewPoint 5.0 Administrator’s Guide

xii

Viewing Intrusion Attempts By Category .........................................................................................236 Viewing Intrusions Over Time ...........................................................................................................238 Viewing Intrusion Reports By Category Over Time .......................................................................240 Viewing Authentication Reports ...............................................................................................................242 Viewing the User Login Report ..........................................................................................................242 Viewing the Administrator Login Report .........................................................................................243 Viewing the Failed Login Report .......................................................................................................244 Viewing the Log ..........................................................................................................................................245 Viewing the Log for a SonicWALL Appliance ................................................................................245

Chapter 14: SSL VPN Reporting .....................................................................249
SSL VPN Reporting Overview .................................................................................................................249 What is SSL VPN Reporting? .............................................................................................................250 Benefits of SSL VPN Reporting ........................................................................................................250 How Does SSL VPN Reporting Work? ............................................................................................250 Using and Configuring SSL VPN Reporting ..........................................................................................250 About Viewing Available SSL VPN Report Types .........................................................................251 Configuring SSL VPN Scheduled Reports ......................................................................................251 Configuring SSL VPN Summarization ..............................................................................................252

Chapter 15: Viewing SSL VPN Reports ..........................................................255
Viewing SSL VPN Bandwidth Reports ...................................................................................................256 Viewing SSL VPN Bandwidth Summary Reports ...........................................................................256 Viewing SSL VPN Top Users of Bandwidth Reports ....................................................................258 Viewing SSL VPN Bandwidth Usage Over Time Reports ............................................................259 Viewing SSL VPN Top Users of Bandwidth Over Time Reports ...............................................261 Viewing SSL VPN Resource Reports ......................................................................................................262 Viewing SSL VPN Resource Summary Reports ..............................................................................263 Viewing SSL VPN Authentication Reports ............................................................................................264 Viewing SSL VPN User Login Reports ............................................................................................264 Viewing SSL VPN Failed Login Reports ..........................................................................................265 Viewing the SSL VPN Log .......................................................................................................................266 Viewing the Log for a SSL VPN Appliance .....................................................................................267

Appendix A: Technical Tips .................................................................................269
Log Viewer ...................................................................................................................................................269 Real-time Syslog Viewer .............................................................................................................................271 Forwarding Syslog Data to Another Syslog Server ................................................................................272 Posting ViewPoint Reporting to Another Web Server for End-User Access ...................................273

xiii

SonicWALL ViewPoint 5.0 Administrator’s Guide

you can monitor network access. is an essential component of network security. The ViewPoint Reporting Module: • • • Displays bandwidth use by IP address and service Identifies inappropriate Web use Provides detailed reports of attacks SonicWALL ViewPoint 5. Web-based network reports. enhance security.CHAPTER 1 Introduction to SonicWALL ViewPoint This chapter provides an overview of SonicWALL ViewPoint and information about the user interface. SonicWALL ViewPoint Reporting complements SonicWALL's network security offerings by providing detailed and comprehensive reports of network activity.0 Administrator’s Guide 1 . and anticipate future bandwidth needs. inappropriate Web use. and bandwidth levels. With ViewPoint Reporting. TheViewPoint Reporting Module is a software application that creates dynamic. The ViewPoint Reporting Module generates both real-time and historical reports to offer a complete view of all activity through SonicWALL network security appliances. See the following sections: • • • • “SonicWALL ViewPoint Overview” on page 1 “Navigating the ViewPoint User Interface” on page 3 “ViewPoint Views and Status” on page 6 “Using the ViewPoint TreeControl Menu” on page 9 SonicWALL ViewPoint Overview Monitoring critical network events and activity. such as security threats.

mysonicwall.com account allows you to manage your SonicWALL products and purchase licenses for various services. Licensing your ViewPoint service requires: • A mysonicwall. You need to register your SonicWALL security appliance to activate SonicWALL ViewPoint. simple. and FREE.0 Administrator’s Guide . Simply complete an online registration form directly from your SonicWALL security appliance management interface.com. Creating a mysonicwall. A mysonicwall. you can activate SonicWALL ViewPoint by using an activation key or by synchronizing with mysonicwall. Registering your SonicWALL security appliance is a simple procedure done directly from the management interface. A registered SonicWALL security appliance with active Internet connection.SonicWALL ViewPoint Overview • • • • Collects and aggregates system and network errors Shows VPN events and problems Presents visitor traffic to your Web site Provides detailed daily firewall logs to analyze specific events. License and Registration Requirements SonicWALL ViewPoint is licensed separately from SonicOS. Once you have an account. • 2 SonicWALL ViewPoint 5.com> from any Internet connection with a Web browser. you can purchase ViewPoint and other licenses for your registered SonicWALL security appliances. Your mysonicwall.com is fast. Once your SonicWALL security appliance is registered.com account is also accessible at <https://www.com account.

For information about the SonicToday panel.0 Administrator’s Guide 3 . SSL-VPN. inappropriate Web use. click the Firewall tab at the top of the ViewPoint user interface. and syslog settings. To open the Firewall Panel. and Console panels in the SonicWALL ViewPoint user interface. and bandwidth levels.Navigating the ViewPoint User Interface Navigating the ViewPoint User Interface This section describes the Firewall. license status. Figure 1 Firewall Panel and Default Page From the Firewall Panel. SonicWALL ViewPoint 5. such as security threats. you can view the following for connected SonicWALL appliances: • View general unit status. Firewall Panel The Firewall Panel is an essential component of network security that is used to view and schedule reports about critical network events and activity. A link to the SonicWALL ViewPoint Getting Started Guide is provided. see the Using the SonicToday Panel chapter.

and Web site category. a top users of Web bandwidth report. View custom reports of Internet activity at the unit level. uptime. Custom reports filter raw syslog data and you can specify start and end dates or a date range such as “Week to date”. View the number of attempts that users made to access blocked websites. a top sources of attacks report. and a weekly summary report. a top visited sites report. These reports include a daily VPN summary report. Dashboard reports display an overview of bandwidth. View file transfer protocol (FTP) bandwidth usage. protocol. View mail bandwidth usage. This report includes information about events and usage of protocols and megabytes. a top users of FTP bandwidth report. and a failed authentication report. View Web bandwidth usage. a report that contains the top blocked sites of each user. a report that contains the top sites of each user. intrusions and attacks. an administrator authentication report. traffic. The Dashboard also displays data about threats blocked by the SonicWALL security appliance.Navigating the ViewPoint User Interface • View the SonicWALL security dashboard. and a weekly summary report. and a weekly summary report. The search template can be saved for use again later with the same appliance. View detailed logging information. These reports include a daily bandwidth summary report. and over-time summary and top users reports. The Security Dashboard report provides data about worldwide security threats that can affect your network. These reports include a user authentication report. a top users of VPN bandwidth report. a top users report. and alerts for connected SonicWALL firewalls. View a services report. and a weekly summary report. a top blocked sites report. and a weekly summary report. an attack by category report. View successful and unsuccessful user and administrator authentication attempts. domain. You can filter by user. • • • • • • • • • • • • 4 SonicWALL ViewPoint 5. View current alerts and access alert settings. View general bandwidth usage. The attack reports include a daily attack summary report. View VPN usage. and a weekly attack summary report. These reports include a daily bandwidth summary report. View reports on attempted attacks and errors.0 Administrator’s Guide . The error reports include a daily error summary report and a weekly error summary report. a top users of bandwidth report. These reports include a daily summary report. The detailed logging information contains each transaction that occurred on the SonicWALL appliance. These reports include a daily mail summary report. a top users of mail report. These reports include a daily FTP bandwidth summary report.

To open the SSL-VPN Panel. and syslog settings. and over-time summary and top users reports. such as security threats. click the SSL-VPN tab at the top of the ViewPoint user interface. such as HTTPS or NetExtender. The detailed logging information contains each transaction that occurred on the SonicWALL appliance. It is used to view and schedule reports about critical network events and activity. These reports include a daily bandwidth summary report. View a resources report.Navigating the ViewPoint User Interface SSL-VPN Panel The SSL-VPN panel provides access to SSL VPN appliances and is similar to the Firewalls panel. View general bandwidth usage. This report includes information about connections and the resource used to connect. SonicWALL ViewPoint 5. a top users of bandwidth report. A link to the SonicWALL ViewPoint Getting Started Guide is provided.0 Administrator’s Guide • • • 5 . license status. and bandwidth levels. View successful and unsuccessful user authentication attempts. you can view the following for connected SonicWALL SSL VPN appliances: • • View general unit status. View detailed logging information. inappropriate Web use. Figure 2 SSL-VPN Panel and Bandwidth Page From the SSL-VPN Panel. These reports include a user authentication report and a failed authentication report.

0 Administrator’s Guide . click the Console tab at the top of the SonicWALL ViewPoint user interface. To open the Console Panel. The SonicWALL ViewPoint log contains information on alert notifications. • • ViewPoint Views and Status SonicWALL ViewPoint allows you to view status and reports for all appliances at once using MyReportsView. if necessary. Manage tasks. and other events that apply to SonicWALL ViewPoint. view pending tasks.ViewPoint Views and Status Console Panel The Console Panel is used to configure SonicWALL ViewPoint settings. you can do the following: • • Change the SonicWALL ViewPoint password. or for a single unit at a time with the Unit view. Figure 3 Console Panel From the Console Panel. view the log. Manage email or archive report settings. You can view the status of SonicWALL tasks and. manage licenses. View the SonicWALL ViewPoint log. You can set the schedule and server settings. and configure alerts. 6 SonicWALL ViewPoint 5. failed SonicWALL ViewPoint login attempts. delete them. and the email alert recipient schedule.

Figure 4 Global Status Page for MyReportsView From the Unit view. To display the unit status page. reports contain detailed data for the selected SonicWALL appliance.0 Administrator’s Guide 7 . SonicWALL ViewPoint 5. See Figure 4. click any unit in the left pane. MyReportsView is a grouping of all the appliances you are monitoring with ViewPoint. To open the My Reports view. To specify the unit view. Summary and Over Time reports are available for all SonicWALL appliances monitored by SonicWALL ViewPoint. To display the global status page. navigate to General > Status on the Firewall or SSL-VPN panel. From the My Reports view of the Firewall or SSL-VPN Panel. navigate to General > Status. click the MyReportsView icon at the top of the left pane.ViewPoint Views and Status ViewPoint provides status information on the General > Status page of the Firewall or SSL-VPN panel.

ViewPoint Views and Status Figure 5 Unit Status Page 8 SonicWALL ViewPoint 5.0 Administrator’s Guide .

and redisplay the pane by clicking it again. the TreeControl pane displays all the connected firewall units. This is helpful when viewing some reports or other extra-wide screens. right-click MyReportsView or a Unit icon. Figure 6 Hiding the TreeControl Pane To open a TreeControl appliance menu. Figure 7 TreeControl > Right-Click SonicWALL ViewPoint 5.Using the ViewPoint TreeControl Menu Using the ViewPoint TreeControl Menu This section describes the content of the TreeControl menu within the SonicWALL ViewPoint user interface. You can control the display of the TreeControl pane by selecting one of the appliance tabs at the top of the main window. For example.0 Administrator’s Guide 9 . when you click the Firewall tab. The two appliance tabs can display the following appliance types when ViewPoint is monitoring these device types: • • Firewalls SSL VPNs You can hide the entire TreeControl pane by clicking the sideways arrow icon.

0 Administrator’s Guide . Delete—Delete the selected unit Login to Unit—(unit view only) Login to the selected unit using HTTP or HTTPS protocols.Using the ViewPoint TreeControl Menu The following options are available in the right-click menu: • • • • • • • Find—Opens a Find dialog box that allows you to search for units. Add Unit—Add a new unit to the ViewPoint view. Rename Unit—(unit view only) Renames the selected SonicWALL appliance. Refresh—Refreshes the ViewPoint UI display. Modify Unit—(unit view only) Change basic settings for the selected unit. Requires unit IP and login information. 10 SonicWALL ViewPoint 5. and serial number. IP and login information. including unit name.

See the following sections: • • • • “Installation Platform Requirements” on page 11 “Installation” on page 13 “Logging In and Out of SonicWALL ViewPoint” on page 17 “Activating SonicWALL ViewPoint” on page 15 Installation Platform Requirements This section provides deployment requirements and information about supported versions. Note SonicWALL does not support installations of ViewPoint running on any virtualization software. you must be logged in as the administrator.0 Administrator’s Guide 11 . Operating Systems In order to install and run SonicWALL ViewPoint. 32-bit) Windows 2000 Server (SP4) Windows 2000 Professional (SP4) Windows XP Professional (SP2) SonicWALL ViewPoint 5. such as VMware.CHAPTER 2 Installing SonicWALL ViewPoint This chapter describes how to install and activate SonicWALL ViewPoint. ViewPoint is supported on the following operating systems: • • • • Windows 2003 Server (SP1.

ViewPoint also supports the Microsoft SQL Server 2005 (SP2) database.0 for Windows. ViewPoint supports the following databases: • On Windows 2003 Server. Each file name includes the date it was created for easy reference. ViewPoint requires large amounts of disk space for database storage.0 Windows 2000 (SP4) and above NTFS file system Minimum 6 GB hard disk space Minimum 2 GB RAM Not a Virtual Machine (VM) Microsoft SQL Server 2000 (SP4) The requirements for the MySQL server are as follows: • • • • • On all supported operating systems. On Windows 2000 Server.Installation Platform Requirements Databases On Windows only. 12 SonicWALL ViewPoint 5. ViewPoint supports the following database. Hardware Requirements The hardware platform where ViewPoint is installed must meet the following requirements: • • • 3 GHz or faster processor Minimum 2 GB RAM At least 300 GB of free disk space Note Ensure that the drive where ViewPoint is installed has ample space to store the ViewPoint log files. ViewPoint now provides enhanced database capacity by creating a new 2 GB database everyday. In early versions. the maximum raw syslog database size was 2 GB. ViewPoint also supports the Microsoft SQL Server 2000 (SP4) database.0 Administrator’s Guide .0 and higher: • MySQL version 5. provided as part of a fresh installation of ViewPoint 5. bundled with SonicWALL ViewPoint 5.

0 and higher Installation You can either perform a fresh installation of SonicWALL ViewPoint 5.0 or higher Static IP / DHCP If accessed from the WAN interface.1.0 will preserve the HTTPS settings for the ViewPoint Web server. If the SonicWALL ViewPoint Console (Web server) is set up for HTTPS management.6 Tomcat 5. SonicWALL ViewPoint 5. HTTP / HTTPS HTTP and HTTPS access for adding a SonicWALL appliance to ViewPoint is supported as follows: • • HTTP for access to a LAN IP address only HTTPS for access to a LAN IP or WAN IP address Web Browsers For local and remote browser access.2. the SonicWALL appliance must have a static IP address.26 SonicWALL Appliances You can use ViewPoint reporting for the following SonicWALL security appliances: • • • SonicWALL firewalls running SonicOS 1. To upgrade from a version of ViewPoint prior to 4. it may have either a static or dynamic IP address.x. the following browsers are supported: • • Microsoft Internet Explorer 6.0 Administrator’s Guide 13 . Otherwise. or SonicWALL firmware 6.0 and higher Mozilla Firefox 2. Java applications.0 or higher SonicWALL SSL VPN 200 / 2000 / 4000 running SonicOS SSL VPN 2.1 and then run the SonicWALL ViewPoint 5.0 installation.Installation Java SonicWALL ViewPoint services automatically download and use the following versions of Java.0 or higher. you must first upgrade to SonicWALL ViewPoint 4.1. the upgrade to ViewPoint 5.1. and Java driver software: • • Java Plug-in 1.5.0 using the installer or upgrade a previous installation of SonicWALL ViewPoint 4.1 or higher SonicWALL CSM Series running SonicOS CF 1.

To select a different location. click Download Center. 9. click Choose and select a folder.exe file and double-click it. Before installing ViewPoint. click Next. The Introduction screen displays. To accept the default location.0. verify that none of the following are already installed: • • • SQL Server SQL Server Express MSDE Keep in mind that programs like “Backup Exec” use MSDE. The License Agreement screen displays.Installation The installation folder path name should not contain spaces. Using a Web browser. The file system is created during phase one. and the services and databases are created during phase two. disable any Anti-Virus programs during the installation. 6. Click Next. perform the following steps: 1.mysonicwall.zip file will be downloaded to your system. Do the following: – Enter the IP address or host name of the Simple Mail Transfer Protocol (SMTP) server in the SMTP Server Address field. The ViewPoint50. When you are ready to install SonicWALL ViewPoint 5. Select ViewPoint in the Type drop-down list. 2. Click Next. Log on to the computer as administrator. 8. Extract the VPS. select the language you prefer in the Language drop-down list. The Choose Install Folder screen displays.com account at: https://www. click the link for ViewPoint 5. Also. After the screen refreshes. 10. In the Download Center page.com/ In the left pane. select I do NOT accept the terms of the License Agreement and click Next. If any of the above programs are installed. There are two phases to a ViewPoint installation. 5. License Agreement and click Next. – To not accept the terms.0 Administrator’s Guide . The error message ‘Unknown error’ may appear during phase two if MSDE cannot be installed. The SonicWALL ViewPoint installation program closes and the product will not install. log into your mysonicwall.0. 4. select I accept the terms of the 3. 7. Select from the following: – To accept the terms of the license agreement. 14 SonicWALL ViewPoint 5. The Settings screen displays. they must first be uninstalled.

Click Install. Activating SonicWALL ViewPoint To use SonicWALL ViewPoint. After the files are copied.com before you can purchase and activate the ViewPoint license for it. &). The installation program begins copying SonicWALL ViewPoint files.com account. – To configure SonicWALL ViewPoint to validate these settings.com Account If you do not already have a mysonicwall.Activating SonicWALL ViewPoint – Enter the number of the web server port in the Web Server Port field (default: 80). See the following sections: • • • • “Creating a mysonicwall. Use a password with no special characters (for example. 12. Installation is complete.com Account” on page 15 “Registering the SonicWALL Appliance” on page 16 “Activating the ViewPoint Software” on page 16 “Enabling the ViewPoint License on the SonicWALL Appliance” on page 17 Creating a mysonicwall.com Follow the on-screen prompts to create a user account.mysonicwall. The SonicWALL appliance must be registered on mysonicwall. restart the server. 11. You must also enable the ViewPoint license on the appliance itself.0 Administrator’s Guide 15 . – Enter the email addresses of administrators who will receive email notifications from SonicWALL ViewPoint. open a Web browser and navigate to the following website: http://www. you must license it on each SonicWALL security appliance that you want reports about. !. %. SonicWALL ViewPoint 5. – Enter and confirm the database password in the Database Password and Confirm Password fields. select the Validate fields on this screen check box.

com. Log on to mysonicwall. Click Submit. 5. 2. The Service Management page displays. Carefully write down the ViewPoint License Key in a safe place. 16 SonicWALL ViewPoint 5. Scroll down to locate the ViewPoint service and click Enter Key.com. 4. Enter a descriptive name for the SonicWALL appliance in the Friendly Name field. 2. The ViewPoint Activation Key is printed on the ViewPoint Software License Certificate shipped with the ViewPoint package. Click Register. a ViewPoint License Key will appear.Activating SonicWALL ViewPoint Registering the SonicWALL Appliance To register the SonicWALL appliance that ViewPoint will monitor. Select the Product Group from the drop-down list. 3. After the Activation Key is registered. perform the following steps: 1. Enter the ViewPoint Activation Key in the Activation Key field. The Activate Service page displays. 6. Click the label of the newly registered SonicWALL appliance. If you purchased ViewPoint on mysonicwall. the key is emailed to you. Log on to mysonicwall.com My Products Page Figure 8 3.0 Administrator’s Guide . Enter your SonicWALL serial number in the Serial Number field. The mysonicwall. Activating the ViewPoint Software To activate the SonicWALL ViewPoint software. mysonicwall. 4. 5.com website registers the SonicWALL appliance. The SonicWALL My Products page displays. Click My Products.com. perform the following steps: 1.

5. The ViewPoint page displays. 2. double-click the SonicWALL ViewPoint icon on your desktop. perform the following steps: 1. – If you are logging in from a remote location.com in the Enter Upgrade Key field. open a Web browser and enter http://viewpoint_ipaddress/sgms/login or http://viewpoint_ipaddress or http://localhost . The SonicWALL ViewPoint login page displays. Navigate to Log > ViewPoint. perform the following steps: 1. Do one of the following: – If you are logging in locally.Logging In and Out of SonicWALL ViewPoint Enabling the ViewPoint License on the SonicWALL Appliance To enable the SonicWALL ViewPoint license. Restart the SonicWALL for the change to take effect. Enter the ViewPoint License Key provided by mysonicwall. 4. SonicWALL ViewPoint 5. Log into the SonicWALL appliance.0 Administrator’s Guide 17 . 3. Logging In and Out of SonicWALL ViewPoint To start and log into SonicWALL ViewPoint. Click Apply.

it is highly recommended to change the default password for the user admin.0 Administrator’s Guide . Click Submit. The default time-out can be changed from the General/ViewPoint Password page on the Console Panel. click the Logout button in the SonicWALL ViewPoint UI. The maximum size of the SonicWALL ViewPoint User ID is 24 alphanumeric characters. The SonicWALL ViewPoint UI opens. Note After the password is entered. it will automatically be truncated. 2. For security purposes. an authenticated management session is established that times out after 5 minutes of inactivity. Enter the SonicWALL ViewPoint user ID (default: admin) and password (default: password). 18 SonicWALL ViewPoint 5. To logout. 3.Logging In and Out of SonicWALL ViewPoint Figure 9 SonicWALL ViewPoint Login Page 1. If the password is more than 32 characters long.

This chapter contains the following sections: • • • “Adding SonicWALL Appliances to SonicWALL ViewPoint” on page 19 “Deleting SonicWALL Appliances from ViewPoint” on page 21 “About Signed Applets in SonicWALL ViewPoint” on page 22 Adding SonicWALL Appliances to SonicWALL ViewPoint SonicWALL ViewPoint checks with the SonicWALL licensing server when you add an appliance. .0 Administrator’s Guide 19 . SonicWALL ViewPoint can communicate with SonicWALL appliances through HTTP or HTTPS. See the following sections: • • “Adding SonicWALL Appliances” on page 20 “Modifying SonicWALL Appliance Settings” on page 21 SonicWALL ViewPoint 5. so it is important that ViewPoint has Internet access to the server.CHAPTER 3 Adding SonicWALL Appliances This chapter describes how to add SonicWALL appliances to the SonicWALL ViewPoint.

Note 4. Add Unit Dialog Box Figure 10 3. At the top of the user interface. Enter the administrator login name for the SonicWALL appliance in the Login Name field. For Access Mode. Enter the password used to access the SonicWALL appliance in the Password field. Enter the IP address of the managed appliance in the IP Address field. select Use Secure login (HTTPS). Do not enter the single quote character (‘) in the Unit Name field. The Add Unit dialog box appears. 8.Adding SonicWALL Appliances to SonicWALL ViewPoint Adding SonicWALL Appliances To add a SonicWALL appliance using the SonicWALL ViewPoint UI. – If the SonicWALL appliance will be managed over HTTPS. 5.0 Administrator’s Guide . 6. 20 SonicWALL ViewPoint 5. select from the following: – If the SonicWALL appliance will be managed over HTTP. select Use Insecure login (HTTP). follow these steps: 1. Enter the serial number of the SonicWALL appliance in the Serial Number field. Enter a descriptive name for the SonicWALL appliance in the Unit Name field. 7. click the appliance tab that corresponds to the type of appliance that you want to add: Firewall or SSL-VPN. Right-click an open area in the left pane (TreeControl pane) of the SonicWALL ViewPoint UI and select Add Unit. 2.

For descriptions of the fields. This will take a few minutes.0 Administrator’s Guide 21 . SonicWALL ViewPoint 5. The SonicWALL appliance is deleted from ViewPoint. click Yes. click OK. you can manually modify its settings or how it is managed. perform the following steps: 1. Deleting SonicWALL Appliances from ViewPoint To delete a SonicWALL appliance from ViewPoint. 2. 2. page 19. In the warning message that displays. The SonicWALL appliance settings are modified. After the SonicWALL appliance is successfully acquired. HTTPS: 443). its icon turns blue.Deleting SonicWALL Appliances from ViewPoint 9. The new SonicWALL appliance appears in the SonicWALL ViewPoint UI. 10. 3. Enter the port used to administer the SonicWALL appliance in the HTTP(S) Port field (default ports are HTTP: 80. ViewPoint then reads the appliance configuration and acquires the SonicWALL appliance for management. Right-click on a SonicWALL appliance in the left pane of the SonicWALL ViewPoint UI and select Delete from the pop-up menu. have a yellow icon that indicates it has not yet been successfully acquired. To modify a SonicWALL appliance. its configuration settings are displayed at the unit level. see Adding SonicWALL Appliances to SonicWALL ViewPoint. When you have finished modifying options. perform the following steps: 1. The Modify Unit dialog box appears. The Modify Unit dialog box contains the same options as the Add Unit dialog box. and its settings are saved to the database. SonicWALL ViewPoint will then attempt to set up an HTTP or HTTPS connection to access the appliance. It will Modifying SonicWALL Appliance Settings If you make a mistake or need to change the settings of an added SonicWALL appliance. Right-click the appliance name in the left pane of the SonicWALL ViewPoint UI and select Modify Unit from the pop-up menu.

Figure 11 Applet Warning Otherwise. Import file. click Yes. Copy/paste. but a signed applet can access local system resources as allowed by the local system’s security policy. such as the TreeControl Applet in the leftmost pane. Browse local folders. Signed Applets refers to a technique for adding a digital signature to a Java applet to prove that it was not tampered with upon receipt from the signer.policy file. such as Copy/Paste. By default.policy file: Manually Configuring the java.policy file yourself on the client browser system in order to enable a number of applet related operations. Signed applets can be given more privileges than ordinary applets. click No. applets have no access to system resources outside the directory from which they were launched.policy file for signed applets.policy File for SonicWALL GMS JRE 22 SonicWALL ViewPoint 5. There is no need to edit the java. When a signed applet starts up. In this case you must manually edit the java. a warning pop-up is displayed. You can view the following technote for more information about editing the java.policy file. If you want to trust the applet. you were required to edit the java. Import and HTTP/HTTPS logins will work without any edits to the java.About Signed Applets in SonicWALL ViewPoint About Signed Applets in SonicWALL ViewPoint There are a number of applets in the ViewPoint UI. In previous releases of ViewPoint.0 Administrator’s Guide . and HTTP/HTTPS login to the managed units from the ViewPoint UI.

0 Administrator’s Guide 23 . .CHAPTER 4 Using the SonicToday Panel This chapter introduces the SonicToday panel in the SonicWALL ViewPointUser Interface (UI). This section includes the following subsections: • • • “Overview of the SonicToday Panel” section on page 24 “Editing a Component Window” section on page 24 “Adding a Component Window” section on page 26 SonicWALL ViewPoint 5.

To do this: 1. your network. you see a default SonicToday tab.Overview of the SonicToday Panel Overview of the SonicToday Panel Using RSS and AJAX technology. Click the Edit link. Editing a Component Window One customizable feature of SonicToday is the ability to edit the title of any given component window. You are able to further customize this page by configuring and adding preferred components. located on the right side of the component window you wish to modify. In this example. Upon initial login. SonicToday is a tab intended to work as a customizable dashboard where you are able to monitor the latest happenings with your SonicWALL ViewPoint 5. as well as the rest of the world.” 24 SonicWALL ViewPoint 5. the IT and Security World. we will modify the title of the component window “CNN Top Stories.0 Administrator’s Guide .0 deployment.

Editing a Component Window

2.

The component window will expand, revealing the following entries you can modify:

Title – The title of the component window. RSS URL – The URL of the RSS Feed the current component window updates from. Items – The number of items to be displayed on the component window. Refresh Interval – The frequency of time the component window will refresh the RSS Feed.

In this example, we will change the title to “CNN Top 5 Stories.” For Items, we specify that we want five items shown in the component window, and we want the Refresh Interval to occur every 30 minutes. Click Save to save your changes and exit the component window. The changes will update the component window immediately.

SonicWALL ViewPoint 5.0 Administrator’s Guide

25

Adding a Component Window

Adding a Component Window
Another way to fully customize your SonicToday dashboard is by adding a component window specifically to your preferences. Note that no component containing the same content can be added more than once in the SonicToday dashboard. In this section, there are different component windows you can add:
• •

“Application Widget” section on page 26 “RSS Feed” section on page 28

Application Widget
The application widget specifically details Logs and Current Sessions in SonicWALL ViewPoint 5.0. The convenience of this new widget is that it enables you to keep track of all these different details from the SonicToday dashboard page, rather than navigating through other tabs. To add the application widget:
1.

Click Add Component to bring up the Add Component Manager dialogue box. Select Application Widget from the ‘Type’ drop-down list.

26

SonicWALL ViewPoint 5.0 Administrator’s Guide

Adding a Component Window

2.

Specify what type of Widget you want in the component. The Title will default to the Widget you choose, but you may customize this if you prefer. You also will indicate how many Items you want to be shown on the component window, as well as the Refresh Interval. In this example, we will add a widget that monitors Logs, displaying the latest five everyten minutes.

3.
thanks

Click Add when finished specifying entries. The component window is added to the SonicToday dashboard.

SonicWALL ViewPoint 5.0 Administrator’s Guide

27

Adding a Component Window

RSS Feed
RSS Feed is a component window designed to keep you updated with what is going on in the IT and Security World, as well as all around the globe. This section contains procedures for customizing an RSS Feed component window on your SonicToday dashboard. To choose a Predefined RSS Feed:
1. 2.

Click Add Component to bring up the Add Component Manager dialogue box. Select RSS Feed from the ‘Type’ drop-down list. This will automatically bring up a list of predefined RSS Feeds you may choose from. The Title will default to the Alert Type you choose, but you may customize this if you prefer. You also will indicate how many Items you want to be shown on the component window, as well as the Refresh Interval. In this example, we will select ‘AP Sports News,’ displaying the first five items every 30 minutes on the component window.

3.

Click Add when you are finished. This will add the new RSS Feed component window to your SonicToday dashboard. Click Add Component to bring up the Add Component Manager dialogue box. Select RSS Feed from the ‘Type’ drop-down list. This will automatically bring up a list of predefined RSS Feeds you may choose from. Scroll to the bottom of the predefined list and select Custom RSS Feed... Enter the URL of the RSS Feed you would like on your component window.

To Choose a Custom RSS Feed:
1. 2. 3.

28

SonicWALL ViewPoint 5.0 Administrator’s Guide

Adding a Component Window

Note

To search a large directory of available RSS Feeds, navigate to: http://www.rsfeeds.com/ Enter the Title for this custom RSS Feed page. Also indicate how many Items you want to be shown on the component window, as well as the Refresh Interval. In this example, we will choose ‘Rediff Top Stories,’ displaying the first five items every 30 minutes on the component window.

4.

5.

Click Add when you are finished. This will add the new RSS Feed component window to your SonicToday dashboard.

To Add More Pages
SonicToday allows you to create more pages in addition to your default dashboard page. Note that only one page may be designated as your SonicToday default page. As soon as a new page is marked as the default, any previous default page settings are overwritten. To create a new page:
1. 2. 3. 4.

Click Manage Page from the toolbar to bring up the Page Manager. In the ‘Page’ section, select Add New Page from the drop-down list. Name your new page under ‘Page Title.’ Select the layout of your page under ‘Page Layout.’ A thumbnail image pops up alongside each option to assist you.

SonicWALL ViewPoint 5.0 Administrator’s Guide

29

simply by placing a checkmark in the box labeled ‘Default Page. make your changes. Click Add when you are finished. In this example.’ 6. When AutoHide is turned on.’ You can now add and customize component windows to navigate between pages. the control bar always appears on the SonicToday dashboard.0 Administrator’s Guide . When AutoHide is turned off. The toolbar now displays the newly added page. Other Features AutoHide AutoHide is a feature you customize by turning on or off. You also have the option of making this your default page. we titled the new page ‘News. To turn AutoHide on. Select the page you wish to delete and click Delete. the control bar will hide after an interval of two seconds when the mouse is moved away from the control bar. click Manage Page from the toolbar. Select the page you wish to edit. 30 SonicWALL ViewPoint 5. Note To edit a page. Click OK to finish. click the On icon . click Manage Page from the toolbar.Adding a Component Window 5. and click Edit to finish. Note To delete a page. click the Off icon To turn AutoHide off.

By default. The arrows can be used to scroll across different pages in both directions. Any page can be selected by clicking on the page title. SonicWALL ViewPoint 5. Manual Refresh Aside from the automatic refresh.0 Administrator’s Guide 31 . a page selector bar appears at the top of the main window with left and right arrows. you can force a refresh on the component window by clicking the refresh icon on the component window header. which you configure in the “Editing a Component Window” section on page 24. the selector is scrolled to a point where the default page appears on it. Component Height Resize The height of a component can be increased and decreased by stretching or shrinking the resize cursor on the status bar when the mouse is moved over the status bar. Remove or Delete a Component Any component window can be removed or deleted from the page by clicking the close icon on the component window header.Adding a Component Window Page Selector Whenever the number of pages added to the SonicToday dashboard exceeds five.

0 Administrator’s Guide . To maximize a component window. To minimize a component window. in the component in the component 32 SonicWALL ViewPoint 5. click the minimize icon window header. The components are loaded in the page with the state they were saved in the database. click the maximize icon window header.Adding a Component Window Minimizing or Maximizing a Component Each component can be in minimized or maximized state.

Figure 12 Console > User Settings > General SonicWALL ViewPoint 5. and the UI settings.CHAPTER 5 Configuring User Settings This chapter describes how to configure the user settings that are available in the Console panel on the User Settings screens. This chapter includes the following section: • “General” section on page 33 General This section describes the user settings page to change the ViewPoint administrator password.0 Administrator’s Guide 33 . the ViewPoint inactivity Timeout.

0 Administrator’s Guide . 6. Select a value between 10 and 100 in the Max Rows Per Screen field. Enter the new SonicWALL ViewPoint password in the New ViewPoint Password field. This value applies only to paginated screens. To prevent someone from accessing the SonicWALL ViewPoint UI when SonicWALL ViewPoint users are away from their desks. click Update. only the name of the appliance (Text). 2. Note The maximum size of the SonicWALL ViewPoint User ID is 24 alphanumeric characters. To clear all screen settings and start over. Reenter the new password in the Confirm New Password field. The default is Icons and Text. When you are finished. Note 4. The settings are changed. The ViewPoint Inactivity Timeout period specifies how long SonicWALL ViewPoint waits before logging out an inactive user. The Appliance Selection Panel section determines how devices are displayed in the far left panel.General Perform the following steps: 1. 3. The password is one-way hashed and any password of any length can be hashed into a fixed 32 character long internal password. 7. The minimum is 5 minutes and the maximum is 120 minutes. click Reset. Enter the old SonicWALL ViewPoint password in the Old ViewPoint Password field. You can display only icons (the Icons option). 34 SonicWALL ViewPoint 5. You can disable automatic logout completely by entering a “-1” in this field. enter an appropriate value in the ViewPoint Inactivity Timeout field. 5. or both icons and names (Icons and text). Password fields will be grayed out for users on a Remote Domain.

This includes adjusting settings on deleting log messages after a certain period of time. and setting criteria for viewing logs. perform the following steps: 1. and year from the drop down menu. SonicWALL ViewPoint 5. expand the Log tree.0 Administrator’s Guide 35 . and click Configuration. Click the Console tab. Click Delete Log Messages Older Than. To delete ViewPoint log messages. Console > Log > Configuration Figure 13 2. 3. day. The Configuration page displays. This chapter includes the following sections: • • “Configuration” section on page 35 “View Log” section on page 36 Configuration The Log > Configuration screen provides a way to delete log messages older than a specific date.CHAPTER 6 Configuring Log Settings This section describes how to configure Log Settings. Select the month.

Click the Console tab. Warning. failed logins.0 Administrator’s Guide . perform the following steps: 1.View Log View Log The SonicWALL ViewPoint log keeps track of changes made within the SonicWALL ViewPoint UI. The View Log page displays. – Message—contains a description of the event. logins. scheduled tasks. To view the SonicWALL ViewPoint log. expand the Log tree. Each log entry contains the following fields: – #—specifies the number of the log entry. logouts. – User@IP—specifies the user name and IP address. completed tasks. – SonicWALL—specifies the name of the SonicWALL appliance that generated the event (if applicable). raw syslog database size. and click View Log. syslog message uploads. Console > Log > View Log Figure 14 2. failed tasks. or FYI). password changes. – Severity—displays the severity of the event (Alert. 36 SonicWALL ViewPoint 5. and time spent summarizing syslog data. – Date—specifies the date of the log entry.

– Select one of Exact Phrase. and FYI)–where FYI mean “For Your Information” –Alert and Warning –Alert – Select the Match case checkbox to make the SonicWALL Node. but the words can be non-consecutive or in any order –Any Word matches a log entry that contains any of the words you typed in the Message contains field 4. 5. or Any Word. – Severity—displays log entries with the matching severity level: –All (Alert. Warning. To save the results as an HTML file on your system. ViewPoint User. All Words. (default: 10). To narrow the search. click Clear Search.View Log 3. To configure how many messages are shown per screen. and Message contains search fields case sensitive. – Select Time of logs—displays all log entries for a specified range of dates. –Exact Phrase matches a log entry that contains exactly what you typed in the Message contains field –All Words matches a log entry that contains all the words you typed in the Message contains field. It fills in the field with the suggested text and you can either press Tab to accept it or keep typing. – ViewPoint User—displays all log entries with the specified user. enter a new value between 10 and 100 in the Show Messages Per Screen field. This input field provides an auto-suggest functionality that uses existing log message text to predict what you want to type.0 Administrator’s Guide 37 . – Message contains—displays all log entries that contain the specified text. or click Previous to display the preceding page. click Start Search. configure some of the following criteria: Tip You can press Enter to navigate from one form element to the next in this section. Different suggestions will appear as you continue to type if log messages match your input. To clear all values from the input fields and start over. SonicWALL ViewPoint 5. – SonicWALL Node—displays all log entries associated with the specified SonicWALL appliance. To view the results of your search criteria. Click Next to display the next page. click Export Logs and follow the on-screen instructions.

0 Administrator’s Guide .View Log 38 SonicWALL ViewPoint 5.

you can configure email settings.0 Administrator’s Guide 39 . The following sections are found in this chapter: • • • • “ViewPoint Settings” section on page 39v “Alert Settings” section on page 41 “Sessions” section on page 42 “ViewPoint Updates” section on page 43 ViewPoint Settings On the ViewPoint Settings page. and synchronize model codes information. set the system debug level.CHAPTER 7 Configuring the Management Page This chapter describes the settings available on the Console panel in the Management section. This section describes the following ViewPoint Settings topics: • • “Configuring Email Settings” on page 40 “Configuring Debug and Synchronizing Model Codes” on page 40 SonicWALL ViewPoint 5.

To clear the screen settings and start over. Select a debug level from the System Debug level drop-down list. To synchronize the model codes information. When finished in the ViewPoint Settings page. click Update. The ViewPoint Settings page displays. 2. The Sync Model Codes feature accommodates new SonicWALL product introductions without the need for ViewPoint update. This server can be the same one that is normally used for email in your network. Type the email account name and domain that will appear in messages sent from the SonicWALL ViewPoint into the ViewPoint Sender’s e-Mail Address field. and also allows you to synchronize model codes information. Configuring Debug and Synchronizing Model Codes ViewPoint provides a way to send debug messages to the log file. 3. When SonicWALL updates the the corporate server (mysonicwall) with a new product code.0 Administrator’s Guide . Type the IP address of the Simple Mail Transfer Protocol (SMTP) server into the SMTP Server field. When finished in the ViewPoint Settings page. 2. Expand the Management tree and click ViewPoint Settings. click Update. Click the Console tab. To clear the screen settings and start over. To configure these settings: 1. 4. To configure these email settings: 1. click Sync Model Codes information now. 40 SonicWALL ViewPoint 5. click Reset. The task is scheduled to run every 24 hours and is also available manually. The range is 0-3 where a level of 0 provides no debug log messages and a level of 3 provides the maximum number of debug messages.ViewPoint Settings Configuring Email Settings An SMTP server and an email address are required for sending ViewPoint reports. click Reset. 3. 5. it then becomes available to ViewPoint.

Console > Management > Alert Settings Figure 15 2.Alert Settings Alert Settings The Alert Settings page specifies which email addresses receive email alerts and notifications during specific times. expand the Management tree and click Alert Settings. Enter one or more email addresses (separated by commas) and specify the start and end time for the shift. To configure the alert notification settings. The Alert Settings page displays. – Schedule 3—Specifies who will receive notifications during the third weekday schedule. Enter one or more email addresses (separated by commas) and specify the start and end time for the shift. Configure the email address(es) that will receive notifications and the times that they will receive them: – Schedule 1—Specifies who will receive notifications during the first weekday schedule. Click the Console tab. – Schedule 2—Specifies who will receive notifications during the second weekday schedule. Enter one or more email addresses (separated by commas) and specify the start and end time for the shift.0 Administrator’s Guide 41 . SonicWALL ViewPoint 5. perform the following steps: 1.

Console > Management > Sessions Figure 16 2. expand the Management tree and click Sessions. or Plain Text (Pager). 4. The selected users are logged off. a checkbox is displayed next to each row. Click the Console tab. 3. The Sessions page displays. Select the check box of each user to log off and click End selected sessions. Select whether the email alert will be sent as HTML. Plain Text. Enter one or more email addresses (separated by commas) and specify the start and end time for the shift.Sessions – Saturday—Specifies who will receive notifications on Saturday. When you are finished. When more than one session is active. Enter one or more email addresses (separated by commas) and specify the start and end time for the shift. it may be necessary to log off other user sessions. Managing Sessions On occasion. 42 SonicWALL ViewPoint 5. perform the following steps: 1. The Pager setting sends a very short email to ensure that the email is not cut off by the character limits of some pagers. click Update. Sessions The Sessions page of the Management section of the ViewPoint Console allows you to view session statistics for currently logged in ViewPoint users and to end selected sessions. The settings are saved. To do this. – Sunday—Specifies who will receive notifications on Sunday.0 Administrator’s Guide .

select the checkbox next to the component(s) and then click Download New ViewPoint Software Updates. This page lists the ViewPoint components installed on the server. with a checkbox next to each one. To delete one or more components.0 Administrator’s Guide 43 . select the checkbox next to the component(s) and then click Delete Selected Components from List.ViewPoint Updates ViewPoint Updates The ViewPoint Updates page provides information for the SonicWALL ViewPoint server. SonicWALL ViewPoint 5. Figure 17 Console > Management > ViewPoint Updates To download software updates for one or more components.

0 Administrator’s Guide .ViewPoint Updates 44 SonicWALL ViewPoint 5.

and the number of days that raw data is stored. See the following: • • “Configuring Syslog Data Storage Configuration and Sort Settings” section on page 46 “Controlling the Number of Appliances with Log Viewer Enabled” section on page 47 SonicWALL ViewPoint 5.0 Administrator’s Guide 45 . The following sections are included in this chapter: • • • • • “Settings” section on page 45 “Summarizer” section on page 48 “Email/Archive” section on page 51 “Scheduled Reports” section on page 52 “Management” section on page 57 Settings The Settings page under Reports on the Console panel manages the number of days for raw/syslog data storage for reports and provides a check box for enabling the sort option in report tables.CHAPTER 8 Managing Reports in the Console Panel This section describes how to configure reporting settings on the Console panel. the number of days that summary information is stored. You can also specify the number of appliances which can have Log Viewer enabled at the same time. These include how often the summary information is updated.

In previous versions. Each file name includes the date it was created for easy reference. To disable sorting. 46 SonicWALL ViewPoint 5. Specify the amount of days that you would like to store your syslog data in the Days To Store Raw Data list box and click Update.Settings Configuring Syslog Data Storage Configuration and Sort Settings ViewPoint requires large amounts of disk space for raw data storage. clear the checkbox.0 Administrator’s Guide . select the Enable Sort Option on Report Tables checkbox. To configure syslog data storage settings and set the sort option for report tables. 3. See “Configuring and Using Custom Reports” on page 123. Click Update. Raw syslog data is used to create Custom Reports. expand the Reports tree and click Settings. Console > Reports > Settings Figure 18 2. To enable the report table sort option. the maximum raw syslog database size was 2 GB. perform the following steps: 1. Click the Console tab. ViewPoint now provides enhanced database capacity by creating a new 2 GB database everyday.

Note Limiting the number of appliances for which the Log Viewer is enabled will increase the overall performance of your SonicWALL ViewPoint system. The default is five. SonicWALL ViewPoint 5. The default setting allows Log Viewer to be enabled on up to five appliances. 2. On the Console panel. 3. and when enabling Log Viewer on systems. it is resource intensive. navigate to Reports > Settings. in the Maximum number of appliances on which Log Viewer can be enabled field. enter the number of appliances for which Log Viewer can be enabled. Use care in increasing this number. Because enabling Log Viewer causes raw syslog data uploading. Under Log Viewer Settings.Settings Controlling the Number of Appliances with Log Viewer Enabled You can control the maximum number of managed appliances for which Log Viewer can be enabled. To change the number of appliances for which Log Viewer can be enabled: 1. Click Update.0 Administrator’s Guide 47 .

see “Configuring Syslog Data Storage Configuration and Sort Settings” section on page 46. Additionally. you need to verify that the summarizer is scheduled to collect and process data for this unit at an appropriate interval. see the “Selecting Reports for Summarization” section on page 99 in the Scheduling and Configuring Reports chapter. Depending on the amount of traffic. the ViewPoint Reporting Module must parse the raw data files. When an appliance is configured to communicate with ViewPoint. In order to create summary data.0 Administrator’s Guide . this can quickly consume an enormous amount of space in the database. you can select the number of days that raw syslog data is stored. At the interval you specify. Summarizer Settings SonicWALL appliances send their syslog packets to SonicWALL ViewPoint via UDP packets. Make sure the database is large enough to accommodate the number of days that you choose. For information on configuring raw data storage. To configure reports for summarization. 48 SonicWALL ViewPoint 5. Be very careful when selecting how much raw information to store. ViewPoint creates a new 2 GB database for raw syslog data everyday. When configuring ViewPoint Reporting using the screens on the Console panel under Reports. The raw data is made up of information for every connection.Summarizer Summarizer This section contains the following subsections: • • “About Summary Data in Reports” on page 48 “Summarizer Settings” on page 48 About Summary Data in Reports These reports are constructed from the most current available summary data. you can select the amount of summary information to store. the Summarizer will process those files and store the data in the summary databases.

Note This will not affect the normally scheduled summarization updates on ViewPoint.Summarizer To configure Summarizer settings. 3. enter a date and time in the Next Scheduled Summary Time field and click Update. expand the Reports tree and click Summarizer. To specify the next summary time.0 Administrator’s Guide 49 . The Summarizer page displays. click the Summarize Now button. Specify how often the ViewPoint Reporting Module processes and updates summary information from the Summarize Every list box and click Update. SonicWALL ViewPoint will automatically process the latest information and make it available for immediate viewing. To update the summary information now. SonicWALL ViewPoint 5. perform the following steps: 1. Click the Console tab. 4. Console > Reports > Summarizer Figure 19 2.

Specify an amount based on your chosen currency in the Cost Per Mega Byte Bandwidth Use field. Select the Enable Web Event Consolidation checkbox to consolidate repetitive syslog event entries within the syslog database.com). 6. a single access to www. select the currency type in the Type of Currency field. if Domain Only consolidation is selected. 7. then only one Web event is recorded (cnn. specify a time in the Delete Syslog Data Daily at field.com or video. When Web Event Consolidation is disabled.com that are included in the Web page. Optionally select the Resolve “Not Rated” categories using message comparison checkbox.com can generate more than 70 syslog messages. ViewPoint consolidates syslog messages under the main domain name. such as multiple visits to the same URL by the same user within a set time. To save all information. Over 20 different currencies from around the world are available. then you would see three Web events. a visit to a Web page). specify a date in the Delete Summarized Data for field and click Update.Summarizer 5. In the Reports Summarization Data for Bandwidth Reports section. and further correlates events by time proximity. You would see all 70 Web events if consolidation was not enabled at all. multiple syslog events are logged for one request. 50 SonicWALL ViewPoint 5.cnn. To reduce the amount of syslog data stored periodically. In this simplified example. more consolidation Enabling Web Event Consolidation promotes search and summarizer efficiency by consolidating the syslog messages that result from a single click (for example. enter All. 9. 8. Make sure the database is large enough to accommodate the number of days that you choose.More restrictive. If Host & Domain is selected.More general. To delete summarized data.cnn. and HTTP header information. 10. and then select one of the following levels of consolidation: – Host & Domain .cnn. less consolidation – Domain Only .0 Administrator’s Guide . 11. Many of the 70 syslog messages refer to the links to other pages like images. Specify how many days of summarized data the ViewPoint Reporting Module will store in the database from the Days To Store Summarized Data list box (default: 15) and click Update. For instance.

To specify the date to send monthly reports.Email/Archive Email/Archive Configuring Email/Archive Settings To configure Email/Archive and Web server settings. Console > Reports > Email/Archive Figure 20 2.0 Administrator’s Guide 51 . To specify the day to send weekly reports. enter the date and time in the Next Scheduled Email/Archive Time fields and click Update. 4. To set the next archive time. SonicWALL ViewPoint 5. Specify the number of days to store archived XML reports in the Days to store XML reports field. perform the following steps: 1. 5. 3. select the day from the Send Weekly Reports Every list box and click Update. Click the Console tab. The Email/Archive page displays. 6. This page shows when the next scheduled archive time will occur and when the last weekly and monthly reports were sent. select the date from the Send Monthly Reports Every list box and click Update. expand the Reports tree and click Email/Archive.

Scheduled Reports 7. this will affect reporting and you should enter the new address. This page lists all the schedules in the system. whether it ran successfully and the error that occurred if it failed. The Search Criteria section provides settings for searching report schedules. When you are finished. port. The changes are saved. the table indicates whether each schedule is enabled. Under Search Results. and protocol in the Email/Archive Configuration section. if needed. 52 SonicWALL ViewPoint 5. click Update. the last run type (scheduled or one time run). enabling you to monitor the status of these recurring schedules and re-send failed schedules. port. along with the node. For information on adding a new scheduled report. If the Web server address.0 Administrator’s Guide . 8. along with information about the last execution time of a schedule. Results of your searches are displayed in the Search Results section. see “Adding or Editing a Scheduled Report” section on page 97. or protocol has changed since SonicWALL ViewPoint was installed. The Summary section provides status information on your report schedules. Scheduled Reports The Scheduled Reports page allows you to manage all the report schedules in the system from a central location. owner and other relevant information.

The Scheduled Reports page displays.0 Administrator’s Guide 53 . expand the Reports tree and click Scheduled Reports.Scheduled Reports To search for scheduled reports: 1. Click the Console tab. The Search Criteria tab contains the following elements to refine your search: – Schedule Type .Select from the following schedule types: –All Schedules –Daily Schedules –Weekly Schedules –Monthly Schedules – Status . Console > Reports > Scheduled Reports Figure 21 2. Define the Search Criteria tab.Select from the following status conditions: –All –Failed –In Progress –Success SonicWALL ViewPoint 5.

3. 54 SonicWALL ViewPoint 5. – Error Contains . Click on the highlighted report name link to access the report for editing. enter a number of rows to display in the Show Schedules Per Screen field. 2.Enter a context string to search by keywords. An arrow is displayed in the column heading when this field is the basis for sorting. or navigate to other screens by clicking on links within the table. 3. You can adjust the number of schedules displayed.Scheduled Reports –In Queue –Partial Failure – SonicWALL Node . Click Start Search to begin searching. – Use Condition . The results of your search are displayed in a table in the Search Results section.Select from the following conditions: –And –Or – Match Case .0 Administrator’s Guide . and then click on the checkmark. and a red X means that it is disabled.The name of the report. To adjust the number of schedules displayed in the table.Displays the owner (admin). and indicates ascending or descending order.Enter a context string to search by keywords. and indicates ascending or descending order. or click Clear Search to reset all fields and start over. – The notepad icon is a link to the Schedule Properties page.Select from the following SonicWALL nodes: –All –Per Unit View – Owner . The columns in the table are as follows: – The check box allows you select the schedule for emailing or archiving. – Name Contains . – Name . – ID .Select this checkbox to make your searches case sensitive. You can click on the column heading to sort by this field. You can click on the column heading to sort by this field. To go directly to a row of the table. and then click on the checkmark.A green check mark indicates that this schedule is enabled. An arrow is displayed in the column heading when this field is the basis for sorting. enter the row number in the Go To Schedule Number field. – Enabled . To work with the search results: 1.The schedule ID number used to identify this schedule. go directly to a row of the table.

Indicates if the most recent run was a scheduled run or a one-time execution.Scheduled Reports – Type . and indicates ascending or descending order. and indicates ascending or descending order. click the notepad icon in that row.0 Administrator’s Guide 55 . You can click on the column heading to sort by this field. – Last Error . An arrow is displayed in the column heading when this field is the basis for sorting. 5. and indicates ascending or descending order. and indicates ascending or descending order. – Owner . click on the name of the report. –Red: Report failed with errors. Your screen will change to the report screen on the Firewall or SSL-VPN panel. – Last Run (Local) .Displays the error condition from the most recent run. –Yellow: Currently processing.All. –Green: Report processed successfully. Weekly Schedules. An arrow is displayed in the column heading when this field is the basis for sorting. 4. An arrow is displayed in the column heading when this field is the basis for sorting.The date when the report was last generated. You can click on the column heading to sort by this field. An arrow is displayed in the column heading when this field is the basis for sorting. To view the report. You can click on the column heading to sort by this field. SonicWALL ViewPoint 5. You can click on the column heading to sort by this field. – Last Run Type .The host name of the SonicWALL appliance. An arrow is displayed in the column heading when this field is the basis for sorting. To view the properties for a schedule. Daily Schedules. and Monthly Schedules. and indicates ascending or descending order.Includes the following report status options: –Blue: Queued. if any. – Unit/Group/Devices(s) . You can click on the column heading to sort by this field. –Orange: Report completed with errors. – Status . waiting to be processed. The Schedule Properties page displays.Indicates the user ID of the user who created the schedule.

or Monthly) from the Search Criteria section and click Start Search. follow the procedures below: 1. Reports are generated for the specific dates and emailed/archived as a one time option for all the schedules selected.Scheduled Reports Resending Schedules Apart from selecting multiple schedules for a one-time execution by selecting the appropriate checkboxes and clicking the Email/Archive the Selected Schedules now. Select the Schedule Type (Daily. Figure 22 Scheduled Reports Screen . Reports are generated for the specified date/date range. Provide a start date (and an end date if applicable). you can re-send required schedules using the Re-send the selected schedules for dates option. This lists all the schedules of the selected type. Click Re-send the selected schedules for dates.0 Administrator’s Guide . 56 SonicWALL ViewPoint 5. Select the checkboxes of the schedules you want to resend. 3. 2.Lower Section To resend any schedules. Weekly.

the total amount of data stored in an archive is equal to at least 30 days. archiving as little as 1 day of data each time the MDTA process is run. MDTA allows this archive to be built over time. Note Total days to store summarized data in reports is set separately in the Console > Reports > Summarizer screen.0 Administrator’s Guide 57 . although best benefits are seen when storing at least 60 days of summarizer data. Set this field for a value greater than 60 days for best results. Typically.Management Management Report Data Management allows the SonicWALL ViewPoint administrator to backup large amounts of report data incrementally and at specified intervals using MDTA. Console > Reports > Management Figure 23 SonicWALL ViewPoint 5.

Click the Update button. clicking the corresponding Update button after each line is completed: Save Data Archive Transaction Logs Select to save truncated data archive transaction logs during each MDTA operation.” 58 SonicWALL ViewPoint 5. With the exception of the current month. navigate to Console > Reports > Management. MDTA operations will take place every day at the time you specify. MDTA will archive 3 days of data. SonicWALL ViewPoint ensures that the current month is always kept in un-archived form. disk space and CPU time when using MDTA. In order to obtain optimal performance when viewing reports however. if you specify 3 days as the number of days to archive. you choose the number of days worth of data to archive each time the MDTA process is run. starting with the oldest available data and will repeat this process every day. Configure Data Archiving as follows.0 Administrator’s Guide . Click the Update button. Specify the number of days worth of data to consider for each MDTA operation. Press this button to immediately start an on-demand MDTA operation. This option is deselected by default in order to conserve disk space. Schedule an initial date (mm/dd/yyyy) and time (in 24-hour format) for the MDTA operation. Step 1 Step 2 Step 3 In the ViewPoint Administrator Interface. Next Scheduled Archive Time Number of Days to Archive Archive Data Immediately Note High-traffic systems can generate reports that consume large amounts of memory.Management Configuring Report Data Management As an administrator. navigate to the Console > Log > View Log screen and look (or search) for or “start” and “completed” times for “Report Data Archive. The archive will run immediately but your scheduled archive operation will still take place. To view when MDTA operations are starting and how long the process is taking. starting with your initial date selection. For example. Check the box next to Enable Data Archive and click the corresponding Update button. Set your Number of Days to Archive and Scheduled Archive Time accordingly. all available data is eligible for archiving.

ViewPoint will not display metrics for a component if the daily statistics collection started more than 26 hours earlier. every seven days for weekly metrics. and past 30 days. The metrics are available for the past 24 hours. This feature has information on the Syslog Collector and Summarizer metrics. and every 30 days for monthly metrics. The Capacity Planning feature provides a convenient lookup that details when you may need to add new resources to your network. This chapter includes the following sections: • • “Capacity Planning” section on page 59 “Summarizer Status” section on page 62 Capacity Planning The Capacity Planning feature provides performance metrics for your network administrator to plan. The Summarizer metrics are available only for ViewPoint deployments and that have Distributed Summarizer enabled (enabled by default on ViewPoint 5. past seven days. One of the challenges of growing a network is to know when you may need to add a new server into your deployment.0 Administrator’s Guide 59 .0). including database capacity planning tools and summarizer status information. design. Similarly. every 24 hours for daily metrics. and expand your ViewPoint server deployment.CHAPTER 9 Using Diagnostics This chapter describes the diagnostic information that ViewPoint provides. monthly metrics are not shown unless data collection for monthly metrics started earlier than for daily and weekly metrics. This will generally indicate that the component is not active. Weekly metrics are not shown unless the data collection for weekly metrics started earlier than the daily metrics. SonicWALL ViewPoint 5. These metrics are reset (to zero).

For the Syslog Collector. go to the Console panel of ViewPoint and then navigate to Diagnostics > Capacity Planning.0 Administrator’s Guide . A result of 100% would indicate that during at least one sampling period in the last 5 days. Results are calculated over the last 5 days. The Dial Charts show the percent of total capacity used by the Syslog Collector or the Summarizer.Capacity Planning Figure 24 Console > Diagnostics > Capacity Planning To reach the Capacity Planning screen. the Syslog Collector spent no time waiting for packets. the calculation measures the amount of idle time spent waiting for syslog packets to arrive compared to the amount of time spent reading and processing syslog packets. 60 SonicWALL ViewPoint 5.

the average syslogs summarized per minute on a system is 18. the calculation measures the total time the summarizer is running compared to the time it is sleeping.0 Administrator’s Guide 61 . For a reasonable estimate of the total number of security appliances this system should be able to handle. Maximum capacity for the Summarizer is considered to be 12 hours per day of run-time. As shown above.108) by the number of syslogs per appliance per minute (91). SonicWALL ViewPoint 5.108. 52% of capacity indicates that the Summarizer had a peak execution time of over 6 hours (52% of 12 hours) in at least one of the last 5 days. This yields an estimate of 198 security appliances. As another example. assuming that the current appliances are a fair sample of the security appliances on your network. assuming that the Summarizer was to constantly summarize 24 hours (as in the case of a dedicated Summarizer).Capacity Planning For the Summarizer. divide the number of syslogs per minute (18. per minute. The average number of syslogs received on that system is 91 per firewall.

Summarizer Status Summarizer Status The Summarizer Status page displays information on the current status of the selected summarizer. Figure 25 Console > Diagnostics > Summarizer Status 62 SonicWALL ViewPoint 5.0 Administrator’s Guide .

168. for example: 192. Summarizer Thread Information The Summarizer Thread Information shows what tasks the summarizer is performing at the moment the Console > Diagnostics > Summarizer Status page displays. Oldest: The date and time on the oldest file in the category. The summarizers are listed by IP address. Summarizer Statistics The Summarizer Statistics report on the tasks the summarizer has performed in and on where it is in its schedule: • Over the past 24 hours – Number of Syslogs Summarized (and time taken) – Average Syslogs Summarized Per Minute • Over the past 7 days – Number of Syslogs Summarized (and time taken) – Average Syslogs Summarized Per Minute SonicWALL ViewPoint 5. There are ten main syslog file types: – Processed Files – Unprocessed Files – Grouped Files – Not Mine Files – Infected Files – Archived Files – Bad Files – Upload Pending Files – Uploaded Files – Bad Upload Files • • File Stats: The number of syslog files in the category and their size in Megabytes.168.0 Administrator’s Guide 63 . Refresh your browser display or leave the page and return to it to update the information.10 Syslog File Information The Syslog File Information table is divided into three columns: • Syslog File Type: The type of files being reported on.Summarizer Status The Summarizer Status page is divided into four sections: Summarizer Information: • Summarizer: Select which summarizer you are viewing status for.

0 Administrator’s Guide .Summarizer Status • Over the past 30 days – Number of Syslogs Summarized (and time taken) – Average Syslogs Summarized Per Minute • • • Summarizer Memory Consumption (in bytes) Last Run Time Next Run Time 64 SonicWALL ViewPoint 5.

It is not necessary to configure all sub-components prior to creating an alert. Severities are included within each Threshold. This chapter contains the following sections: • • • • “Granular Event Management Overview” section on page 65 “Using Granular Event Management” section on page 67 “Configuring Granular Event Management” section on page 69 “Viewing Current Alerts” section on page 76 Granular Event Management Overview Granular Event Management (GEM) provides a customized and controlled manner in which events are managed and alerts are customized and enabled.0 Administrator’s Guide 65 . warning. • SonicWALL ViewPoint 5. On the Console panel. • Severities: Severity is used to tag an alert as Critical. or Information. Warning. or information. The GEM alert has multiple sub-components. GEM allows you to systematically configure each sub-component of your alert in order for the alert to best accommodate your needs. Thresholds: A threshold defines the condition that must be matched to trigger an event and send an alert. You can change the severity levels of the threshold elements listed on the Console > Events > Threshold page. some of which have further subcomponents.CHAPTER 10 Granular Event Management This chapter describes how to configure and use the Granular Event Management (GEM) feature in a ViewPoint environment. Each threshold is associated with a Severity to tag the generated alert as critical.

a Value. or database are down for maintenance. What is Granular Event Management? The purpose of Granular Event Management is to provide all the event handling and alerting functionality for ViewPoint. Each threshold includes the following elements: an Operator. and security service subscription licenses. At the global level. – Do not generate an alert during a time period when the unit. The Firewall panel also provides an Events > Alert Settings screen where you can enable or disable alerts. see “Using Granular Event Management” on page 67. You can also invert a schedule. the alerts set at the global level are applied to the new unit. Whenever you add a new unit to ViewPoint. the GEM framework examines threshold elements to find a match for the specified condition. If a match is found (one or more conditions match). How Does Granular Event Management Work? The Granular Event Management framework provides customized event handlingfor specific alerts about database and database log size. Schedule. including screens for Events > Threshold. The ViewPoint management interface provides screens for centralized event management on the Console panel. • Schedules: You can use Schedules to specify the day(s) and time (intervals) in which to generate an alert. network. or weekends only. You can enable or disable an alert at the global or unit level in ViewPoint. which means that the schedule is the opposite of the time specified in it.Granular Event Management Overview One or more threshold elements are defined within a threshold. the alert is then applied to all units. and a Severity.0 Administrator’s Guide . or only during business hours. When a value is received for an alert type. the threshold with the highest severity containing a matching element is used to trigger an event. and Alert Settings. For a list of the predefined alerts. For example: – Generate an alert during weekdays only. 66 SonicWALL ViewPoint 5.

The predefined defaults for each panel and screen are as follows: Table 1 GEM Predefined Default Objects Panel Console Screens Events > Thresholds Predefined Default Objects Unit Status Database Size Status Database Log Size Status (on MySQL DB only) Console Events > Schedule Schedule Groups: • • • • 24x7 Weekdays 24 hours 8x5 Weekend Schedule: admin Monday 24 hours Monday business hours Tuesday 24 hours Tuesday business hours Wednesday 24 hours Wednesday business hours Thursday 24 hours Thursday business hours Friday 24 hours Friday business hours Saturday 24 hours Sunday 24 hours Schedules: • • • • • • • • • • • • • Console Events > Alert Settings Database Info Database Size Status SonicWALL ViewPoint 5.0 Administrator’s Guide 67 . schedules.Using Granular Event Management Using Granular Event Management For convenience and usability. thresholds. You can edit the predefined values to customize the settings for thresholds and schedules. and alerts. a number of default settings are predefined for severities.

0 Administrator’s Guide .Using Granular Event Management Panel Screens Predefined Default Objects Database Log Size Status (on MySQL DB only) Firewall Events > Alert Settings Intrusion License Anti Spyware License Warranty License CFS License Anti Virus License About Alerts The Events > Alert Settings screens are available in the Console and Firewall panels. The GEM framework provides different types of alert types for the respective areas of the ViewPoint application: • • Firewall panel: Alert settings for Reporting Console panel: Alert settings for the ViewPoint application Table 2 GEM Alert Types Panel location Console Available Alert Types Date Base Info Database Size Status Database Log Size Status (on MySQL DB only) Firewall Anti Virus License CFS License Warranty License Anti Spyware License Intrusion License 68 SonicWALL ViewPoint 5. You can enable or disable alerts on these screens.

Configuring Granular Event Management Configuring Granular Event Management To set up the GEM environment after installing ViewPoint. and add custom thresholds. schedules. a Value. An element consists of an Operator. and a Severity. Each threshold can contain one or more threshold elements. You should examine the Threshold and Schedule screens and make any necessary configuration changes.0 Administrator’s Guide 69 . and alerts for handling events. See the following sections: • • “Configuring Events on the Console Panel” section on page 69 “Enabling or Disabling Alerts on the Firewall Panel” section on page 75 Configuring Events on the Console Panel In the Events screens on the Console panel. A threshold defines the condition for which an event is triggered. The following tasks are described in this section: • • “Editing an Event Threshold Element” on page 70 “Enabling/Disabling Event Thresholds and Threshold Elements” on page 71 SonicWALL ViewPoint 5. Predefined thresholds have names similar to predefined Alert Types. you can view existing event thresholds and configure their elements. you can configure the frequency of subscription expiration and task failure notifications. Then you can enable alerts in the Events screens on the Console panel and Firewall panel. start with the Events screens on the Console panel. See the following sections: • • • “Configuring Event Thresholds” on page 69 “Configuring Event Schedules” on page 72 “Enabling or Disabling Alerts on the Console Panel” on page 75 Configuring Event Thresholds In the Events > Threshold screen. thresholds. as well as severities.

Configuring Granular Event Management Editing an Event Threshold Element To edit an existing element of a Threshold. enter the description for your threshold element. In the Operator field.0 Administrator’s Guide . perform the following steps: 1. select from the drop down menu the type of operator to apply to your threshold element. 70 SonicWALL ViewPoint 5. enter the value for your threshold element. – Operator – Value – Description – Severity – Disable Edit icon located in the In the Edit Threshold Element window. you can edit the following fields: 3. In the Description field. 2. 4. 5.. In the Value field. click the Configure column in the element row. On the Events > Threshold screen.

On this screen. you are able to view existing Thresholds. Enabling/Disabling Event Thresholds and Threshold Elements The GEM feature provides a Disable check box that allows you to disable or enable thresholds or individual elements within that threshold. See “Enabling/Disabling Event Thresholds and Threshold Elements” section on page 71.0 Administrator’s Guide 71 .Configuring Granular Event Management 6. To enable or disable Thresholds and/or their elements. perform the following tasks: 1. Click Update. you can simply enable it. 7. select the severity priority from the drop down menu. You have the following two options for the enabling/disabling feature: – You can enable or disable a Threshold by disabling/enabling all the elements that exist within it. These are color coded for your easy reference on the Events > Threshold screen. If it is needed again. You can also disable individual elements within a threshold. – You can enable/disable the individual elements within a Threshold. To disable the threshold element. 8. You can also view existing elements within those thresholds by clicking the expand button by a threshold. 2. On the Console panel. that is SonicWALL ViewPoint 5. click the Disable check box. In the Severity field. navigate to the Events > Threshold screen. click the edit button on the element level. You can disable a threshold by disabling all its elements. To enable or disable a threshold and/or elements.

3. To add an event schedule. Configuring Event Schedules The next component on the Console panel is Events > Schedule. their descriptions. 72 SonicWALL ViewPoint 5. 4. Select the Visible to Non-Administrators check box if you want the schedule to be visible and usable by non-administrators. Select the Disable checkbox to disable the element or de-select the Disable checkbox to enable the element. You can also individually delete one schedule or schedule group at a time by selecting the trash-icon on the right hand side for each row. delete. Click Update.Configuring Granular Event Management 3. 2. Other users should be able to view or use them only if the Visible to Non-Administrators check box is selected. delete. Administrators and Owners can edit these objects. On the Events > Schedules screen. click Add Schedule. You will see your schedules and schedule groups. The following tasks are described in this section: • • • • “Adding an Event Schedule” on page 72 “Editing an Event Schedule” on page 74 “Adding an Event Schedule Group” on page 74 “Deleting a Schedule or Schedule Group” on page 75 Adding an Event Schedule In Events > Schedules you can add. perform the following steps: 1. For quick reference. To temporarily disable a schedule. or configure schedules and schedule groups.0 Administrator’s Guide . Schedule groups are one or more schedules grouped within an object. and whether they are enabled. In this screen. or configure schedules. you can hover your mouse over the descriptions to quickly view the type of schedule and the days and times when it is active. select the Disable checkbox. you can add.

7. Click Add to add this schedule to the Schedule List text box. you can create one or more schedules. • Click Invert to create a schedule that is “off ” during the dates and times that you specify.0 Administrator’s Guide 73 . configure either: One Time Occurrence –Fill in the Date and Time fields. and End Time fields. • Recurrence –Fill in Days. and then click Delete. Click Delete All to delete all entries. For each schedule. 8. In the Schedule field. 6. 5. Start Time. SonicWALL ViewPoint 5. Click Update when you are finished. To delete an entry from the Schedule List text box.Configuring Granular Event Management 4. select the entry that you want to delete.

The screen and procedure for editing are the same as those for adding a schedule. To move multiple schedule groups and/or schedules all at once. select the schedule(s) to add to your schedule group. In the Schedules field. Click the Disable check box to temporarily disable the schedule group. 74 SonicWALL ViewPoint 5. See “Adding an Event Schedule” section on page 72. 6. Adding an Event Schedule Group You can combine several schedules into a schedule group on the Events > Schedule screen. click the Edit icon on the right side of the Events > Schedule screen. and then use the arrow buttons to move the selected schedule into or out of the group. On the Events > Schedule screen. click the Add Schedule Group button. To add a schedule group. 3.Configuring Granular Event Management Editing an Event Schedule To edit an existing schedule. Click Update. 7.0 Administrator’s Guide . perform the following steps: 1. hold the CTRL button on your keyboard while making your selections. 4. 5. 2. Click the Visible to Non-Administrators check box to allow this schedule group to be viewed and used by non administrators. Enter a description of your schedule group in the Description field. Enter the name of your schedule group in the Name field.

To delete an event schedule. To disable an alert. 5. click the Delete Schedule(s) button. When you click the schedule group check box.0 Administrator’s Guide 75 . Navigate to the Events > Schedule screen. 2. and select the schedules you wish to remove within that group. click the Delete Schedule Group(s)/Remove Schedules from Group button. 3. 3. Enabling or Disabling Alerts on the Console Panel The Console > Events > Alert Settings screen provides three predefined alerts that apply to ViewPoint as a whole. To delete the selected schedule(s).Configuring Granular Event Management Deleting a Schedule or Schedule Group You can delete schedules or schedule groups. clear the checkbox under Enabled in the row for the alert. or you can remove schedules from schedule groups. You can hover your mouse over these to display information about them. Click the check boxes of the schedule groups or schedules that you want deleted. select the checkbox under Enabled in the row for the alert. You can enable or disable these alerts by selecting or clearing the checkbox in the Enable column for the alert. Click Enable/Disable Alert(s). SonicWALL ViewPoint 5. 4. To delete the selected schedule group(s) or remove the selected schedules from a group. or remove a schedule from a schedule group: 1. Enabling or Disabling Alerts on the Firewall Panel You can enable or disable alerts for events pertaining to security services licenses on the Firewall panel. the schedules within that schedule group will be deleted as well. click the expand button on the schedule group. 2.To enable or disable an alert: 1. To remove a schedule from a schedule group. schedule group. To enable an alert.

Select a global view or unit to view current alerts for your selection.0 Administrator’s Guide . 76 SonicWALL ViewPoint 5.Viewing Current Alerts Viewing Current Alerts You can view a list of current alerts on the Events > Current Alerts page of the Firewall panel.

is an essential component of network security. enhance security. The search operator field offers a comprehensive list of search operators that varies depending on the search field. ViewPoint Reporting complements SonicWALL's Internet security offerings by providing detailed and comprehensive reports of network activity. You can search saved reports by using the report search bar. SonicWALL ViewPoint 5. This chapter includes the following sections: • • • “ViewPoint Reporting Overview” section on page 77 “Navigating ViewPoint Reporting” section on page 81 “Managing ViewPoint Reports on the Console Panel” section on page 93 ViewPoint Reporting Overview Monitoring critical network events and activity. as well as information about the reporting customization tool for creating report templates. Web-based network reports. A description of the available features in the user interface is provided. Settings for reporting on the Console panel are described. The search bar provides pre-populated quick settings for the search field. The ViewPoint Reporting Module is a software application that creates dynamic. including the type of information that can appear in reports. such as security threats. available in most report screens in the ViewPoint UI.0 Administrator’s Guide 77 . and anticipate future bandwidth needs.CHAPTER 11 ViewPoint Reporting Features This chapter describes how to use ViewPoint reporting. The ViewPoint Reporting Module generates both real-time and historical reports to offer a complete view of all activity through SonicWALL Internet security appliances. With ViewPoint Reporting. which can be either text-based or numeric. and bandwidth levels. and a drop-down calendar for the start and end dates. inappropriate Web use. you can monitor network access.

Cost.0 Administrator’s Guide . or Browse Time.ViewPoint Reporting Overview You can search all columns of report data except columns that contain computed values. ViewPoint waits until you click Search before it begins building the new report. Note The ViewPoint Reporting Module receives its information from the stream of syslog data sent by each SonicWALL appliance and stores it in the SonicWALL ViewPoint database or as files on the hard-disk. 78 SonicWALL ViewPoint 5. The ViewPoint Reporting Module: • • • • • • • Displays bandwidth use by IP address and service Identifies inappropriate Web use Provides detailed reports of attacks Collects and aggregates system and network errors Shows VPN events and problems Tracks Web usage by users and by Web sites visited Provides detailed daily firewall logs to analyze specific events. such as %.

A list of reports: The reports available in this list change according to your selection in the TreeControl pane. You can click on an individual report name to view that report. you can select a view or unit to display reports that apply to the selected view or unit. MyReportsView is the default selection and is also referred to as the global view.0 Administrator’s Guide 79 .ViewPoint Reporting Overview Viewing ViewPoint Reports The ViewPoint reports are available on the Firewall tab of the ViewPoint interface: Figure 26 ViewPoint Firewall Tab The ViewPoint Reports view is divided into three panes: Figure 27 The ViewPoint Reports View • A list of views and individual units referred to as the TreeControl: In the left pane. The reports are divided into categories. You can click on the plus sign next to a category to view the list of reports in that category. • SonicWALL ViewPoint 5.

Provides Web activity report with details from raw data *Custom Reports are only available at the unit level. Provides a high-level activity summary. Above the search bar a link to the Scheduler is provided. the search bar is provided at the top of the pane. click More Options to the right of the search bar. For most reports. Provides intrusion event reports. Provides web filter event reports. Provides FTP usage reports. You can change the time for the report to run by clicking the Schedule link or its clock icon in the upper right. Provides mail usage reports. Provides attack event reports. Provides login reports. click the Print link or icon. *Services reporting is only available at the unit level.0 Administrator’s Guide . Provides bandwidth usage reports. Provides virus attack event reports. 80 SonicWALL ViewPoint 5.ViewPoint Reporting Overview • The report: The right pane displays the report that you selected in the middle pane for the view or unit that you selected in the TreeControl. Provides Web usage reports. Provides VPN usage reports. To access the display settings for the report. The SonicWALL ViewPoint reporting feature provides the following configurable reports: Table 3 General Dashboard Custom Report* Bandwidth Services* Web Usage Web Filter FTP Usage Mail Usage VPN Usage Attacks Virus Attacks Anti-Spyware Intrusion Prevention Authentication Configurable Reports Provides general unit and license status. Provides events and usage by service protocol. To print the report. A quick access link to your system’s printer is also available in the upper right corner. Provides spyware event reports.

It also describes the Search Bar and display options for interactive reports. This section describes each view and what to consider when making changes.Navigating ViewPoint Reporting Navigating ViewPoint Reporting ViewPoint Reporting is a robust and powerful tool you can use to view detailed reports for individual SonicWALL appliances. as well as other enhancements provided in SonicWALL ViewPoint . See the following sections: • • • • • • • • “Global Views” on page 82 “Unit View” on page 83 “Using Interactive Reports” on page 84 “Searching for a Report” on page 85 “Collapsible TreeControl Pane” on page 90 “Enable/Disable Scheduled Reports” on page 91 “Combined Reports” on page 91 “Improved Navigation” on page 91 SonicWALL ViewPoint 5.0 Administrator’s Guide 81 .

click the MyReportsView icon in the upper-left hand corner of the left pane. the settings that you specify are maintained in effect throughout the session. Figure 28 Global View Reports Page Showing the Dashboard Summary As you navigate the SonicWALL ViewPoint Reports Panel screens with the Global view selected and view different reports. Summary and Over Time reports are available for all SonicWALL appliances connected to SonicWALL ViewPoint.Navigating ViewPoint Reporting Global Views From the Global view of the Firewall Panel. 82 SonicWALL ViewPoint 5.0 Administrator’s Guide . To open the Global view.

Figure 29 Unit View Reports Page Showing the Dashboard > Summary As you navigate the Firewall panel with a single SonicWALL appliance selected and change settings. To open the Unit view.Navigating ViewPoint Reporting Unit View From the Unit view of the Firewall panel. reports contain detailed data for the selected SonicWALL appliance. The report page for the SonicWALL appliance displays. click a SonicWALL appliance in the left pane of the SonicWALL ViewPoint UI. SonicWALL ViewPoint 5. click the Firewall tab. those settings will remain in effect throughout the session. Then.0 Administrator’s Guide 83 .

Navigating ViewPoint Reporting Using Interactive Reports ViewPoint provides interactive reporting to create a clear and visually pleasing display of information. You can control the way the information is displayed by adjusting the settings which are collapsed in the search bar.0 Administrator’s Guide . The following figures provide examples of an interactive report graph and a pie chart for Summary and Top Users. Figure 30 Interactive Report Graph Figure 31 Pie Chart 84 SonicWALL ViewPoint 5.

0 Administrator’s Guide 85 . the search bar has intuitive search fields to provide context-based searching. containing different options in different reports. If the column contains numerical data. a character-based list is displayed. In addition to the original quickset functions. An operator drop-down list: There are two types of operator sets. Detailed drop-down menu • • • • SonicWALL ViewPoint 5. month. Start date and end date calendar fields: You can also search for reports by date. You may also navigate through dates by clicking on the arrows located beside the start date and the end date fields. The components of the search bar include: • A column drop-down list: The searchable column drop-down list contains all the searchable columns of a report. If the content of the selected column is character-based. It is context-based. A search text field: You can input a search string into this field. and year by using the side arrows to navigate. Figure 32 Search Bar Tool The search bar contains a number of helpful components that allow you to specify search parameters and locate a report with ease.Navigating ViewPoint Reporting Searching for a Report The search bar feature provides search and configuration capabilities for every report. The column drop-down list defines criteria for the search and filter functions. Clicking on the Start field displays a drop-down calendar where you can select day. a list with mathematical symbols is displayed.

Navigating ViewPoint Reporting The collapsed and expanded Search Bar views are shown below: Figure 33 Search Bar Collapsed Figure 34 Search Bar Expanded 86 SonicWALL ViewPoint 5.0 Administrator’s Guide .

Figure 36 Character-based Operators A character-based list contains Equals. If the content of the selected column contains numerical data. The drop-down list contains all the searchable columns of a report. It is context-based. Search/Filter functions can be performed by utilizing various components reporting at unit level. Figure 37 Numerical Data-based Operators SonicWALL ViewPoint 5. Start with. Figure 35 Column Drop-down List There are two different operator sets. meaning that it contains different options in different reports. End with. a search text field. the character based operators will show as demonstrated in Figure 36. an operator drop-down list. If the content of the selected column is character-based.0 Administrator’s Guide 87 . and Contains operators.Navigating ViewPoint Reporting The search bar feature consists of a column drop-down list. a list with mathematical symbols plus the between operator selection will display as shown in Figure 37. The column drop-down list defines criteria for search and filter functions to work on. and a detailed pull-down menu.

Figure 38 Report with User-filtered 88 SonicWALL ViewPoint 5.50.20” (the value of the search text field).0 Administrator’s Guide .Navigating ViewPoint Reporting Figure 38 shows a generated report with user name (Users) starting with (Start With) “10.

Navigating ViewPoint Reporting Figure 39 shows a generated report in which the Hit count (Hits column) is greater than (>) “100” (the value of the search field). Figure 40 Calendar SonicWALL ViewPoint 5. For single day reports. You can use the calendar module to easily select a date for the Start or End field.0 Administrator’s Guide 89 . You can also manually type in a date. Figure 39 Reports with Hits-filtered Figure 40 shows the calendar module of the search bar. the End field is disabled.

Figure 41 shows the detailed options of the “Web Usage By User” report.0 Administrator’s Guide . The panel can be brought back by clicking the same button.Navigating ViewPoint Reporting The detailed options are “per report” based. Figure 41 Context-based Detail Options Figure 42 Web Usage by User . you will still see Bar chart in report B if the bar chart was the existing chart type. The detailed drop-down menu can be expanded by clicking More Options as shown in the red circle below. and Find buttons above the TreeControl pane. Modify Unit. Refresh. if you select “PIE” as the chart type for report A. 90 SonicWALL ViewPoint 5. As Figure 41 and Figure 42 show. For example.Report Display Settings Collapsible TreeControl Pane The unit TreeControl pane can be collapsed to free up screen space by clicking on the the small arrow button to the right of the Add Unit. As you can see. Figure 42 contains different options because it is specific to the By User report. the options in the detailed drop-down menu are context-based.

Web Usage and Web Filter reports now link their By User and By Site pages. Combined Reports Users familiar with ViewPoint 4.0 Administrator’s Guide 91 . and hover the mouse over a site. Select the checkbox in the row for a report(s) that you wish to disable. and click the Disable Selected Scheduled Reports button above the table. A sticky tooltip will display with a link to the corresponding site’s report page. SonicWALL ViewPoint 5. It is now possible to navigate directly from the Web Usage > By User page to a Web Usage > By Site page or from the Web Filter > By User page to a Web Filter > By Site page detailing the information of the site that the user has been browsing. Click the Plus sign next to the entry in the User column to show details. the check mark in the Enabled column is grayed out. The Web Usage report pages now feature a Browse Time column. The Bandwidth report pages feature a Cost($) column that displays all the information previously displayed by the ROI reports.Navigating ViewPoint Reporting Enable/Disable Scheduled Reports ViewPoint allows you to disable a scheduled report without deleting it. respectively. To enable or disable a report. navigate to the Configuration > Scheduled Reports page under the Firewall tab.0 will find two categories of reports that are no longer visible on the function tree: the Browse Time report and the ROI report. use the Enable Selected Scheduled Reports button above the table. To re-enable the report. The information from these two reports have been folded into the Web Usage and Bandwidth reports. This screen shows all the scheduled reports on the current appliance. ViewPoint now features linked reports. After confirmation. This allows you to re-use the report at a later time without having to create it again. Improved Navigation To save time. This makes navigating from one report to the next much easier and makes retrieving detailed information simple.

In this use case you will open up the Web Usage> By User report and observe what sites the top browser has been visiting. 3. Navigate to the Web Usage> By User report from the Firewall tab. Click the Plus button next to any IP address in the User column.Navigating ViewPoint Reporting Sample Navigation Use Case This sample use case demonstrates the improved navigation feature. This displays detailed information about the sites that the user at that address has been visiting. Click the Navigate to Top Visited Web Sites By Site link to navigate directly to the Web Usage> By Site report page.0 Administrator’s Guide . Then you will move directly from the By User report to a detailed By Site report. 92 SonicWALL ViewPoint 5. 1. Hover your mouse over a site in this list. 2.

used for managing scheduled reports.Managing ViewPoint Reports on the Console Panel The Web Usage> By Site report page shows detailed information about Web traffic to this site. The Reports section on the Console panel is divided into sections that allow you to manage the following: Table 4 Console > Reports Section Settings Settings Data Storage Configuration Report Settings/Options Log Viewer Settings Summarizer Reports Data Summarization Interval Reports Summarization Data for Top Usage Reports Summarization Data for Bandwidth Reports Days to store Summarized Reports data in Database Email/Archive Email/Archive Time Settings Days to Store Archived/Published reports Email/Archive Configuration .0 Administrator’s Guide 93 . Information in this report include the IP addresses of users who have browsed that site. Managing ViewPoint Reports on the Console Panel There are management settings for the ViewPoint Reporting Module on the ViewPoint Console panel. as well as how much time they have spent browsing. The Firewall panel contains limited configuration screens.Web Server Details Scheduled Reports Summary Search Criteria Search Results Management Report Data Management Settings SonicWALL ViewPoint 5.

0 Administrator’s Guide . see the “Configuring Email/Archive Settings” section on page 51 in the Managing Reports in the Console Panel chapter. For information about the summarizer. summarizer configuration.Managing ViewPoint Reports on the Console Panel The Reports section of the Console panel controls settings for syslog data collection. see the “Management” section on page 57 in the Managing Reports in the Console Panel chapter. • • 94 SonicWALL ViewPoint 5. see the following sections in the Managing Reports in the Console Panel chapter: – “About Summary Data in Reports” section on page 48 – “Summarizer Settings” section on page 48 • • For information about Email and Archiving settings. email and archiving. • For information about syslog data collection settings. and archiving report data. see the “Scheduled Reports” section on page 52 in the Managing Reports in the Console Panel chapter. see the “Configuring Syslog Data Storage Configuration and Sort Settings” section on page 46 in the Managing Reports in the Console Panel chapter. For a description of how to schedule reports in the Console panel. For information about archiving report data using the Move Data to Archive (MDTA) feature. scheduling reports.

CHAPTER 12 Scheduling and Configuring Reports This chapter provides information about scheduling automatic reports and configuring data summarization. This chapter includes the following sections: • • • • • “Configuring Scheduled Reports” section on page 95 “Selecting Reports for Summarization” section on page 99 “Using Summarize Now” section on page 101 “Configuring Dashboard Summary Reports” section on page 104 “Exporting Reports to PDF” section on page 106 Configuring Scheduled Reports SonicWALL ViewPoint Reporting can automatically send reports to any email addresses that you specify.0 Administrator’s Guide 95 . This section contains the following: • • “Viewing or Managing Scheduled Reports” on page 96 “Adding or Editing a Scheduled Report” on page 97 SonicWALL ViewPoint 5. It also contains instructions for configuring settings for the Dashboard > Summary report and describes how to create customized reports in PDF format.

To enable a disabled report. 96 SonicWALL ViewPoint 5. On the Scheduled Reports page.Configuring Scheduled Reports Viewing or Managing Scheduled Reports To view . click the notepad icon in that row. 9. click Add. to add a new scheduled report. Expand the Configuration tree and click Scheduled Reports. Click the Firewall tab. 5. Select a SonicWALL appliance. click Select All Scheduled Reports. delete. 2. 7. or enable/disable currently scheduled reports. select the checkbox in that row and then click Disable Selected Scheduled Reports.0 Administrator’s Guide . The Scheduled Reports page displays. Reports > Configuration > Scheduled Reports Figure 43 4. 3. select the checkbox in that row and then click Enable Selected Scheduled Reports. select the checkbox in that row and then click Delete Selected Scheduled Reports. To select all reports in the list. To delete a report. perform the following steps: 1. 6. See “Adding or Editing a Scheduled Report” on page 97. To disable a scheduled report. To edit a report. See “Adding or Editing a Scheduled Report” on page 97. 8.

The screen expands to show email configuration settings. 6. summary report page. perform the following steps: 1. Weekly. the ViewPoint Reporting Module will use the email address that was configured in the Console panel in the Management > ViewPoint Settings screen as the Sender email address. Enter a name for the report in the Name field. and detailed reports page. 4. The Scheduled Report Configuration window displays. or Monthly. make sure this check box is deselected. For Report Format. 3. To send the file as an email attachment. Specify the directory where the file will be archived in the Save Directory field. select the Archive check box and enter a path in the Save Directory field. Enter the IP address of the mail server into the SMTP Server field. Enter text that will appear in the message body in the Email Body field. click the Add button. Navigate to the Configuration > Scheduled Reports page and do one of the following: – To add a new schedule report.0 Administrator’s Guide 97 . When adding or editing the report. you can configure its name.Configuring Scheduled Reports Adding or Editing a Scheduled Report You can add a new scheduled report or edit an existing one on the Firewall panel on the Configuration > Scheduled Reports screen. 8. Enter the Subject Line that will appear in reports sent from the ViewPoint Reporting Module in the Email Subject field. select HTML. cover page. By default. select Daily. To archive the file on the server’s hard disk. SonicWALL ViewPoint 5. To add or edit a new scheduled report. click the notepad icon in that row. 10. To copy the contents of the report into the body of the email message. Enter one or more destination email addresses. For Report Type. To email the report. select the Email check box. enter a new Sender email address in the Source Email Address field. 12. – To edit an existing report. XML. select the Send Reports Inline check box. 2. formats. 11. 5. separated by semicolons. Note Reports can only be sent inline when all data is sent in a single report. or PDF. 7. category. 9. You can also use or create a profile for the detailed reports page settings. into the Destination Email Addresses field. To change it.

you can create a password for it by selecting Password Protect the Zip File and typing a password into the Password field. 20. 18. 21. but not the zip file. 15. By default.Configuring Scheduled Reports 13. For this procedure see “Configuring Filters and Options” on page 99. If the zip file is selected. Note When both PDF and Zip Reports into a single file are selected. For Summary Report Page. Optionally click Configure Filters Options. 14. The content can be copied or printed. and then select the profile to use from the Profile Name drop-down list. 22. and then select the checkboxes in the Report list for each report to be included. you can select up to 4 reports. type a profile name into the New Profile Name field. Users must input the password to view the contents of a password-protected PDF file.0 Administrator’s Guide . 98 SonicWALL ViewPoint 5. When finished. Select either Include all data in a single report or Zip Reports into a single file. 16. click ADD. click PREVIEW. enter a Title and Subtitle and select colors for the Foreground and Background of the cover page. For Detailed Report Page. For the Cover Page. 19. You can click the checkbox next to the Report heading to select all reports in the list. 17. – Click Create a new profile. To see a preview of this scheduled report. To select another logo. but is not editable by a PDF editor. and then click Add. If you selected PDF for the Report Format. click Browse next to the Logo File field or type the path and filename into the field. do one of the following: – Click Select an existing profile. you can create a password to protect it by selecting Password Protect the PDF File and typing a password into the Password field. you can password-protect the PDF. Select a report for the summary page from the Choose the Summary Reports drop down list. the SonicWALL logo is used on reports.

Click the Firewall tab. 2. 5. Select the number of items to display in all other reports (default: 10). Select the number of sites to display in Top Sites reports (default: 10). Select whether the reports will contain a chart and table or table only. you need to prepare it for syslog data collection for reporting.Selecting Reports for Summarization Configuring Filters and Options 1. To configure the Summarizer settings. 8. Select the number of entries per item to display in all other reports (default: 10). 7. 3. The new report will appear in the list on the Scheduled Reports page. At the bottom of the Scheduled Report Configuration page. Selecting Reports for Summarization This section describes how to tune the performance of the Summarizer by configuring which reports will be created. click the Configure Filters/Options button.0 Administrator’s Guide 99 . When an appliance is configured to communicate with ViewPoint. Select the number of sites to display in Sites by User reports (default: 5). SonicWALL ViewPoint 5. 4. Click the Update button to apply changes. The Configure Filters/Options page displays. Make sure the summarizer is collecting data for the reports you want for this unit. 6. perform the following steps: 1. Select the number of users to display in Top Users reports (default: 10).

Selecting Reports for Summarization 2. The Summarizer Settings page provides a list of reports and a correlating description of each report. Each report contains a checkbox that you can select to generate a summarized report. 4. Firewall > Configuration > Summarizer Settings Figure 44 3. Select the checkbox of each report type to summarize. When you are finished. 100 SonicWALL ViewPoint 5. Your configuration changes are saved automatically. Expand the Configuration tree and click Summarizer Settings.0 Administrator’s Guide . click Update.

Click Summarize Now. You can use Summarize Now to test that the Summarizer is gathering data for a managed unit. Console > Reports > Summarizer Figure 45 3. expand Reports and click Summarizer. To use the Summarize Now feature. The SonicWALL ViewPoint Summarizer creates summary reports by default every 8 hours. The SonicWALL ViewPoint Summarize Now feature is located in the Console tab under Reports > Summarizer. Click the Console tab at the top of the screen. 2.Using Summarize Now Using Summarize Now The Summarize Now feature allows the administrator to create instant summary reports without affecting the regularly scheduled summary reports.0 Administrator’s Guide 101 . SonicWALL ViewPoint 5. Summary reports can be configured by the administrator to occur every 1 to every 24 hours. In the left pane. perform the following tasks: 1.

0 Administrator’s Guide . Console > Log > View Log Figure 46 6. Summarizing data using Summarize Now is a one-time action and will not affect the scheduled summary. When Summarize Now has completed. Navigate to Log > View Log in the left pane. 5. Search for the message Report Data Summarized to verify that the Summarize Now action has completed. Wait for the Report Data Summarized message to be displayed in Log > View Log. Click OK to continue. Note You may see incomplete data if you view the Summary section of a selected report before the Summarize Now process is complete. You will see a pop-up window verifying that you want to summarize the data now. click the Firewall tab at the top of the screen. click MyReportsView or click an appliance. 102 SonicWALL ViewPoint 5.Using Summarize Now 4. In the left-most pane.

click a report to expand it. Reports > Bandwidth > Summary Figure 47 8. then click Summary to review the summarized bandwidth usage data.0 Administrator’s Guide 103 . SonicWALL ViewPoint 5. In the center pane. Navigate to the Summary section of other reports in the center pane to see other summarized data. For example.Using Summarize Now 7. then click the Summary option underneath it. click Bandwidth.

104 SonicWALL ViewPoint 5. 2.0 Administrator’s Guide . perform the following steps: 1. Click the Firewall tab. Settings are available for the following: • • • Summary statistics list at the top left of the Dashboard > Summary page Alerts list at the top right of the Dashboard > Summary page Reports list in the main body of the Dashboard > Summary page Reports > Configuration > Dashboard Page Figure 48 To configure Dashboard Summary report settings.Configuring Dashboard Summary Reports Configuring Dashboard Summary Reports In the Configuration > Dashboard page. you can configure settings to control the information displayed by the Dashboard > Summary screen. Expand the Configuration tree and click Dashboard.

See “ViewPoint Settings” on page 39 and “Alert Settings” on page 41. select the checkbox under the trashcan icon for that alert. select it from the drop-down list and then click Add. Add Statistic Figure 49 4. Figure 50 Alerts List and Threshold 6. 5. In the Reports List section. to add an alert to the Dashboard > Summary page and to receive an email alert when the alert setting is matched. In the Summary / Statistics List section. SonicWALL ViewPoint 5. To remove a statistic from the Dashboard > Summary page. select the checkbox under the trashcan icon for that report. select the checkbox under the trashcan icon for that statistic. and then click Delete. In the Alerts List section.Configuring Dashboard Summary Reports 3. 7. and then click Add. and then click Delete. and then click Delete. 8. and then click Add. to add a report to the Dashboard > Summary page.0 Administrator’s Guide 105 . To remove a report from the Dashboard > Summary page. select the report type from the drop-down list. to add a statistic to the Dashboard > Summary page. select an event type from the drop-down list. To remove an alert. Alerts are emailed using the settings configured in the Console > Management screens. type a threshold value into the Threshold field.

Three reports can be persisted as a profile so that it can be consumed by less novice users in the system. 106 SonicWALL ViewPoint 5. Compliance Report Overview A Compliance Report is a report that collects report data and presents it in an organized format. Ability to customize a set of reports. opening the same report in HTML takes a more extensive amount of time using IE. this feature allows you to export regular reports in universally readable format. reports can be generated in Industry Standard PDF format. How Do Compliance Reports Work? ViewPoint has the capability to generate both online and scheduled reports in HTML format. This feature has the ability to open a 200 page PDF report with ease. Moreover. This feature provides the following benefits: • • • • • • • • Customizable cover page (Default also available) Customize Summary/ Descriptions for the reports. Called Compliance Reports. Since PDF has become a standard document format for distribution. In comparison. In the end result.Exporting Reports to PDF Exporting Reports to PDF ViewPoint can create scheduled email reports in PDF.0 Administrator’s Guide . The print quality is higher. users should be able to customize/define sections throughout the report. For example. Compressed format: The size of the file is small compared to and equivalent HTML report. as it is weighed down by memory and other systems. they can assign different logos/titles to the cover pages for their customers. the compliance reports will be based on this universal standard. The ViewPoint Compliance Report feature allows administrators to provide more customized report summaries and to create more formal and defined layout of report information in PDF format. Requirements Adobe Reader ® plug-in is required for the preview function.

3. SMTP Server field: Enter your SMTP Server IP address or hostname. To archive a directory. enter the name of your report into the Name field. Enter the your desired directory you want to archive into the Save Directory field. The details window displays: • • • • • To begin creating a new customized Compliance Report.0 Administrator’s Guide 107 . perform the following steps: 1. Email Subject field: Enter your Email Subject. click the Archive check box. New Scheduled Report Category Settings Figure 51 5. Click the ADD button.Exporting Reports to PDF Adding a New Scheduled Compliance Report This section includes the following sub-sections: • • • • • “Customizing Your Cover Page” section on page 108 “Customizing Your Summary Report Page” section on page 109 “Customizing Your Detailed Reports Page” section on page 110 “Editing Existing Profiles” section on page 111 “Verifying User Compliance Reports Configuration” section on page 113 Navigate to Firewall > Configuration > Scheduled Reports. In the Category section. In the General section. select the Email check box. 4. and the report description. 2. Email Body field: Enter your Email Body. SonicWALL ViewPoint 5. The Scheduled Report Configuration page displays. Source Email Address field: Enter your Source Email Address. to add a scheduled report. Destination Email Address field: Enter the Destination Email Address(es).

For custom reports. perform the following steps: 6. Subtitle field: Enter the document subtitle. In the Format and Settings category. Select the PDF report format in the Report Format category.Exporting Reports to PDF To change the format and settings of your customized compliance report. either Daily. enter the template folder name into the Template Folder Name field. 7. and Detailed Report Page of your report in PDF format. select the check box next to the Zip Reports into a single file check box. Summary Report Page. Note 9. To zip all of your reports into a single file.0 Administrator’s Guide . Title field: Enter the document title. select the Report Type that reflects the time interval you want to view your reports. or Monthly. Customizing Your Cover Page The Cover Page section allows the user to design a cover page for their report using different color schemes. 1. (Optional). Scheduled Report Cover Page Settings Figure 52 108 SonicWALL ViewPoint 5. Weekly. Selecting the PDF option will open additional fields to allow you to customize the set up of the Cover Page. PDF will disable some options that are only applicable to HTML. 2. 8.

up to a maximum of 4 reports.Exporting Reports to PDF 3. 5. Cover Page Color Settings Figure 53 4. The report will be created based on the type of summary report you have selected.0 Administrator’s Guide 109 . Figure 54 6. Select the background color for both fields. 1. SonicWALL ViewPoint 5. The color codes are automatically filled in the corresponding fields once the color chooser window is closed. click the Add button. Summary Reports Order List 2. Select the order in the Order drop-down window. You may continue to add reports based on the summary you select in the Summary Reports drop-down menu. Select the text color for the title and description. 4. select the type of summary reports you need. Customizing Your Summary Report Page The Summary Report Page allows you to add new reports and individually customize their appearance. Enter the report title in and report description in the appropriate fields. You may select a color by either choosing a color on the color bar and then selecting its value in the color box or by typing in the HTML color. Repeat steps 1-5 to add more summary reports. Then. On the Summary report page. 3. Select the color for the Title and Subtitle’s foreground and background by clicking the gradient color box in the right side of the each field.

New Profile Name field: Enter the name of your new profile. When all sub-folders are selected. Sub-folders are revealed to each folder by clicking the plus icon. 1. If you are creating a new profile. First. check the boxes next to the reports you need.Exporting Reports to PDF Customizing Your Detailed Reports Page The Details Report Page provides you with a list of reports you may select to include in your report summaries. Click the check mark button. When you have completed your selection(s) of reports. Figure 56 110 SonicWALL ViewPoint 5. You can refine your setting for your report in more detail in the Detailed Report Settings category. select the appropriate profile setting for your report. scroll down the page until you see a check button with Configure Filters/Options beside it. the main folder will be selected.0 Administrator’s Guide . select the Create a New Profile button. To determine the type of reports that will be summarized in your compliance report. New Profile Information Figure 55 2. Configure Filters/Options 3.

Exporting Reports to PDF

4.

In the Configure Filter/Options section, you are able to decide how your filter and display is set. Once you have clicked the check button, fill out the table accordingly.
Filter Settings

Figure 57

Editing Existing Profiles
A profile is associated with selected reports from the report list. You have the ability to go back and edit existing profiles in your scheduled reports. Since the report list is populated based on the report type selection, a profile is associated with the report type also. Instead of three categories, there will only be two: single day or multi-days. A profile in a single report will not be seen be seen by the users when they select weekly or monthly as report types. To edit existing profiles, perform the following tasks:
1.

Click the Edit icon, located next to the report name you want to edit.
Edit Existing Profile

Figure 58

2.

In the Detailed Page section, choose the Select an existing profile button.

SonicWALL ViewPoint 5.0 Administrator’s Guide

111

Exporting Reports to PDF

Note

You are able to delete an existing profile in that section by clicking the Delete Selected Scheduled Reports button located at the top of the page.

3.

From the drop-down list in the Detailed Report Page, select the profile name you wish to edit. Choose the reports you want to add or remove from that profile. If a new profile has the same name as one of the existing profiles, the behavior will be the same as users opening the existing profile and edit the report list. When selecting an existing profile, the associated reports are checked in the report list automatically.
Detailed Report Page

Figure 59

A default cover page is provided.
Figure 60 Default cover page

112

SonicWALL ViewPoint 5.0 Administrator’s Guide

Exporting Reports to PDF

Verifying User Compliance Reports Configuration
If you have chosen the PDF version of making this report, you now have the option to see a preview of the report covers you have created and how all of the report summaries you added will fit into that template. To review your customize PDF settings, click the Preview button.
Figure 61 PDF Report Preview Button

Figure 62

Cover page; Summary page; and Details page Preview

Note

The images used for the preview do not use actual data.

SonicWALL ViewPoint 5.0 Administrator’s Guide

113

Exporting Reports to PDF

114

SonicWALL ViewPoint 5.0 Administrator’s Guide

CHAPTER 13 Viewing Reports
This chapter describes how to generate reports using the SonicWALL ViewPoint Reporting Module. The following section describes how to configure the settings for viewing reports:

“Managing Report Settings” section on page 116 “Viewing General Status Reports” section on page 119 “Viewing Dashboard Reports” section on page 120 “Configuring and Using Custom Reports” section on page 123 “Viewing Bandwidth Reports” section on page 139 “Viewing Services Reports” section on page 147 “Viewing Web Usage Reports” section on page 149 “Viewing Web Filter Reports” section on page 168 “Viewing File Transfer Protocol Reports” section on page 183 “Viewing Mail Usage Reports” section on page 190 “Viewing VPN Usage Reports” section on page 197 “Viewing Attacks Reports” section on page 209 “Viewing Virus Attacks Reports” section on page 219 “Viewing Anti-Spyware Reports” section on page 226 “Viewing Intrusion Prevention Reports” section on page 233 “Viewing Authentication Reports” section on page 242 “Viewing the Log” section on page 245
SonicWALL ViewPoint 5.0 Administrator’s Guide

Select from the following reports:
• • • • • • • • • • • • • • • •

115

0 Administrator’s Guide . 50. Your selection should display immediately in the report screen. You can search other reports. see the “Searching for a Report” section on page 85. You can also edit the report settings for each report by using the Search Bar and the More Options button. To select a graphical display. 116 SonicWALL ViewPoint 5. select Chart and Table under Report Display Settings and choose the display type from the Chart Type list. Many reports offer different graphical displays for the data. or All from the Number of Items list. Figure 63 Report Display Settings on Search Bar Selecting a Graphical Display Some reports allow you to specify how many items to display in the report. For most reports you can choose Area. Select 5. use the Search Bar at the top of the report. or click More Options to access other Report Display Settings. 10. 20. For a detailed description.Managing Report Settings Managing Report Settings All of the reports in ViewPoint report on data gathered on a specific date or range of dates. Editing Report Settings To edit the report settings. set the start and end dates for a report to view. Bar. This allows you to limit the display to a the specified number in order to make the report easier to read. Pie or Plot. 100. such as a bar-graph or a pie chart.

click on the Start or End fields in the Search Bar to display the drop-down calendar. Pie. Figure 65 Drop-down Calendar SonicWALL ViewPoint 5. To select the month or year from a drop-down list.Managing Report Settings Figure 64 Area. Selecting a Single Date To select a single date for a report. >). >>). Over-time reports display information over a date range. or the year by clicking the double arrows (<<.0 Administrator’s Guide 117 . In the calendar. click and hold the arrow button. Bar. and Plot Charts Setting a Date or Date Range Summary reports display only information for a single date. Click Search to begin building the report. you can set the month by clicking the single arrows (<. The End field is only configurable for Over Time reports.

You can use the drop-down calendars by clicking in either field. and SonicWALL ViewPoint 5. select a Start Date and End Date in the Search Bar. Additional Settings Many reports have additional settings that you can select such as source and destination interfaces to report traffic through or how to display names and IP addresses. There are several reasons why you might see this error. Troubleshooting Reports One of the most common error messages when a report does not display is “No Data”. and then click Search.0 and higher displays the most likely reason and points you to the screen where you can make the necessary adjustments. Some examples are shown in the following figures. Figure 66 Appliance is Down Figure 67 Appliance in a Provisioned State Figure 68 Configured for Status Only 118 SonicWALL ViewPoint 5.0 Administrator’s Guide .Managing Report Settings Selecting a Date Range To select a date range for an Over Time report. Make your selection from these lists and click Search.

perform the following steps: 1. Expand the General tree and click Status. – Syslog Servers—The IP address and Port number of the syslog servers configured to collect data from the selected appliance. 2. SonicWALL ViewPoint 5. The Status page displays. Firewall > General > Status Figure 69 4. – Syslog Categories—The types of syslog data selected to be collected for the selected appliance. The sections contain the following information: – Node information—Information on the firewall(s) is displayed at the global or unit level.0 Administrator’s Guide 119 .Viewing General Status Reports Viewing General Status Reports The General > Status page contains information on the SonicWALL appliance or group of SonicWALL appliances. Select the global icon or a SonicWALL appliance. To view the Status page. 3. Click the Firewall tab.

The Dashboard also displays data about threats blocked by the SonicWALL security appliance. and alerts for managed SonicWALL firewalls. alerts. Displayed statistics can include total bandwidth.Viewing Dashboard Reports –Synchronize Applicance Information with ViewPoint—Click the Synchronize Applicance Information Now link to refresh status data about the monitored appliances. and a list of available custom report templates. To view the Dashboard Summary report. total attacks and other measurable information. uptime. The alerts list is displayed when the configured threshold has been reached. This status information is normally updated every 24 hours.0 Administrator’s Guide . see “Configuring Dashboard Summary Reports” section on page 104. perform the following steps: 1. For a description of the configuration procedure. Select the global icon or a SonicWALL appliance. 2. 120 SonicWALL ViewPoint 5. A wide range of graphical reports are also available for display. intrusions and attacks. Click the Firewall tab. Viewing Dashboard Reports Dashboard reports display an overview of bandwidth. The Security Dashboard report provides data about worldwide security threats that can affect your network. – Getting Started With ViewPoint—Click the Open Getting Started Instructions In New Window link to open the ViewPoint installation and initial configuration instructions in a separate window. graphical summary reports. You can configure the Dashboard > Summary report contents in the Firewall > Configuration > Dashboard page. Select from the following: • “Viewing the Dashboard Summary Report” on page 120 Viewing the Dashboard Summary Report The Dashboard Summary report displays statistics.

– HTTP Bandwidth—at the unit level. SonicWALL ViewPoint 5. these are shown per hour (not pictured). Expand the Dashboard tree and click Summary. click the Delete icon. Dashboard Summary page Figure 70 4.0 Administrator’s Guide 121 . with all other HTTP bandwidth combined in the eighth slice. using megabytes for the bandwidth totals. this is shown as a pie chart with eight slices. both attack events and virus attack attempts are shown per group. See “Configuring and Using Custom Reports” on page 123. To delete the template. At the unit level. The top seven Web users by IP address are each shown as a slice. 5.Viewing Dashboard Reports 3. – Custom Report Templates—your “favorites” list of saved custom report templates. the bandwidth is shown per hour. You can click the Edit icon next to the template on this page to edit the template in the Custom Report page and save it using the Save Template button. – Attacks Events—at the global level. The tables at the top of the page display the totals. At unit level. The graphical display breaks down the information as follows: – Bandwidth—shown by group when viewed at global level.

All saved templates for this appliance are listed in the box. 122 SonicWALL ViewPoint 5. Figure 71 Custom Report Templates on Dashboard When you click on a saved template. To access a custom report from the Dashboard: 1. Locate the box labeled Custom Report Templates. The template must have been previously created and saved for the same appliance on the Custom Reports > Internet Activity page. the Print and PDF icons are available.0 Administrator’s Guide . Select a unit for which Log Viewer is enabled. You can also configure or delete a saved template from the Dashboard > Summary page. In the report page. There is no link to Split Mode and no Save Template button since this template is already saved.Viewing Dashboard Reports Viewing Custom Reports on the Dashboard SonicWALL ViewPoint provides access to your saved Custom Report templates on the Dashboard > Summary page for the appliance. and then navigate to Dashboard > Summary. the detailed report page is displayed in Full Mode with the same categories in the same order as in the template that you saved. along with the pagination controls. 2.

To configure a saved template. Log Viewer must be enabled for the appliance. After building your query in the Template Section and clicking the Generate Report button. and then outputs the report. and SonicWALL ViewPoint uses your input to query the raw syslog database for the information. click the Configure icon for that template. You select the criteria for the report that you want. The Report Section displays the report and provides controls for pagination. See the following sections for detailed information: • • • • • • • “Toggling Between Split Mode and Full Mode” on page 124 “Configuring the Date and Time” on page 126 “Configuring the Report Layout and Generating the Report” on page 128 “Generating the Custom Report” on page 135 “Viewing a Custom Report” on page 136 “Printing a Page or Exporting a PDF of the Report” on page 138 “Saving the Report Template” on page 139 SonicWALL ViewPoint 5. under the Template Section. click the Delete icon click OK in the confirmation dialog box. For configuration instructions. for that template and then • Configuring and Using Custom Reports Custom Reports are available at the unit level for appliances visible on the Firewall tab.Configuring and Using Custom Reports 3. printing. this layout is called Split Mode. make the desired changes. and exporting the report in PDF format.0 Administrator’s Guide 123 . The Template Section consists of two parts: the Date/Time section and the Report Layout section. the report is displayed in the Report Section. see “Configuring and Using Custom Reports” on page 123. click a saved template in the Custom Report Templates box. see “Viewing the Log” on page 245. Full Mode can be used to display only the Template Section or only the Report Section in a full page view. the Template Section acts as a query builder. For information about enabling Log Viewer. To delete a saved template. The Report Section is displayed in the lower half of the page. You can easily toggle between Split Mode and Full Mode. You can also click the Save Template button in this section if you want to save the settings for this report as a template for reuse later. and then click OK. When configuring a Custom Report on the Custom Reports > Internet Activity page. • • Do one of the following: To generate a Custom Report.

Figure 72 shows the Template Section displayed in Full Mode. When the Custom Report > Internet Activity page is initially displayed for a selected appliance. Figure 72 Full Mode . the Template Section is displayed in Full Mode. which can be displayed together or independently depending on the mode. but the Report Section displays no data until a report has been generated. Split Mode is available. Template Section and Report Section.Configuring and Using Custom Reports Toggling Between Split Mode and Full Mode The Custom Report > Internet Activity page contains two main sections.0 Administrator’s Guide .Template Section 124 SonicWALL ViewPoint 5.

0 Administrator’s Guide 125 . SonicWALL ViewPoint 5. From Full Mode. Figure 73 Split Mode Display At any time. Figure 73 shows the Template Section and Report Section displayed in Split Mode. you can easily change back to Split Mode.Configuring and Using Custom Reports After generating a report. you can change to Full Mode if you want to display either the Template Section or the Report Section individually. the page automatically changes to Split Mode and displays the report settings in the Template Section in the top half of the page and the report results in the Report Section in the lower portion.

the dates used when referencing the log data are relative to the current date. up to and including the most recent log message from the current date Week to Date – Uses log data from the current date.Configuring and Using Custom Reports To toggle between Split Mode and Full Mode: 1. plus the five preceding days Month to Date – Uses log data from the beginning of the current month. beginning just after midnight Yesterday – Uses log data from just after midnight of the previous day. to change the view to Split Mode click the <Split Mode> button at the right side of the section heading. 2. the Date/Time region provides a way to designate the time period to use when generating the report. do one of the following to change to a Full Mode display of either the Template Section or the Report Section: – Click the <Full Mode> button to the right of the Template Section heading. Configuring the Date and Time At the top of the Template Section of the Custom Reports > Internet Activity page. 3. Thus. On a page that is currently displayed in Split Mode. On a page that is currently displayed in Full Mode. up to and including the most recent log message from the current date When generating a report with a template containing a dynamic date range setting. – Click the <Full Mode> button to the right of the Report Section heading. two reports generated from the same template on different days will provide different results.0 Administrator’s Guide . You can select either a Dynamic Date Range or a Static Date Range. 126 SonicWALL ViewPoint 5. Select a unit for which Log Viewer is enabled. and then navigate to Custom Reports > Internet Activity. Figure 74 Date / Time Settings Dynamic Date Range There are four choices for the Dynamic Date Range: • • • • Today – Uses log data from the current date.

Select a unit for which Log Viewer is enabled. In the Template Section under Date/Time. as shown in Figure 75. 2. and second for both the beginning and the end of the period for the report. Static Date Range The Static Date Range selection allows you to specify the exact dates and times of log data to be used for the report. In the drop-down list. select Today. Yesterday. A popup calendar makes it easy to select the Start Date and End Date for the date range. You can specify a single date or a date range. Week to Date. and indicate the exact hour. or Month to Date. Figure 75 Static Date Range Calendar To specify a Static Date Range: 1. and then navigate to Custom Reports > Internet Activity. select the Dynamic Date Range radio button. and then navigate to Custom Reports > Internet Activity.0 Administrator’s Guide 127 . minute. Click the Start Date field to access the pop-up calendar.Configuring and Using Custom Reports To select a Dynamic Date Range: 1. 3. Select a unit for which Log Viewer is enabled. SonicWALL ViewPoint 5. 3. select the Static Date Range radio button. 2. In the Template Section under Date/Time.

select the hour. 7. For more information about each of these Report Layout tabs. This adds the date to the Start Date field and closes the calendar. and the format of the report. and second from the drop-down lists. and the two data categories to evaluate when determining the top elements. or transmitted traffic. Click the desired start date in the calendar. 8. The generated report provides graphical output that you can click to drill down for detailed information. You can select the number of top elements. Click the << button to move to the previous year. Click the >> button to move to the next year. received traffic. the Report Layout region provides a way to specify the type of data to include. and allows you to specify query values for each.0 Administrator’s Guide . minute. These settings specify the earliest data to be included in the report. 6. The Summary Report tab allows you to structure a report showing the top elements of Internet activity. or hold the button to select from a list of years. or hold the button to select from a list of months. Configuring the Report Layout and Generating the Report Located in the Template Section of the Custom Reports > Internet Activity page below the Date/Time region. The Detailed Report tab contains a list of eight data categories that you can add as report fields.Configuring and Using Custom Reports 4. minute. see the following sections: • • “Detailed Reports” on page 129 “Summary Reports” on page 133 128 SonicWALL ViewPoint 5. For the End Time. and second from the drop-down lists. Similarly. 5. or hold the button to select from a list of years. For the Start Time. The categories you select will appear as column headings in the report. These settings specify the most recent data to be included in the report. select the hour. The report appearance and the way information is organized is quite different between a Detailed Report and a Summary Report. Note that this will change the Report Layout region as well as the Date/Time region back to default settings. click Reset at the bottom of the Template Section. Use the navigation arrows near the top of the calendar to change the year or month. click the < or > to move back or ahead by one month. whether to base the comparisons on total traffic. The Report Layout region has a Detailed Report tab and a Summary Report tab. To change the settings back to the defaults.

under the Field heading. a row is populated in the table below.0 Administrator’s Guide 129 . You can drag and drop the rows to rearrange the column ordering in the final report. Filter. the cursor changes to a “move” cursor. and Options. Figure 76 Detailed Report Tab The Select Report Field drop-down list contains eight data categories that you can add as column headings in the report. select a choice from the list and then click Add.Configuring and Using Custom Reports Detailed Reports The Detailed Report tab is the default view in the Report Layout region. The categories are: • • • • • • • • Full URL – Adds a column containing the full URL of each Web site visited Category – Adds a column containing the category of each site visited. Note When you place your mouse cursor over the row. SonicWALL ViewPoint 5. such as Gambling or Adult/Mature Content Domain – Adds a column containing the domain name of each site visited Protocol – Adds a column containing the protocol used by the traffic Received Traffic– Adds a column containing the number of bytes received from the visited site Transmitted Traffic – Adds a column containing the number of bytes transmitted to the site Total Traffic – Adds a column containing the total number of bytes received and transmitted User – Adds a column containing the user ID or IP address To include a field in the report. When you click Add. which has three column headings: Field.

0 Administrator’s Guide .com. Leave the default of All in the input field if you choose not to filter by a certain category. etc. Leave the input field blank if you choose not to filter by a certain domain. two fields are displayed: an operator field and an input field. such as FTP. such as Adult/Mature Content. The operators and input fields are defined in Table 5 for each report field.html Leave the input field blank if you choose not to filter by a certain URL. See “Filter Operators” on page 134 for a description of each operator.Configuring and Using Custom Reports In the Filter column. The operator field is a drop-down list containing the operator choices for the selected report field. Gambling. depending on the selected report field. such as: http://www.funnyyoutubevideo. The input field can be a drop-down list or a standard input field. The input field is a standard input field where you can type in the number of bytes to match or compare to. Military. Category Equals Domain Equals Start with End with Contains Equals Start with End with Contains = > >= < <= != Protocol Received Traffic 130 SonicWALL ViewPoint 5. The input field is a standard input field where you can type in the protocol to match. such as sonicwall.com/funnie st. The input field is a drop-down list containing an alphabetized list of all the content filtering categories. Leave the input field blank if you choose not to filter by a certain protocol. The input field is a standard input field where you can type in the domain to match. Leave the input field blank if you choose not to filter by a certain amount of traffic. Table 5 Operators and Input Fields for Each Data Type Data Type Full URL Operators Equals Start with End with Contains Input Field The input field is a standard input field where you can type in the URL to match.

but not display the field as a column. For example. or numbered protocols such as udp/389 (the LDAP protocol) or tcp/445 (MS Server Message Block (SMB) file sharing). The input field is a standard input field where you can type in the user ID to match. the icon greys out to show that this field will not be displayed in the final report. This allows you to filter the report results based on the selected report field and related filter value. Leave the input field blank if you choose not to filter by a certain user. Clicking the X icon under Options deletes the selected report field from the table. two icons are displayed: an Eye and an X . When you click on the Eye icon within a row. The input field is a standard input field where you can type in the number of bytes to match or compare to. Use the X icon instead of the Eye when you do not choose to filter the report results based on the field. It would make sense to click the Eye icon to disable the Protocol field from being shown in the report. since it would always just be “http” and would not add any interesting information to the final report. You can click the Eye to toggle whether the report field on that row will be displayed in the final report. udp/ntp.Configuring and Using Custom Reports Data Type Transmitted Traffic Operators = > >= < <= != = > >= < <= != Equals Start with End with Contains Input Field The input field is a standard input field where you can type in the number of bytes to match or compare to. SonicWALL ViewPoint 5. Total Traffic User In the Options column. Leave the input field blank if you choose not to filter by a certain amount of traffic. The filter value will still be used to filter results from the raw syslog database to apply towards the report. you might specify the following Field/Operator/Filter Value: Protocol/=/http. The choice you select will be used to order the results in the report from the first page to the last. The Detailed Report tab also contains the Sort By drop-down list. tcp/http. in which case you would want to enable the Eye so that this column would appear in the report showing a variety of protocols such as udp/dns. Leave the input field blank if you choose not to filter by a certain amount of traffic. so it will not be used to generate the report results nor will it be displayed in the report.0 Administrator’s Guide 131 . Contrast this with simply specifying the Protocol field and leaving the Filter Value blank. The list contains the Date/Time option and any other report fields that you have selected from the eight data types.

5. 2. To sort the report pages by a different field than the default of Date/Time. To prevent a field from appearing in the final report. select the desired field from the Sort by drop-down list.Configuring and Using Custom Reports To configure a detailed report: 1. In Report Layout region of the Template Section of the Custom Reports > Internet Activity page. click the greyed out Eye icon to return it to normal appearance. click the Eye icon in that row so that the icon appears greyed out. and then navigate to Custom Reports > Internet Activity. In the Select report field drop-down list. and then click Add. 8. To change the settings back to the defaults. click the X icon in that row. 7. 6. click Reset at the bottom of the Template Section. To delete a field from the table. To allow the field to be displayed in the report. 3. Select a unit for which Log Viewer is enabled. Note that this will change the Date/Time region and the Report Layout region back to default settings. select a data type to include in the report.0 Administrator’s Guide . Optionally select an operator from the drop-down list under Filter in a table row. A row for this field is populated in the table below. 132 SonicWALL ViewPoint 5. 4. and type in or select an input value to be matched when the database is queried. select the Detailed Report tab. Repeat this step to add other fields. Repeat this step for other rows to add filter values for those fields.

you can create one or two Summary Groups from the choices listed on the left side. allowing you to specify values to match when the data is searched.0 Administrator’s Guide 133 . 20. and User. or Transmitted traffic. Figure 77 Summary Report Tab The Top drop-down list provides selections for the number of entries to display in the report. and 5 is selected in the Top drop-down list. 50. For example. the resulting report will look the same in both cases.Configuring and Using Custom Reports Summary Reports The Summary Report tab is available in the Report Layout region of the Template Section. the generated report will display the top five domains visited by each of the top five users. The listed available fields are Category. SonicWALL ViewPoint 5. 10. the report will display the top entries for the Level 2 field for each of the top entries for the Level 1 field. if User is dragged to the Level 1 Summary Group and Domain is dragged to the Level 2 Summary Group. Domain. Either the Level 1 Summary Group field or the Level 2 Summary Group field can be used alone. To select a field for a Summary Group. simply drag and drop the desired field from the list to either the Level 1 Summary Group or Level 2 Summary Group boxes. When both the Level 1 and Level 2 Summary Group fields are populated. if the User field is selected below as a Summary Group. The Summary Base choices are Total traffic. Received traffic. When the field name is dragged to one of these. For example. the report will provide entries for the top five users. Protocol. Available numbers in the Top drop-down list are 5. See “Filter Operators” on page 134 for a description of each operator. and 5 is selected in the Top drop-down list. and 100. The Summary Base drop-down list offers a selection of traffic types that will be used to determine the top usage for the selected field. the operator drop-down list and filter input value field are displayed. Below the Top and Summary Base fields.

select one of Total Traffic. Filter Operators When configuring the Report Layout on either the Detailed Report tab or the Summary Report tab. To specify the field for the Level 2 Summary Group. click and drag the desired field from the list on the left to the Level 1 Summary Group field. In Report Layout region of the Template Section of the Custom Reports > Internet Activity page. 7. The filter operators are used with a filter input value to determine which data should be included in the report. you can specify filter values to be matched in the database during report generation. click and drag the desired field from the list on the left to the Level 2 Summary Group field. 5. 4. The operators are defined as shown in Table 6. Note that this will change the Date/Time region as well as the Report Layout region back to default settings. or Transmitted Traffic to use when determining which are the top elements in the selected field. 2. select the Summary Report tab. and then navigate to Custom Reports > Internet Activity. 134 SonicWALL ViewPoint 5. then release your mouse button to drop the field into position. and then release your mouse button to drop the field into position. Received Traffic. Select a unit for which Log Viewer is enabled. select the operator from the drop-down list next to the field and type a filter value into the input field to the right of the operator. In the Top drop-down list. Depending on the selected field type.0 Administrator’s Guide . To specify the field for the Level 1 Summary Group. text string or numeric. In the Summary Base drop-down list. select the number of entries to be displayed in the report. The filter operator and input field are displayed next to the field name. 8. 6. To specify a filter operator and filter value for a Summary Group.Configuring and Using Custom Reports To configure a summary report: 1. 3. The filter operator and input field are displayed next to the field name. several filter operators are available. click Reset at the bottom of the Template Section. To change the settings back to the defaults.

Log Viewer must be enabled for the appliance. SonicWALL ViewPoint 5.0 Administrator’s Guide 135 . use the Template Section to specify the time period for the report and the contents and layout of the report. For information about enabling Log Viewer.Configuring and Using Custom Reports Table 6 Filter Operators Operator Equals Start with End with Contains = > >= <= < != Definition Only data that exactly matches the filter input text will be included in the report Data that begins with the input text will be included in the report Data that ends with the input text will be included in the report Data that contains the input text will be included in the report Only data that exactly matches the filter input numerical value will be included in the report Data values that are greater than the input numerical value will be included in the report Data values that are greater than or equal to the input numerical value will be included in the report Data values that are less than or equal to the input numerical value will be included in the report Data values that are less than the input numerical value will be included in the report Data values that are not equal to the input numerical value will be included in the report Generating the Custom Report The Generate Report button at the bottom of the Template Section is used to create the report. Note Custom Reports are available at the unit level for appliances visible on the Firewall tab. see “Viewing the Log” on page 245. Before clicking Generate Report.

the selected report fields are displayed as column headings. just below the Save Template button and the printer and PDF icons. For detailed information and instructions. Pagination controls are displayed at the upper right of the report. Figure 78 Pagination Controls In a Detailed Report. 3. next page. Viewing a Custom Report After you click Generate Report. In the Date/Time region of the Template Section. even if you previously were in Full Mode for the Template Section. Navigation buttons are provided to take you to the first page. When 136 SonicWALL ViewPoint 5. and then navigate to Custom Reports > Internet Activity. You can click on any column heading to sort that page by the values in the column that you click. In the Report Layout region of the Template Section. and last page.0 Administrator’s Guide . the Report Section is displayed in Split Mode in the lower half of the main window. Select a unit for which Log Viewer is enabled. previous page. see “Configuring the Report Layout and Generating the Report” on page 128. 2. or you can specify an exact page number in the field. Click Generate Report to create the report using the specified configuration. Click again to toggle between ascending and descending order on that page. For detailed information and instructions. 4. specify the contents and appearance of the report.Configuring and Using Custom Reports To generate a custom report: 1. see “Configuring the Date and Time” on page 126. specify the time period that the report will cover.

Figure 80 Summary Report Page SonicWALL ViewPoint 5.Configuring and Using Custom Reports you navigate away from that page and then come back using the pagination controls.0 Administrator’s Guide 137 . This lets you see the information at a glance. such as who consumed the most bandwidth and which domains they visited the most. the page reverts to the original sorting order as specified in the Sort by field of the Template Section before generating the report. the Report Section displays the traffic volume as horizontal bar charts. Figure 79 Detailed Report Page In a Summary Report.

and includes data for every field available for detailed reports. Figure 81 Detailed Information Popup from a Summary Report Printing a Page or Exporting a PDF of the Report To print the current page of the report. click the PDF icon at the top of the Report Section. To export the entire report in PDF format. For example.000 records. You can save the PDF using any filename and location. 138 SonicWALL ViewPoint 5. This prints only the page that is currently displayed.Configuring and Using Custom Reports You can click on a bar in the chart to pop up detailed information.0 Administrator’s Guide . The PDF can contain a maximum of 10.000 records. click the printer icon at the top of the Report Section. just like the detailed report with all of the columns for all fields. if the Summary Group contains the User field and you click on a bar for one of the top users. The Detailed Information window is shown in Figure 81. The report lists details about this Summary Group field only. If your report contains more than 10. you can use the Static Date Range fields to adjust the dates and regenerate the report to shorten its length. Your normal print dialog box pops up. A PDF file is generated showing the report results in table format. the report displays the date and time of all Internet activity for the user. A scroll bar is provided along the bottom of the Detailed Information window to allow viewing of all eight fields plus the date and time column.

Viewing Bandwidth Reports Bandwidth reports display the amount of data transferred through one or more selected SonicWALL appliances. From this information. click the Save Template button.0 Administrator’s Guide 139 . if you need more bandwidth. To save the report template: 1. you can view the top users of bandwidth. SonicWALL ViewPoint 5. In the Report Section in the upper right corner. 2. The number of remaining characters allowed in the name is displayed below the input field and changes as you type. you might need to upgrade network equipment. type in a descriptive name for the template. If you are in a Full Mode display of the Report Section. day. The template is saved for the currently selected appliance and for the specific user. You can view bandwidth usage view by hour. you can save the settings for this report as a template for reuse. These reports include the cost of consumed network bandwidth per 100 megabytes transferred through the selected appliances. In the popup dialog box. and use it to generate a report using the same settings. You can select the saved template from the Template Section or from the Dashboard > Summary page at a later time. For information about using the template on the Dashboard > Summary page. 3. you can verify that the template has been saved by changing back to Split Mode and viewing the contents of the Template drop-down list. up to 40 characters. or you might simply need to curtail the bandwidth usage of a few employees. you can determine network strategies. see “Troubleshooting Reports” on page 118. The saved template will not be available for other appliances or for other users. or over a period of days. Click Save. Additionally. Bandwidth reports are an ideal starting point for viewing overall bandwidth usage. For example. Note All reports appear in the Firewall’s time zone.Viewing Bandwidth Reports Saving the Report Template After generating the report.

for all SonicWALL appliances for the day. Click the Firewall tab. 3. or at the global level.0 Administrator’s Guide . Select the global icon or a SonicWALL appliance. perform the following steps: 1. The Summary page displays. 140 SonicWALL ViewPoint 5. To view the Bandwidth Summary report. 2. Expand the Bandwidth tree and click Summary. The bar graph displays the amount of bandwidth transferred during each hour of the day. Firewall > Bandwidth > Summary Figure 82 4.Viewing Bandwidth Reports Select from the following: • • • • “Viewing the Bandwidth Summary Report” on page 140 “Viewing the Top Users of Bandwidth” on page 141 “Viewing Bandwidth Usage Over Time” on page 143 “Viewing the Top Users of Bandwidth Over Time” on page 145 Viewing the Bandwidth Summary Report The Bandwidth Summary report contains information on the amount of traffic handled by a SonicWALL appliance during each hour of the specified day.

Bar.” – Cost ($)—amount of the expense per 100 megabytes. Note These settings will stay in effect for all summary reports during your active login session. To view the Top Users report. Select a SonicWALL appliance. perform the following steps: 1. The ViewPoint Reporting Module shows yesterday’s report. click the Start or End field to access the drop-down calendar. The ViewPoint Reporting Module displays the report for the selected day. – MBytes—number of megabytes transferred. SonicWALL ViewPoint 5. 2. Pie or Plot chart – Select the Source and Destination interfaces to view – If you want to track bandwidth usage in both directions. See “Managing Report Settings” on page 116. – Events—number of events or “hits. compared to the day. if 1000 megabytes of data was transferred during the day and 100 megabytes was transferred at the 12:00 time period.0 Administrator’s Guide 141 . Under Report Display Settings you can set: – Display Type: Chart and Table. When you are finished. or Table Only – Chart Type: Area. select the 7. 6. Viewing the Top Users of Bandwidth The Top Users report displays the users who used the most bandwidth on the specified date and the correlating expense. Click the Firewall tab. For example. – % of MBytes—percentage of megabytes transferred during this hour. 8. The table contains the following information: – Hour—when the sample was taken.Viewing Bandwidth Reports 5. Bi-directional check box. You can configure this in the Cost Per Mega Byte Bandwidth Use field in the Console > Reports > Summarizer screen. the % of MBytes field will display 10%. click Search. or click More Options for report display settings. To change the date of the report and other settings.

a pie chart. 6.” – Cost ($)—amount of the expense per 100 megabytes. The Top Users page displays.Viewing Bandwidth Reports 3. – % of MBytes—percentage of megabytes transferred by this user. the ViewPoint Reporting Module shows yesterday’s report. Expand the Bandwidth tree and click Top Users. The pie chart displays the percentage of bandwidth transferred by each user.0 Administrator’s Guide . – Connections—number of events or “hits. For example. if 1000 megabytes of data was transferred during the day and 200 megabytes was transferred by the top user. – MBytes—number of megabytes. or click More Options for report display settings. You can configure this in the Cost Per Mega Byte Bandwidth Use field in the Console > Reports > Summarizer screen. The table contains the following information: – Users—the IP address of the user. 142 SonicWALL ViewPoint 5. Firewall > Bandwidth > Top Users Figure 83 4. To change the date of the report and other settings. compared to all users. click the Start or End field to access the drop-down calendar. By default. and the ten top users. the % of MBytes field will display 20%. 5.

The ViewPoint Reporting Module displays the report for the selected day. When you are finished. use the Search Bar fields. john42. or Table Only – Chart Type: Area. 8. Select the global icon or a SonicWALL appliance.Viewing Bandwidth Reports 7. To display a limited number of users. To view the Bandwidth Over Time report.0 Administrator’s Guide 143 . Note The search bar fields use pattern matching with operators such as “contains”. Pie or Plot chart – Number of Users – Rows per Screen See “Managing Report Settings” on page 116. “john” will match john_smith. Note These settings will stay in effect for all similar reports during your active login session. perform the following steps: 1. click Search. or big_john. SonicWALL ViewPoint 5. 9. Viewing Bandwidth Usage Over Time The Bandwidth Over Time report displays the daily amount of traffic and the total daily expense for consumed network bandwidth handled by a SonicWALL appliance or a group of SonicWALL appliances for the specified time period. 2. Under Report Display Settings you can set: – Display Type: Chart and Table. Bar. For example. Click the Firewall tab.

For example. Expand the Bandwidth tree and click Over Time. – MBytes—number of megabytes transferred. 144 SonicWALL ViewPoint 5. compared to the time period.0 Administrator’s Guide . – % of MBytes—percentage of megabytes transferred during this day. The Over Time page displays.000 megabytes was transferred on one day. The bar graph displays the amount of bandwidth transferred during each day of the specified time period. To change the date of the report and other settings. 6. the % of MBytes field will display 25%. The table contains the following information: – Date—when the sample was taken. or click More Options for report display settings. Firewall > Bandwidth > Over Time Figure 84 4. You can configure this in the Cost Per Mega Byte Bandwidth Use field in the Console > Reports > Summarizer screen.000 megabytes of data was transferred during the time period and 25. 5. use the Search Bar and click the Start or End fields to access the drop-down calendar.Viewing Bandwidth Reports 3. if 100. – Cost ($)—amount of the expense per 100 megabytes. – Connections—number of hits.

perform the following steps: 1. The ViewPoint Reporting Module displays the report for the selected date range. Expand the Bandwidth tree and click Top Users Over Time. Bar or Plot chart See “Managing Report Settings” on page 116. To view the Top Users Over Time report. click Search.0 Administrator’s Guide 145 . Select a SonicWALL appliance. Under Report Display Settings you can set: – Display Type: Chart and Table. Viewing the Top Users of Bandwidth Over Time The Top Users Over Time report displays the users who used the most bandwidth and accumulated the highest cost during the specified date range. When you are finished. 8. The Top Users Over Time page displays. 3. Note These settings will stay in effect for all similar reports during your active login session. or Table Only – Chart Type: Area. Click the Firewall tab. SonicWALL ViewPoint 5. This report is available at the unit level. 2.Viewing Bandwidth Reports 7.

Under Report Display Settings you can set: – Display Type: Chart and Table. The pie chart displays the percentage of bandwidth transferred by each user.” – Cost—total amount of the expense per 100 megabytes. To change the date range of the report and other settings. click the Start or End field to access the drop-down calendar. – Connections—number of events or “hits. 6. – MBytes—number of megabytes. Pie or Plot chart – Number of Users – Rows per Screen 7. 5. or Table Only – Chart Type: Area. For example. the % of MBytes field will display 20%. Bar. if 1000 megabytes of data was transferred during this period and 200 megabytes was transferred by the top user.0 Administrator’s Guide . The table contains the following information: – Users—the IP address of the user. The ViewPoint Reporting Module shows yesterday’s report. compared to all users. or click More Options for report display settings. 146 SonicWALL ViewPoint 5.Viewing Bandwidth Reports Figure 85 Firewall > Bandwidth > Top Users Over Time 4. See “Managing Report Settings” on page 116. – % of MBytes—percentage of megabytes transferred by this user.

perform the following steps: SonicWALL ViewPoint 5. if there is a large spike of bandwidth usage. The procedures for viewing the Services Reports are described in the following section: • “Viewing the Services Summary Report” on page 147 Note You cannot view services reports from the global view. enter the user IDs in the Search Bar fields. or another service. 9. Viewing Services Reports Service reports provide information on the amount of data transmitted through the selected SonicWALL appliance by each service. Service reports are useful for revealing inappropriate usage of bandwidth and can help determine network policies. When you are finished.Viewing Services Reports 8. For example. an attempted Denial of Service (DoS) attack. john42. To view the Services Summary report. To display a limited group of users. you can determine whether this is caused by regular web access. Note All reports appear in the Firewall’s time zone.0 Administrator’s Guide 147 . someone using FTP to transfer large files. Note The search bar fields use pattern matching with operators such as “contains”. For example. Viewing the Services Summary Report The Services Summary report displays the amount of traffic handled by each service during each hour of the specified day. or big_john. click Search. Note These settings will stay in effect for all similar reports during your active login session. “john” will match john_smith. The ViewPoint Reporting Module displays the report for the selected users and date range.

or Table Only – Chart Type: Area. use the Search Bar and click the Start or End field to access the drop-down calendar. Firewall > Services > Summary Figure 86 4. the % of MBytes field will display 50%.0 Administrator’s Guide . Bar or Plot chart 7. compared to all other services. The table contains the following information: – Protocol—the service. or click More Options for report display settings. Expand the Services tree and click Summary. 3.Viewing Services Reports 1. The bar graph displays the amount of bandwidth used by each service during each hour of the day. – % of MBytes—percentage of megabytes transferred by this service on the selected day. – Events—number of events or “hits.000 megabytes of data was transferred during the day and 5. To change the date of the report and other settings. The Summary page displays.000 of the megabytes were transferred. Select a SonicWALL appliance. For example. 6.” – MBytes—Number of Megabytes. Click the Firewall tab. Under Report Display Settings you can set: – Display Type: Chart and Table. 148 SonicWALL ViewPoint 5. 2. if 10. 5.

Select from the following: • • • • • • • • • • • “Viewing the Web Usage Summary Report” on page 150 “Viewing the Top Web Sites” on page 151 “Viewing the Top Users of Web Bandwidth” on page 153 “Viewing Web Usage by User” on page 155 “Viewing Web Usage By Site” on page 156 “Viewing Web Usage By Category” on page 158 “Viewing Web Usage Over Time” on page 159 “Viewing Top Sites Over Time” on page 161 “Viewing Top Users Over Time” on page 163 “Viewing Web Usage By User Over Time” on page 165 “Viewing Web Usage By Category Over Time” on page 166 SonicWALL ViewPoint 5. Viewing Web Usage Reports Web usage reports provide information on the amount of web usage that occurs through the selected SonicWALL appliance(s). the browse time is also provided in one column of the table. day. The browse time is not displayed in reports for Category or Sites. or over a period of days. click Search. The ViewPoint Reporting Module displays the report for the selected date. Web usage reports can be used to view web bandwidth usage by the hour. The browse time is the amount of time consumed browsing the Internet through one or more selected SonicWALL appliances.Viewing Web Usage Reports See “Managing Report Settings” on page 116. For the Summary and Over Time reports. and for all reports involving Users. Note All reports appear in the Firewall’s time zone. 8. When you are finished. Additionally.0 Administrator’s Guide 149 . Note These settings will stay in effect for all similar reports during your active login session. you can view the top users of web bandwidth and view the most visited sites.

2. and seconds spent browsing non-job function-related sites on the Internet. Select the global icon or a SonicWALL appliance. minutes. To view the Web Usage Summary report.Viewing Web Usage Reports Viewing the Web Usage Summary Report The Web Usage Summary report contains information on the amount of HTTP bandwidth handled by a SonicWALL appliance or all SonicWALL appliances during each hour of the specified day.0 Administrator’s Guide . The bar graph displays the amount of HTTP bandwidth transferred during each hour of the day. – Events—number of events or “hits. The report includes information on the amount of time spend browsing the Internet behind a SonicWALL appliance or all SonicWALL appliances.” – Browse Time—number of hours. 3. 5. perform the following steps: 1. The table contains the following information: – Hour—when the sample was taken. Click the Firewall tab. The Summary page displays. Firewall > Web Usage > Summary Figure 87 4. Browse Time is calculated as follows: (Number Of Pages / Noise Reduction Factor) * Average Browse Time Per Page 150 SonicWALL ViewPoint 5. Expand the Web Usage tree and click Summary.

6. Select a SonicWALL appliance. but are not exposed in ViewPoint management interface. if 1000 megabytes of HTTP data was transferred during the day and 100 megabytes was transferred at the 12:00 time period. To change the date of the report and other settings. – % of MBytes—percentage of megabytes transferred during this hour. See “Managing Report Settings” on page 116. perform the following steps: 1.com). When you are finished. SonicWALL ViewPoint 5. Viewing the Top Web Sites The Top Sites report displays the web sites that used the most HTTP bandwidth on the specified date. Under Report Display Settings you can set: – Display Type: Chart and Table. use the Search Bar and click the Start or End field to access the drop-down calendar. 2. "Noise Reduction Factor" is the average noise we want to exclude per page (like eliminating pop-up links. or Table Only – Chart Type: Area. Noise Reduction Factor and Average Browse Time Per page are configurable in the database directly. "Average Browse Time Per Page" is the time allocated to read a page. The ViewPoint Reporting Module displays the report for the selected date. and more). click Search.sonicwall. or click More Options for report display settings. images. Click the Firewall tab. 8. To view the Top Sites report. compared to the day.0 Administrator’s Guide 151 . For example. The factory default is 40. – MBytes—number of megabytes transferred.Viewing Web Usage Reports "Number Of Pages" is the number of hits (responses by the web site to build the page) when a User accesses a web page (www. the % of MBytes field will display 10%. Bar or Plot chart 7.

the % of MBytes field will display 50% and you have a problem. For example. The pie chart displays the percentage of bandwidth used to access the top sites. The Top Sites page displays. 6. or click More Options for report display settings. use the Search Bar and click the Start or End field to access the drop-down calendar. – Hits—number of hits. Expand the Web Usage tree and click Top Sites.000 megabytes was transferred between the appliance and Ebay. 5. – MBytes—number of megabytes transferred. To change the date of the report and other settings. if 10. – Category—the web site category. The table contains the following information: – Site—URL or IP address of the site. – % of MBytes—percentage of megabytes transferred between this site.0 Administrator’s Guide .Viewing Web Usage Reports 3.000 megabytes of data was transferred during the day and 5. Firewall> Web Usage > Top Sites Figure 88 4. 152 SonicWALL ViewPoint 5. compared to all other HTTP traffic.

Pie or Plot chart – Number of Sites – Rows per Screen See “Managing Report Settings” on page 116. Expand the Web Usage tree and click Top Users. or Table Only – Chart Type: Area. 8. Note These settings will stay in effect for all similar reports during your active login session. When you are finished. Select a SonicWALL appliance. To view the Top Users report. Bar. Firewall > Web Usage > Top Users Figure 89 SonicWALL ViewPoint 5. Click the Firewall tab. The Top Users page displays.0 Administrator’s Guide 153 . 3. perform the following steps: 1. Under Report Display Settings you can set: – Display Type: Chart and Table.Viewing Web Usage Reports 7. 2. Viewing the Top Users of Web Bandwidth The Top Users report displays the users who used the most HTTP bandwidth and the amount of time they spent browsing the Internet on the specified date. The ViewPoint Reporting Module displays the report for the selected date. click Search.

The table contains the following information: – Users—the IP address of the user. – % of MBytes—percentage of megabytes transferred by this user. Note These settings will stay in effect for all similar reports during your active login session. – Hits—number of hits. When you are finished. Bar. or click More Options for report display settings. if 1000 megabytes of data was transferred during the day and 200 megabytes was transferred by the top user. The ViewPoint Reporting Module displays the report for the selected day. For example.Viewing Web Usage Reports 4. Note The search bar fields use pattern matching with operators such as “contains”. The ViewPoint Reporting Module shows yesterday’s report. To display a limited group of users. See “Managing Report Settings” on page 116. and seconds spent browsing non-job function-related sites on the Internet. – MBytes—number of megabytes transferred. Under Report Display Settings you can set: – Display Type: Chart and Table. The pie chart displays the percentage of bandwidth transferred by each of the top users. – Browse Time—number of hours.0 Administrator’s Guide . john42. compared to all users. 9. the % of MBytes field will display 20%. “john” will match john_smith. minutes. For example. click Search. To change the date of the report and other settings. use the Search Bar and click the Start or End field to access the drop-down calendar. 8. 5. Pie or Plot chart – Number of Users – Rows per Screen 7. or Table Only – Chart Type: Area. 6. or big_john. enter the user IDs in the Search Bar fields. 154 SonicWALL ViewPoint 5.

their top sites. SonicWALL ViewPoint 5. 2. Select a SonicWALL appliance. – Browse Time—number of hours. The table contains the following information: – User—the IP address of the user. 3. The ViewPoint Reporting Module shows yesterday’s report. the time spent browsing. Click the Plus sign to the left of the User name or IP address to show details. and seconds spent browsing non-job function-related sites on the Internet. To change the date of the report and other settings. perform the following steps: 1. The By User page displays. Firewall> Web Usage > By User Figure 90 4. To view the By User report.0 Administrator’s Guide 155 . and then hover the mouse over a site. Click the Firewall tab. A sticky tooltip will display with a link to the corresponding site’s report page. – Hits—the number of hits to each web site visited by the user. 6. and the amount of data transferred. Expand the Web Usage tree and click By User. – MBytes—the number of megabytes transferred. You can navigate directly from the Web Usage > By User page to a Web Usage > By Site page detailing the information of the site the user has been browsing. 5.Viewing Web Usage Reports Viewing Web Usage by User The By User report displays a list of all users. use the Search Bar and click the Start or End field to access the drop-down calendar. or click More Options for report display settings. minutes. the number of hits to each site.

“john” will match john_smith. john42. Under Report Display Settings you can set: – Number of Users – Number of Sites per User – Rows per Screen See “Managing Report Settings” on page 116. the number of hits to each site. click Search. For example.Viewing Web Usage Reports 7.0 Administrator’s Guide . 9. 2. or big_john. Viewing Web Usage By Site The By Site report displays a list of all sites. Select a SonicWALL appliance. 8. Note The search bar fields use pattern matching with operators such as “contains”. Click the Firewall tab. Note These settings will stay in effect for all similar reports during your active login session. 156 SonicWALL ViewPoint 5. To view the By Site report. The ViewPoint Reporting Module displays the report for the selected day. enter the user IDs in the Search Bar fields. When you are finished. the users that accessed the sites. perform the following steps: 1. To display a limited group of users. and the amount of data transferred.

To display a limited group of sites. See “Managing Report Settings” on page 116. “john” will match john_smith. Under Report Chart Types you can set: – Number of Sites – Number of Users per Site – Rows per Screen 6. The By Site page displays. Firewall > Web Usage > By Site Figure 91 4. 7. A sticky tooltip will display with a link to the corresponding user report page. john42. and then hover the mouse over a user. SonicWALL ViewPoint 5.0 Administrator’s Guide 157 . by the user. The ViewPoint Reporting Module shows yesterday’s report and all web sites. The table contains the following information: – Site—the URL of the site. enter the sites in the Search Bar fields. – Hits—the number of hits to the web site. Expand the Web Usage tree and click By Site. 8.Viewing Web Usage Reports 3. or big_john. 5. To change the date of the report or web sites displayed. Note The search bar fields use pattern matching with operators such as “contains”. For example. – Category—the category of the site. Click the Plus sign to the left of the Site to show details. or click More Options for report display settings. – MBytes—the number of megabytes transferred. You can navigate directly from the Web Usage > By Site page to a Web Usage > By User page detailing the information of the users who have been browsing the site. use the Search Bar and click the Start or End field to access the drop-down calendar. by user.

the amount of data transferred. Viewing Web Usage By Category The Web Usage By Category report displays a list of the top Web site categories.0 Administrator’s Guide . Select a SonicWALL appliance. Expand the Web Usage tree and click By Category. and the percentage of data transferred. 3. To view the By Category report. Firewall > Web Usage > By Category Figure 92 4. The ViewPoint Reporting Module displays the report for the selected day. 2. Note These settings will stay in effect for all similar reports during your active login session. the number of hits to each category. The table contains the following information: – Category—the web site category.Viewing Web Usage Reports 9. perform the following steps: 1. – Hits—the number of hits to the Web site category. Click the Firewall tab. When you are finished. The By Category page displays. click Search. 158 SonicWALL ViewPoint 5.

Pie or Plot chart – Number of Items – Entries per Item – Rows per Screen 6. When you are finished. 2. use the Search Bar and click the Start or End field to access the drop-down calendar. SonicWALL ViewPoint 5.0 Administrator’s Guide 159 . – % of MBytes—the percentage of megabytes transferred. 7. or Table Only – Chart Type: Area. click Search. 5. or click More Options for report display settings. The ViewPoint Reporting Module displays the report for the selected day. The ViewPoint Reporting Module shows yesterday’s report and all web site categories. perform the following steps: 1. Bar. Select the global icon or a SonicWALL appliance. To view the Web Usage Over Time report. See “Managing Report Settings” on page 116. Note These settings will stay in effect for all similar reports during your active login session. Viewing Web Usage Over Time The Web Usage Over Time report displays the daily amount of HTTP bandwidth and browse time handled by a SonicWALL appliance or all SonicWALL appliances for the specified time period. Click the Firewall tab. Under Report Display Settings you can set: – Display Type: Chart and Table. To change the date of the report or web site categories displayed.Viewing Web Usage Reports – MBytes—the number of megabytes transferred.

0 Administrator’s Guide . minutes. compared to the time period. To change the date range of the report. Expand the Web Usage tree and click Over Time. use the Search Bar and click the Start or End field to access the drop-down calendar. The bar graph displays the amount of HTTP bandwidth transferred during each day of the specified time period. The Web Activity page displays.Viewing Web Usage Reports 3. For example. – Connections—the number of connections or hits. and seconds spent browsing non-job function-related sites on the Internet. The table contains the following information: – Date—when the sample was taken. or click More Options for report display settings. 160 SonicWALL ViewPoint 5. if 100. – MBytes—the number of megabytes transferred.000 megabytes of data was transferred during the time period and 25.000 megabytes was transferred on one day. – % of MBytes—the percentage of megabytes transferred during this day. the % of MBytes field will display 25%. 5. 6. Firewall > Web Usage > Over Time Figure 93 4. – Browse Time—number of hours.

To view the Top Sites Over Time report. The ViewPoint Reporting Module displays the report for the selected date range. Bar or Plot chart See “Managing Report Settings” on page 116. SonicWALL ViewPoint 5. Click the Firewall tab. 8. click Search.Viewing Web Usage Reports 7. or Table Only – Chart Type: Area.0 Administrator’s Guide 161 . 2. Note These settings will stay in effect for all similar reports during your active login session. Under Report Display Settings you can set: – Display Type: Chart and Table. perform the following steps: 1. Viewing Top Sites Over Time The Top Sites Over Time report displays the most visited web sites for the specified time period. When you are finished. Select a SonicWALL appliance.

162 SonicWALL ViewPoint 5. – % of MBytes—the percentage of megabytes transferred between this site.000. The bar graph displays the amount of HTTP bandwidth transferred during each day of the specified time period. The Top Sites Over Time page displays.000 megabytes of data was transferred during the day and 500. if 1. 5. the % of MBytes field will display 50% and you have a problem. For example.Viewing Web Usage Reports 3. To change the date range of the report. compared to all other HTTP traffic. or click More Options for report display settings.0 Administrator’s Guide . Firewall > Web Usage > Top Sites Over Time Figure 94 4. – MBytes—the number of megabytes transferred. use the Search Bar and click the Start or End field to access the drop-down calendar. 6. – Category—the website category. – Hits—the number of hits. The table contains the following information: – Site—URL or IP address of the site.000 megabytes was transferred between the appliance and Ebay. Expand the Web Usage tree and click Top Sites Over Time.

0 Administrator’s Guide 163 . Bar. Click the Firewall tab. click Search. 8. 2. Pie or Plot chart – Number of Sites – Rows per Screen See “Managing Report Settings” on page 116. The ViewPoint Reporting Module displays the report for the selected date range. Note These settings will stay in effect for all similar reports during your active login session. Viewing Top Users Over Time The Top Users Over Time report displays the top users of bandwidth and the amount of time they spent browsing the Internet for the specified time period. SonicWALL ViewPoint 5.Viewing Web Usage Reports 7. perform the following steps: 1. Select a SonicWALL appliance. Under Report Display Settings you can set: – Display Type: Chart and Table. When you are finished. or Table Only – Chart Type: Area. To view the Top Users Over Time report.

For example. – MBytes—number of megabytes transferred. – Browse Time—number of hours. the % of MBytes field will display 20%. and seconds spent browsing non-job function-related sites on the Internet. The table contains the following information: – Site—URL or IP address of the site. – Category—the category of the site. 6. use the Search Bar and click the Start or End field to access the drop-down calendar. minutes. compared to all users. The Top Users Over Time page displays. 164 SonicWALL ViewPoint 5. if 1000 megabytes of data was transferred during the period and 200 megabytes was transferred by the top user.0 Administrator’s Guide . – % of MBytes—percentage of megabytes transferred by this user. To change the date range of the report. The graph provides a graphical display of the percentage of bandwidth transferred by each of the top users over the specified time period. 5. – Hits—number of hits. or click More Options for report display settings. Firewall > Web Usage > Top Users Over Time Figure 95 4.Viewing Web Usage Reports 3. Expand the Web Usage tree and click Top Users Over Time.

Select a SonicWALL appliance. Pie or Plot chart – Number of Users – Rows per Screen See “Managing Report Settings” on page 116. the time spent browsing. 8. click Search. Under Report Display Settings you can set: – Display Type: Chart and Table.Viewing Web Usage Reports 7. To view the By User Over Time report. The ViewPoint Reporting Module displays the report for the selected date range. or Table Only – Chart Type: Area. When you are finished. Expand the Web Usage tree and click By User Over Time. Bar. Viewing Web Usage By User Over Time The By User Over Time report displays a list of all users. their top sites. the number of hits to each site. 3. perform the following steps: 1. The By User Over Time page displays. 2. Click the Firewall tab. Note These settings will stay in effect for all similar reports during your active login session. and the amount of data transferred for the specified time period. Firewall > Web Usage > By User Over Time Figure 96 SonicWALL ViewPoint 5.0 Administrator’s Guide 165 .

– Hits—number of hits to each web site visited by the user. Select a SonicWALL appliance.Viewing Web Usage Reports 4. 7. The table contains the following information: – User—the IP address of the user. 5.0 Administrator’s Guide . use the Search Bar and click the Start or End field to access the drop-down calendar. 2. When you are finished. the number of hits to each site. See “Managing Report Settings” on page 116. The ViewPoint Reporting Module displays the report for the selected date range. and seconds spent browsing non-job function-related sites on the Internet. Viewing Web Usage By Category Over Time The By Category Over Time report displays a list of all users. Under Report Display Settings you can set: – Number of Users – Number of Sites per User – Rows per Screen 6. 166 SonicWALL ViewPoint 5. perform the following steps: 1. Click the Firewall tab. – MBytes—number of megabytes transferred. To change the date range of the report. – Browse Time—number of hours. and the amount of data transferred for the specified time period. Note These settings will stay in effect for all similar reports during your active login session. click Search. To view the By Category Over Time report. their top sites. or click More Options for report display settings. minutes.

Viewing Web Usage Reports

3.

Expand the Web Usage tree and click By Category Over Time. The By User Over Time page displays.
Firewall > Web Usage > By Category Over Time

Figure 97

4.

The table contains the following information:
– Category—the website category. – Hits—number of hits to each web site visited by the user. – MBytes—number of megabytes transferred. – % of MBytes—percentage of megabytes transferred by this user, compared to

all users. For example, if 1000 megabytes of data was transferred during the period and 200 megabytes was transferred by the top user, the % of MBytes field will display 20%.
5.

To change the date range of the report, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
– Display Type: Chart and Table, or Table Only – Chart Type: Area, Bar, Pie or Plot chart – Number of Items – Entries per Item – Rows per Screen

6.

See “Managing Report Settings” on page 116.
SonicWALL ViewPoint 5.0 Administrator’s Guide

167

Viewing Web Filter Reports

7.

When you are finished, click Search. The ViewPoint Reporting Module displays the report for the selected date range.

Note

These settings will stay in effect for all similar reports during your active login session.

Viewing Web Filter Reports
Web filter reports provide information on the number of attempts that users made to access blocked web sites through the selected SonicWALL appliance(s). These reports include web sites blocked by the Content Filter List, customized keyword filtering, and domain name filtering. Web filter reports can be used to view blocked site access attempts by the hour, day, or over a period of days. Additionally, you can view the users that most frequently attempt to access blocked sites and the most popular blocked sites.

Note

All reports appear in the Firewall’s time zone.

Select from the following:
• • • • • • • • • • •

“Viewing the Web Filter Summary Report” on page 169 “Viewing the Web Filter Top Sites Report” on page 170 “Viewing the Top Users that Try to Access Blocked Sites” on page 172 “Viewing the Blocked Sites for Each User” on page 173 “Viewing Blocked Sites Sorted By Site” on page 174 “Viewing Blocked Sites Sorted By Category” on page 176 “Viewing Blocked Site Attempts Over Time” on page 177 “Viewing the Top Blocked Site Attempts Over Time” on page 178 “Viewing the Top Blocked Site Users Over Time” on page 180 “Viewing Blocked Sites for Each User Over Time” on page 181 “Viewing Blocked Sites By Category Over Time” on page 182

168

SonicWALL ViewPoint 5.0 Administrator’s Guide

Viewing Web Filter Reports

Viewing the Web Filter Summary Report
The Web Filter Summary report contains information on the number of times users attempt to access blocked sites for the specified day. To view the Web Filter Summary report, perform the following steps:
1. 2. 3.

Click the Firewall tab. Select the global icon or a SonicWALL appliance. Expand the Web Filter tree and click Summary. The Summary page displays.
Firewall > Web Filter > Summary

Figure 98

4.

The bar graph displays the number of blocked sites that users attempted to access during each hour of the day.

SonicWALL ViewPoint 5.0 Administrator’s Guide

169

Viewing Web Filter Reports

5.

The table contains the following information:
– Hour—time when the sample was taken. – Attempts—the number of attempts to access blocked sites. – % of Attempts—the percentage of attempts during this hour, compared to the

day. For example, if 100 attempts occurred during the day and 20 attempts occurred at the 12:00 time period, the % of Attempts field will display 20%.
6. 7.

To change the date of the report, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
– Display Type: Chart and Table, or Table Only – Chart Type: Area, Bar or Plot chart

See “Managing Report Settings” on page 116.
8.

When you are finished, click Search. The ViewPoint Reporting Module displays the report for the selected date.

Viewing the Web Filter Top Sites Report
The Web Filter Top Sites report displays the top blocked web sites that users attempted to access on the specified date. To view the Top Sites report, perform the following steps:
1. 2.

Click the Firewall tab. Select a SonicWALL appliance.

170

SonicWALL ViewPoint 5.0 Administrator’s Guide

Viewing Web Filter Reports

3.

Expand the Web Filter tree and click Top Sites. The Top Sites page displays.
Firewall > Web Filter > Top Sites

Figure 99

4. 5.

The graph provides a display of the number of access attempts for each of the top twenty blocked web sites. The table contains the following information:
– Site—the URL or IP address of the site. – Attempts—the number of attempts. – Category—the web site category. – % of Attempts—percentage of attempts to access the blocked site, compared

to all other blocked site attempts. For example, if 500 attempts were made during the day and 100 of those attempts were for www.badsite.com, its % of Attempts field will display 20%.
6. 7.

To change the date of the report, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
– Display Type: Chart and Table, or Table Only – Chart Type: Area, Bar, Pie or Plot chart – Number of Sites – Rows per Screen

See “Managing Report Settings” on page 116.
8.

When you are finished, click Search. The ViewPoint Reporting Module displays the report for the selected date.

SonicWALL ViewPoint 5.0 Administrator’s Guide

171

Click the Firewall tab.Viewing Web Filter Reports Viewing the Top Users that Try to Access Blocked Sites The Web Filter Top Users report displays the users who made the most attempts to access blocked sites on the specified date. – Category—the web site category. Select a SonicWALL appliance. if 500 attempts were made during the day and 250 of those attempts were made by a single user. – Attempts—the number of attempts. By default. Firewall > Web Filter > Top Users Figure 100 4.0 Administrator’s Guide . use the Search Bar and click the Start or End field to access the drop-down calendar. or click More Options for report display settings. 6. 172 SonicWALL ViewPoint 5. The Top Users page displays. The table contains the following information: – Users—the IP address of the user. The pie chart displays the top users with the most blocked site attempts. compared to all other user attempts. To view the Top Users report. a pie chart. ViewPoint Reporting shows yesterday’s report. perform the following steps: 1. – % of Attempts—percentage of attempts to access the blocked site. that user’s % of Attempts field will display 50%. 5. For example. and the ten top users. 3. To change these settings. 2. Expand the Web Filter tree and click Top Users.

The ViewPoint Reporting Module displays the report for the selected date range. – Attempts—the number of attempts the user made to access each web site. Expand the Web Filter tree and click By User.0 Administrator’s Guide 173 . The table contains the following information: – User—the IP address of the user. Bar. To view the Web Filter By User report. Viewing the Blocked Sites for Each User The Web Filter By User report displays the top blocked web sites that each user attempted to access on the specified date. 2. The By User page displays. 3.Viewing Web Filter Reports 7. SonicWALL ViewPoint 5. These settings will stay in effect for all similar reports during your active login session. Select a SonicWALL appliance. 8. Firewall > Web Filter > By User Figure 101 4. click Search. Under Report Display Settings you can set: – Display Type: Chart and Table or Table Only – Chart Type: Area. 9. – Site—the top five sites visited by the user. Pie or Plot chart – Number of Users – Rows per Screen See “Managing Report Settings” on page 116. perform the following steps: 1. Click the Firewall tab. When you are finished.

You can navigate directly from the Web Filter > By User page to a Web Filter > By Site page detailing the information of the site the user has been browsing. Viewing Blocked Sites Sorted By Site The Web Filter By Site report displays the top blocked web sites that were accessed by users. 9. The ViewPoint Reporting Module displays the report for the selected settings. To change these settings. Click the Firewall tab. and the ten top users. perform the following steps: 1.Viewing Web Filter Reports 5. a pie chart. or click More Options for report display settings. Under Report Display Settings you can set: – Number of Users – Number of Sites per User – Rows per Screen 6. A sticky tooltip will display with a link to the corresponding site’s report page. 174 SonicWALL ViewPoint 5. and then hover the mouse over a site. click Search. By default. To view the Web Filter By Site report. Select a SonicWALL appliance. When you are finished. These settings will stay in effect for all similar reports during your active login session. 2. Click the Plus sign to the left of the User name or IP address to show details. 7. 8. use the Search Bar and click the Start or End field to access the drop-down calendar.0 Administrator’s Guide . See “Managing Report Settings” on page 116. the ViewPoint Reporting Module shows yesterday’s report.

Under Report Display Number of Users per Site: – Rows per Screen 6. use the Search Bar and click the Start or End field to access the drop-down calendar. – Category—the web site category. and the ten top users. By default. To change these settings. 8. the ViewPoint Reporting Module shows yesterday’s report. See “Managing Report Settings” on page 116. a pie chart. Firewall > Web Filter > By Site Figure 102 4. SonicWALL ViewPoint 5. The By Site page displays. The table contains the following information: – Site—the top five sites visited by the user. Search for web site addresses in the Search Bar fields. 5. 7. or click More Options for report display settings.0 Administrator’s Guide 175 . You can navigate directly from the Web Filter > By Site page to a Web Filter > By User page detailing the information of the users who have been browsing the site. When you are finished. Expand the Web Filter tree and click By Site. A sticky tooltip will display with a link to the corresponding user report page. Click the Plus sign to the left of the Site to show details. The ViewPoint Reporting Module displays the report for the selected date. click Search. and then hover the mouse over a user. – Attempts—the number of attempts the user made to access each web site. 9.Viewing Web Filter Reports 3.

use the Search Bar and click the Start or End field to access the drop-down calendar. and the ten top users. Under Report Display Settings you can set: – Display Type: Chart and Table. Firewall > Web Filter > By Category Figure 103 4. the ViewPoint Reporting Module shows yesterday’s report. or click More Options for report display settings.Viewing Web Filter Reports Viewing Blocked Sites Sorted By Category The Web Filter By Category report displays the top categories of web sites that were accessed by users. if 500 attempts were made during the day and 250 of those attempts were made by a single user. perform the following steps: 1. To view the Web Filter By Category report. Pie or Plot chart 6. 2. Click the Firewall tab. – % of Attempts—the percentage of attempts to access the blocked site. Bar. a pie chart. 3. compared to all other user attempts. Select a SonicWALL appliance. To change these settings. The table contains the following information: – Category—the web site category. For example. Expand the Web Filter tree and click By Category.0 Administrator’s Guide . – Attempts—the number of attempts the user made to access each web site. 176 SonicWALL ViewPoint 5. or Table Only – Chart Type: Area. The By Site page displays. By default. 5. his % of Attempts field will display 50%.

Click the Firewall tab.Viewing Web Filter Reports – Number of Items – Entries per Item – Rows per Screen See “Managing Report Settings” on page 116. Firewall > Web Filter > Over Time Figure 104 4. 2. The Over Time page displays. When you are finished. click Search. The ViewPoint Reporting Module displays the report for the selected date range. perform the following steps: 1. To view the Web Filter Over Time report.0 Administrator’s Guide 177 . Select the global icon or a SonicWALL appliance. SonicWALL ViewPoint 5. Viewing Blocked Site Attempts Over Time The Web Filter Over Time report displays the number of attempts that were made to access blocked web sites for the specified time period. 7. Expand the Web Filter tree and click Over Time. 3. The bar graph displays the number of attempts that were made to access blocked web sites during each day of the specified time period.

compared to the time period. or click More Options for report display settings. 6. For example. or Table Only – Chart Type: Area. Select a SonicWALL appliance. The ViewPoint Reporting Module displays the report for the selected date range.000 attempts were made during the time period and 500 were made on one day. perform the following steps: 1. 178 SonicWALL ViewPoint 5. Under Report Display Settings you can set: – Display Type: Chart and Table. if 5. 2.0 Administrator’s Guide . Viewing the Top Blocked Site Attempts Over Time The Top Sites Over Time report displays the top blocked web sites for the specified time period. To change date range of the report. – % of Attempts—the percentage of attempts to access the blocked site on the day. The table contains the following information: – Date—the day when the sample was taken. Note These settings will stay in effect for all similar reports during your active login session. click Search. 8. use the Search Bar and click the Start or End field to access the drop-down calendar. Bar or Plot chart 7. – Attempts—the number of attempts to access blocked web sites. To view the Web Filter Over Time report. When you are finished.Viewing Web Filter Reports 5. Click the Firewall tab. its % of Attempts field will display 10%. See “Managing Report Settings” on page 116.

8. Bar. 6. Firewall > Web Filter > Top Sites Over Time Figure 105 4.com. or click More Options for report display settings.Viewing Web Filter Reports 3. compared to all other blocked site attempts. See “Managing Report Settings” on page 116. or Table Only – Chart Type: Area. The ViewPoint Reporting Module displays the report for the selected date range. if 500 attempts were made during the period and 100 of those attempts were for www. Pie or Plot chart – Number of Sites – Rows per Screen 7. – Attempts—the number of attempts. To change date range of the report. Expand the Web Filter tree and click Top Sites Over Time. its % of Attempts field will display 20%. click Search. SonicWALL ViewPoint 5. The Top Sites Over Time page displays. 5. Under Report Display Settings you can set: – Display Type: Chart and Table. The table contains the following information: – Site—the URL or IP address of the site. use the Search Bar and click the Start or End field to access the drop-down calendar.badsite. – Category—the web site category. The graph displays the number of access attempts for each of the top blocked web sites during the specified time period. – % of Attempts—the percentage of attempts to access the blocked site. For example. When you are finished.0 Administrator’s Guide 179 .

6. Select a SonicWALL appliance. To change date range of the report. – Attempts—the number of attempts.0 Administrator’s Guide . To view the Top Users Over Time report. For example. Click the Firewall tab. 180 SonicWALL ViewPoint 5. 5. use the Search Bar and click the Start or End field to access the drop-down calendar. – Category—the web site category. Expand the Web Filter tree and click Top Users Over Time. Firewall > Web Filter > Top Users Over Time Figure 106 4. The table contains the following information: – Users—the IP address of the user. 2. his % of Attempts field will display 50%. if 500 attempts were made during the period and 250 of those attempts were made by a single user. perform the following steps: 1. The Top Users Over Time page displays. The pie chart displays the top users with the most blocked site attempts. or click More Options for display settings.Viewing Web Filter Reports Viewing the Top Blocked Site Users Over Time The Web Filter Top Users Over Time report displays the users who made the most attempts to access blocked sites during the specified time period. – % of Attempts—the percentage of attempts to access the blocked site. compared to all other user attempts. 3.

5. Bar. or Table Only – Chart Type: Area. or click More Options for report display settings. Firewall > Web Filter > By Users Over Time Figure 107 4. The table contains the following information: – User—the IP address or name of the user. – Attempts—the number of attempts the user made to access each web site. click Search. When you are finished. use the Search Bar and click the Start or End field to access the drop-down calendar. To change date range of the report. Select a SonicWALL appliance. To view the By User Over Time report. 8. The ViewPoint Reporting Module displays the report for the selected date range. perform the following steps: 1. Expand the Web Filter tree and click By User Over Time. The By User Over Time page displays. 2. Under Report Display Settings you can set: – Display Type: Chart and Table.0 Administrator’s Guide 181 . 3.Viewing Web Filter Reports 7. Viewing Blocked Sites for Each User Over Time The Web Filter By User report displays the top blocked web sites that each user attempted to access during the specified time period. Click the Firewall tab. Pie or Plot chart – Number of Sites – Rows per Screen See “Managing Report Settings” on page 116. SonicWALL ViewPoint 5.

or Table Only – Chart Type: Area. Viewing Blocked Sites By Category Over Time The Web Filter By Category Over Time report displays the top categories that users attempted to access. Note These settings will stay in effect for all similar reports during your active login session. 7. To view the By Category Over Time report. When you are finished. Pie or Plot chart – Number of Users – Rows per Screen See “Managing Report Settings” on page 116.Viewing Web Filter Reports 6. Select a SonicWALL appliance. click Search.0 Administrator’s Guide . 2. Firewall > Web Filter > By Category Over Time Figure 108 182 SonicWALL ViewPoint 5. Under Report Display Settings you can set: – Display Type: Chart and Table. The By Category Over Time page displays. 3. Click the Firewall tab. The ViewPoint Reporting Module displays the report for the selected date range. perform the following steps: 1. Expand the Web Filter tree and click By Category Over Time. Bar.

his % of Attempts field will display 50%. you might need to upgrade network equipment. General bandwidth reports do not always provide a complete picture of network bandwidth usage. – Attempts—number of attempts the user made to access each web site. To change date range of the report. if 500 attempts were made during the period and 250 of those attempts were made by a single user. you might need more bandwidth. Additionally. FTP usage reports can be used to view FTP bandwidth usage by the hour. 5. day. compared to all other user attempts. When you are finished. Viewing File Transfer Protocol Reports FTP usage reports provide information on the amount of FTP usage that occurs through the selected SonicWALL appliance(s). 7. See “Managing Report Settings” on page 116. Bar. If a large amount of FTP traffic occurs during peak times. or over a period of days. click Search. Pie or Plot chart – Number of Items – Entries per Item – Rows per Screen 6. The table contains the following information: – Category—the web site category. SonicWALL ViewPoint 5.Viewing File Transfer Protocol Reports 4. or Table Only – Chart Type: Area.0 Administrator’s Guide 183 . For example. use the Search Bar and click the Start or End field to access the drop-down calendar. or you might ask employees to use compression or transfer large files during non-peak times. you can view the top users of FTP bandwidth. – % of Attempts—the percentage of attempts to access the blocked site. Under Report Display Settings you can set: – Display Type: Chart and Table. Note All reports appear in the Firewall’s time zone. or click More Options for report display settings. The ViewPoint Reporting Module displays the report for the selected date range.

Select the global icon or a SonicWALL appliance.0 Administrator’s Guide . Expand the FTP Usage tree and click Summary. 3. The Summary page displays. perform the following steps: 1. Click the Firewall tab. To view the FTP Summary report.Viewing File Transfer Protocol Reports Select from the following: • • • • “Viewing the FTP Summary Report” on page 184 “Viewing the Top FTP Sites By User” on page 185 “Viewing FTP Bandwidth Usage Over Time” on page 187 “Viewing the Top Users of FTP Bandwidth Over Time” on page 189 Viewing the FTP Summary Report The FTP Summary report contains information on the amount of FTP bandwidth handled by a SonicWALL appliance or all SonicWALL appliances during the specified day. 184 SonicWALL ViewPoint 5. Firewall > FTP Usage > Summary Figure 109 4. 2. The bar graph displays the amount of FTP bandwidth transferred during each hour of the day.

perform the following steps: 1. The ViewPoint Reporting Module shows yesterday’s report. Pie or Plot chart 7. Under Report Display Settings you can set: – Display Type: Chart and Table. To view the By User report.0 Administrator’s Guide 185 . The table contains the following information: – Hour—when the sample was taken. SonicWALL ViewPoint 5. or click More Options for report display settings. When you are finished. Click the Firewall tab. compared to the day. To change the date or other report settings. Select a SonicWALL appliance. For example. if 1000 megabytes of FTP data was transferred during the day and 100 megabytes was transferred at the 12:00 time period. See “Managing Report Settings” on page 116.Viewing File Transfer Protocol Reports 5. click Search. The ViewPoint Reporting Module displays the report for the selected date. – MBytes—the number of megabytes transferred. 6. 2. – % of MBytes—the percentage of megabytes transferred during this hour. use the Search Bar and click the Start or End field to access the drop-down calendar. Viewing the Top FTP Sites By User The By User report displays the users who used the most FTP bandwidth on the specified date. 8. or Table Only – Chart Type: Area. Bar. – Events—the number of FTP events. the % of MBytes field will display 10%.

5. To change these settings. 186 SonicWALL ViewPoint 5.Viewing File Transfer Protocol Reports 3. – Events—the number of FTP Events. – % of MBytes—the percentage of megabytes transferred during this hour. compared to the day. The pie chart displays the percentage of bandwidth used by each user. and the ten top users. Firewall > FTP Usage > By User Figure 110 4. use the Search Bar and click the Start or End field to access the drop-down calendar. the ViewPoint Reporting Module shows yesterday’s report. or click More Options for report display settings. The table contains the following information: – Users—the IP address of the user. Expand the FTP Usage tree and click By User. the % of MBytes field will display 10%. a pie chart. 6. – MBytes—the number of megabytes transferred. For example. if 1000 megabytes of FTP data was transferred during the day and 100 megabytes was transferred at the 12:00 time period. By default.0 Administrator’s Guide . expand the user’s site tree (indicated by a ‘+’ sign). To view the sites visited by each user. The By User page displays.

SonicWALL ViewPoint 5.0 Administrator’s Guide 187 . Click the Firewall tab. Note The search bar fields use pattern matching with operators such as “contains”. Under Report Display Settings you can set: – Display Type: Chart and Table. Select the global icon or a SonicWALL appliance. 8. When you are finished. The ViewPoint Reporting Module displays the report for the selected date range. or big_john.Viewing File Transfer Protocol Reports 7. 9. Viewing FTP Bandwidth Usage Over Time The FTP Usage Over Time report displays the daily amount of FTP bandwidth handled by a SonicWALL appliance or all SonicWALL appliances for the specified time period. To view the FTP Usage Over Time report. perform the following steps: 1. click Search. To display a limited group of users. “john” will match john_smith. Pie or Plot chart – Number of Users – Number of Sites per User – Rows per Screen See “Managing Report Settings” on page 116. For example. 2. or Table Only – Chart Type: Area. Bar. use the Search Bar fields. john42.

5. When you are finished. Bar or Plot chart 7. Under Report Display Settings you can set: – Display Type: Chart and Table. For example. 8. Expand the FTP Usage tree and click Over Time. use the Search Bar and click the Start or End field to access the drop-down calendar. click Search. To change the date range of the report. compared to the time period. if 10.Viewing File Transfer Protocol Reports 3.0 Administrator’s Guide . Firewall > FTP Usage > Over Time Figure 111 4. The table contains the following information: – Date—when the sample was taken. or Table Only – Chart Type: Area. or click More Options for report display settings. – Connections—the number of FTP connections.000 megabytes of FTP data was transferred during the time period and 2. The bar graph displays the amount of FTP bandwidth transferred during each day of the specified time period. – % of Usage—the percentage of megabytes transferred during this day. 6.500 megabytes of FTP data was transferred on one day. 188 SonicWALL ViewPoint 5. the % of Usage field will display 25%. The FTP Activity page displays. – MBytes—the number of megabytes transferred. The ViewPoint Reporting Module displays the report for the selected date range. See “Managing Report Settings” on page 116.

To change the date range of the report. For example. 2. the % of MBytes field will display 20%. Click the Firewall tab. compared to all users. SonicWALL ViewPoint 5. The By Users Over Time page displays. – MBytes—the number of megabytes transferred. use the Search Bar and click the Start or End field to access the drop-down calendar. Firewall > FTP Usage > By Users Over Time Figure 112 4. – % of MBytes—the percentage of megabytes transferred by this user.Viewing File Transfer Protocol Reports Viewing the Top Users of FTP Bandwidth Over Time The By Users Over Time report displays the users who used the most FTP bandwidth for the specified time period. if 10000 megabytes of data was transferred during the period and 2000 megabytes was transferred by the top user. – Events—the number of FTP Events. 3. The table contains the following information: – Users—the IP address of the user. 5. Expand the FTP Usage tree and click By Users Over Time. Select a SonicWALL appliance. perform the following steps: 1. or click More Options for report display settings. To view the By Users Over Time report.0 Administrator’s Guide 189 .

7.0 Administrator’s Guide . Under Report Display Settings you can set: – Display Type: Chart and Table. When you are finished.Viewing Mail Usage Reports 6. 8. you might want to take some of the following actions: • • • • Add bandwidth Upgrade network equipment Ask employees to use compression or transfer large files during non-peak times Ask employees to place large files on an FTP site rather than sending them as mail attachments. day. The ViewPoint Reporting Module displays the report for the selected date range. or over a period of days. Note Mail usage reports include SMTP. “john” will match john_smith. Bar. or big_john. Viewing Mail Usage Reports Mail usage reports provide information on the amount of mail usage that occurs through the selected SonicWALL appliance(s). For example. or Table Only – Chart Type: Area. use the Search Bar fields. you can view the top users of mail bandwidth. POP3. If a large amount of mail traffic occurs during peak times. General bandwidth reports do not always provide a complete picture of network bandwidth usage. Note The search bar fields use pattern matching with operators such as “contains”. and IMAP traffic. To display a limited group of users. click Search. Pie or Plot chart – Number of Users – Number of Sites per User – Rows per Screen See “Managing Report Settings” on page 116. john42. Additionally. 190 SonicWALL ViewPoint 5. Mail usage reports can be used to view mail bandwidth usage by the hour.

see “Viewing the Top Users of Mail Bandwidth Over Time” on page 196. see “Viewing the Mail Usage Summary Report” on page 191. To view the users who consume the most mail bandwidth over time. To view mail usage over a period of time. Viewing the Mail Usage Summary Report The Mail Usage Summary report contains information on the amount of mail handled by a SonicWALL appliance or all SonicWALL appliances during the specified day. To view the users who consume the most mail bandwidth. To view the Mail Usage Summary report. 2. perform the following steps: 1. Select the global icon or a SonicWALL appliance. Click the Firewall tab. see “Viewing the Top Users of Mail Bandwidth” on page 193. Select from the following: • • • • To view a summary of the daily mail usage. SonicWALL ViewPoint 5.Viewing Mail Usage Reports Note All reports appear in the Firewall’s time zone. see “Viewing Mail Usage Over Time” on page 194.0 Administrator’s Guide 191 .

Firewall > Mail Usage > Summary Figure 113 4. When you are finished. The ViewPoint Reporting Module displays the report for the selected date. click Search. the % of MBytes field will display 10%. The ViewPoint Reporting Module shows yesterday’s report.Viewing Mail Usage Reports 3. – Events—the number of mail events. See “Managing Report Settings” on page 116. Expand the Mail Usage tree and click Summary. The bar graph displays the amount of mail sent and received during each hour of the day.000 megabytes of mail was transferred during the day and 1. Bar or Plot chart 7. 8. if 10. To change the date of the report or the report display settings. Under Report Display Settings you can set: – Display Type: Chart and Table. The table contains the following information: – Hour—when the sample was taken. 192 SonicWALL ViewPoint 5. – MBytes—the number of megabytes transferred. compared to the day.000 megabytes was transferred at the 12:00 time period. – % of MBytes—the percentage of megabytes transferred during this hour. or Table Only – Chart Type: Area. 5. For example.0 Administrator’s Guide . use the Search Bar and click the Start or End field to access the drop-down calendar. or click More Options for display settings. 6. The Summary page displays.

Viewing Mail Usage Reports Viewing the Top Users of Mail Bandwidth The Top Users report displays the users who sent and received the most mail on the specified date. 2. – % of MBytes—the percentage of megabytes transferred by this user. if 10000 megabytes of data was transferred during the day and 2000 megabytes was transferred by the top user. Expand the Mail Usage tree and click Top Users. SonicWALL ViewPoint 5. – MBytes—the number of megabytes transferred. The table contains the following information: – Users—the IP address of the user.0 Administrator’s Guide 193 . For example. Click the Firewall tab. compared to all users. 5. – Events—the number of mail messages sent and received. perform the following steps: 1. 3. the % of MBytes field will display 20%. Firewall > Mail Usage > Top Users Figure 114 4. The Top Users page displays. The pie chart displays the percentage of mail sent and received by the top mail users. To view the Top Users report. Select a SonicWALL appliance.

By default. Viewing Mail Usage Over Time The Mail Usage Over Time report displays the daily amount of mail handled by a SonicWALL appliance or all SonicWALL appliances for the specified time period. See “Managing Report Settings” on page 116. perform the following steps: 1. Pie or Plot chart – Number of Users – Rows per Screen 7. When you are finished. Bar.0 Administrator’s Guide . a pie chart. 8. the ViewPoint Reporting Module shows yesterday’s report.Viewing Mail Usage Reports 6. use the Search Bar and click the Start or End field to access the drop-down calendar. Under Report Display Settings you can set: – Display Type: Chart and Table. Click the Firewall tab. To view the Mail Usage Over Time report. Select the global icon or a SonicWALL appliance. and the ten top users. The ViewPoint Reporting Module displays the report for the selected date. To change the date of the report or the report display settings. click Search. 194 SonicWALL ViewPoint 5. or click More Options for report display settings. or Table Only – Chart Type: Area. 2.

6. The table contains the following information: – Date—when the sample was taken. the % of MBytes field will display 20%. use the Search Bar and click the Start or End field to access the drop-down calendar. Under Report Display Settings you can set: – Display Type: Chart and Table. click Search. The bar graph displays the amount of mail sent and received during each day of the specified time period. See “Managing Report Settings” on page 116. if 10000 megabytes of data was transferred during the day and 2000 megabytes was transferred by the top user. SonicWALL ViewPoint 5. 8.Viewing Mail Usage Reports 3. – % of MBytes—the percentage of megabytes transferred by this user. When you are finished. For example. or Table Only – Chart Type: Area. – Connections—the number of mail messages. The ViewPoint Reporting Module displays the report for the selected date range. – MBytes—the number of megabytes transferred. Expand the Mail Usage tree and click Over Time. To change the date range of the report.0 Administrator’s Guide 195 . Bar or Plot chart 7. 5. The Over Time page displays. Firewall > Mail Usage > Over Time Figure 115 4. compared to all users. or click More Options for report display settings.

2. compared to all users.Viewing Mail Usage Reports Viewing the Top Users of Mail Bandwidth Over Time The Top Users Over Time report displays the users who sent and received the most mail during the specified time period.0 Administrator’s Guide . 3. 196 SonicWALL ViewPoint 5. – Events—the number of mail messages sent and received. Firewall > Mail Usage > Top Users Over Time Figure 116 4. – % of MBytes—the percentage of megabytes transferred by this user. Expand the Mail Usage tree and click Top Users Over Time. Select a SonicWALL appliance. The Top Users Over Time page displays. the % of MBytes field will display 20%. To view the Top Users Over Time report. The pie chart displays the percentage of mail sent and received by the top mail users. perform the following steps: 1. Click the Firewall tab. The table contains the following information: – Users—the IP address of the user. if 10. For example. – MBytes—the number of megabytes transferred. 5.000 megabytes of data was transferred during the period and 2000 kilobytes was transferred by the top user.

The ViewPoint Reporting Module displays the report for the selected date range. When you are finished. Note All reports appear in the Firewall’s time zone.Viewing VPN Usage Reports 6. upgrade network equipment. or over a period of days. “john” will match john_smith. To display a limited group of users. Viewing VPN Usage Reports VPN Usage reports provide information on the amount of VPN usage that occurs through the selected SonicWALL appliance(s). you can view the top users of VPN. see “Viewing the VPN Usage Summary Report” on page 198. To change the date range of the report. 8. see “Viewing the Top VPN Users” on page 199. If a large amount of VPN traffic occurs. you might need to add bandwidth. For example. john42. or reconfigure the VPN network. see “Viewing VPN Usage Over Time” on page 201. The search bar fields use pattern matching with operators such as “contains”. To view the users who consume the most VPN bandwidth.0 Administrator’s Guide 197 . or big_john. To view VPN bandwidth usage over a period of time. day. see “Viewing VPN Usage Over Time” on page 201. Pie or Plot chart – Number of Users – Rows per Screen 7. SonicWALL ViewPoint 5. Additionally. Select from the following: • • • • To view a summary of the daily VPN bandwidth usage. To view the users who consume the most VPN bandwidth over time. Bar. click Search. 9. VPN Usage reports can be used to view VPN usage by the hour. Under Report Display Settings you can set: – Display Type: Chart and Table. or click More Options for report display settings. use the Search Bar fields. See “Managing Report Settings” on page 116. use the Search Bar and click the Start or End field to access the drop-down calendar. or Table Only – Chart Type: Area. General bandwidth reports do not always provide a complete picture of network bandwidth usage.

Select the global icon or a SonicWALL appliance. To view VPN services usage. Viewing the VPN Usage Summary Report The VPN Usage Summary report contains information on the number of VPN connections made through a SonicWALL appliance or all SonicWALL appliances during the specified day. To view VPN usage by policy over time.0 Administrator’s Guide . see “Viewing VPN Usage By Policy” on page 204. see “Viewing the Top VPN Users Over Time” on page 202. see “Viewing the VPN Services Summary Report” on page 208.Viewing VPN Usage Reports • • • • • To view the users who consume the most VPN bandwidth over time. Firewall > VPN Usage > Summary Figure 117 198 SonicWALL ViewPoint 5. To view the VPN Usage Summary report. see “Viewing Hourly VPN Usage By Policy” on page 207. To view hourly VPN usage by policy. Click the Firewall tab. 3. see “Viewing the Top VPN Policies Over Time” on page 205. 2. Expand the VPN Usage tree and click Summary. perform the following steps: 1. The Summary page displays. To view VPN usage by policy.

Bar or Plot chart 7. The table contains the following information: – Hour—when the sample was taken. 5. or click More Options for report display settings. Click the Firewall tab. Under Report Display Settings you can set: – Display Type: Chart and Table. – % of MBytes—the percentage of megabytes transferred by this user. 2.Viewing VPN Usage Reports 4. use the Search Bar and click the Start or End field to access the drop-down calendar. The bar graph displays the number of VPN connections made during each hour of the day.0 Administrator’s Guide 199 . 6. 8. perform the following steps: 1. – MBytes—the number of megabytes transferred. Viewing the Top VPN Users The Top Users report displays the users who made the most VPN connections on the specified date. See “Managing Report Settings” on page 116. click Search. if 10. compared to all users. Select a SonicWALL appliance. the % of MBytes field will display 20%. When you are finished.000 megabytes of data was transferred during the period and 2000 kilobytes was transferred by the top user. To view the Top Users report. The ViewPoint Reporting Module displays the report for the selected date range. SonicWALL ViewPoint 5. – Events—the number of mail events. To change the date range of the report. The ViewPoint Reporting Module shows yesterday’s report. For example. or Table Only – Chart Type: Area.

– % of MBytes—the percentage of megabytes transferred by this user. – MBytes—the number of megabytes transferred. – Connections—the number of VPN connections. or Table Only – Chart Type: Area. Firewall > VPN Usage > Top Users Figure 118 4. Bar. 6. or click More Options for report display settings.Viewing VPN Usage Reports 3. By default. compared to all users. and the ten top users. The table contains the following information: – Users—the IP address of the user. 200 SonicWALL ViewPoint 5. The pie chart displays the VPN connections for the top VPN users. use the Search Bar and click the Start or End field to access the drop-down calendar. the % of MBytes field will display 20%. Under Report Display Settings you can set: – Display Type: Chart and Table. Expand the VPN Usage tree and click Top Users. For example. if 10. the ViewPoint Reporting Module shows yesterday’s report. 5.000 megabytes of data was transferred during the period and 2000 kilobytes was transferred by the top user.0 Administrator’s Guide . Pie or Plot chart – Number of Users – Rows per Screen 7. To change the date of the report. a pie chart. The Top Users page displays.

These settings will stay in effect for all similar reports during your active login session.0 Administrator’s Guide 201 . 9. Viewing VPN Usage Over Time The VPN Usage Over Time report displays the daily number of VPN connections made through a SonicWALL appliance or all SonicWALL appliances during the specified time period. Select the global icon or a SonicWALL appliance. The bar graph displays the number of VPN connections made during each day of the specified time period. The ViewPoint Reporting Module displays the report for the selected date. SonicWALL ViewPoint 5. perform the following steps: 1. Click the Firewall tab. The Over Time page displays. 8. Firewall > VPN Usage > Over Time Figure 119 4. 2. Expand the VPN Usage tree and click Over Time. To view the VPN Usage Over Time report. 3. click Search. When you are finished.Viewing VPN Usage Reports See “Managing Report Settings” on page 116.

Viewing VPN Usage Reports 5. The ViewPoint Reporting Module displays the report for the selected date range. – MBytes—the number of megabytes transferred. 202 SonicWALL ViewPoint 5. To change the date range of the report. – Connections—the number of connections. See “Managing Report Settings” on page 116. use the Search Bar and click the Start or End field to access the drop-down calendar. – % of MBytes—the percentage of megabytes transferred by this user. 6. or Table Only – Chart Type: Area. Under Report Display Settings you can set: – Display Type: Chart and Table.000 megabytes of data was transferred during the period and 2000 kilobytes was transferred by the top user. if 10. 2. Bar or Plot chart 7. Select a SonicWALL appliance. The table contains the following information: – Date—when the sample was taken. click Search. For example.0 Administrator’s Guide . Viewing the Top VPN Users Over Time The Top Users report displays the users who made the most VPN connections for the specified time period. or click More Options for report display settings. compared to all users. Click the Firewall tab. the % of MBytes field will display 20%. To view the Top Users report. perform the following steps: 1. 8. When you are finished.

– Connections—the number of VPN connections. The pie chart displays the VPN connections for the top VPN users. compared to all users. the % of MBytes field will display 20%. or click More Options for report display settings.0 Administrator’s Guide 203 . if 10. Expand the VPN Usage tree and click Top Users Over Time. 5. – % of MBytes—the percentage of megabytes transferred by this user. 6. The Top Users Over Time page displays.Viewing VPN Usage Reports 3. use the Search Bar and click the Start or End field to access the drop-down calendar.000 megabytes of data was transferred during the period and 2000 kilobytes was transferred by the top user. – MBytes—the number of megabytes transferred. The table contains the following information: – Users—the IP address of the user. SonicWALL ViewPoint 5. Firewall > VPN Usage > Top Users Over Time Figure 120 4. For example. To change the date range of the report.

When you are finished. 3. perform the following steps: 1. or Table Only – Chart Type: Area. 8. Firewall > VPN Usage > By Policy Figure 121 4. Click the Firewall tab. The ViewPoint Reporting Module displays the report for the selected date range. 204 SonicWALL ViewPoint 5.Viewing VPN Usage Reports 7.0 Administrator’s Guide . Under Report Display Settings you can set: – Display Type: Chart and Table. Bar. Select a SonicWALL appliance. organized by policy. click Search. The pie chart displays the amount of data transferred for each policy. To view the VPN Usage By Policy report. Expand the VPN Usage tree and click By Policy. 2. The By Policy page displays. Pie or Plot chart – Number of Users – Rows per Screen See “Managing Report Settings” on page 116. Viewing VPN Usage By Policy The VPN Usage By Policy report contains information on VPN usage for a SonicWALL appliance.

Under Report Display Settings you can set: – Display Type: Chart and Table. click Search. Click the Firewall tab. To view the By Policy Over Time report. or click More Options for report display settings. 8. 2. The table contains the following information: – Policy—the name of the policy. Pie or Plot chart – Number of Items – Rows per Screen 7.000 megabytes was transferred and 2. The ViewPoint Reporting Module displays the report for the selected date. SonicWALL ViewPoint 5. – MBytes—the number of megabytes transferred. See “Managing Report Settings” on page 116. Select a SonicWALL appliance. compared to all other policies. – Events—the number of VPN events. if a total of 10. – % of MBytes—the percentage of megabytes transferred for this policy.0 Administrator’s Guide 205 . Bar. Viewing the Top VPN Policies Over Time The By Policy Over Time report displays the top VPN Policies for the specified time period. or Table Only – Chart Type: Area.500 megabytes was transferred for one policy. To change the date of the report. the % of Usage field will display 25%. use the Search Bar and click the Start or End field to access the drop-down calendar. perform the following steps: 1. The ViewPoint Reporting Module shows yesterday’s report. 6.Viewing VPN Usage Reports 5. When you are finished. For example.

206 SonicWALL ViewPoint 5. Firewall > VPN Usage > By Policy Over Time Figure 122 4. The pie chart displays the VPN connections for the top policies. – Events—the number of VPN events. – MBytes—the number of megabytes transferred. To change the date range of the report. The table contains the following information: – Policy—the name of the policy.000 megabytes was transferred for one policy. The By Policy Over Time page displays. – % of MBytes—the percentage of megabytes transferred for this policy.0 Administrator’s Guide .000 megabytes was transferred and 3.Viewing VPN Usage Reports 3. 6. Expand the VPN Usage tree and click By Policy Over Time. For example. or click More Options for report display settings. 5. compared to all other policies for the period. if a total of 100. use the Search Bar and click the Start or End field to access the drop-down calendar. the % of MBytes field will display 3%.

When you are finished. The table contains the following information: – Hour—the period of time. use the Search Bar and click the Start or End field to access the drop-down calendar. or Table Only – Chart Type: Area. Viewing Hourly VPN Usage By Policy The VPN Usage By Policy Hourly report contains information on hourly VPN usage for a SonicWALL appliance. The By Policy Hourly page displays. – MBytes—the number of megabytes transferred. Pie or Plot chart – Number of Items – Rows per Screen See “Managing Report Settings” on page 116.Viewing VPN Usage Reports 7. perform the following steps: 1.0 Administrator’s Guide 207 . Under Report Display Settings you can set: – Display Type: Chart and Table. The ViewPoint Reporting Module displays the report for the selected date range. organized by policy. click Search. To change the date range of the report. To view the VPN Usage By Policy Hourly report. – Events—the number of VPN events. or click More Options for report display settings. Firewall > VPN Usage > By Policy Hourly Figure 123 4. Select a SonicWALL appliance. 5. Expand the VPN Usage tree and click By Policy Hourly. Bar. 8. Click the Firewall tab. 3. SonicWALL ViewPoint 5. 2. The ViewPoint Reporting Module shows yesterday’s report.

Viewing the VPN Services Summary Report The Services Summary report displays the amount of traffic handled by each service during each hour of the specified day. Select a SonicWALL appliance. The By Service page displays. 7.0 Administrator’s Guide . Firewall > VPN Usage > By Service Figure 124 208 SonicWALL ViewPoint 5. To view the Services Summary report.Viewing VPN Usage Reports 6. click Search. When you are finished. Under Report Display Settings you can set: – Display Type: Chart and Table. Bar or Plot chart – Hour Begin – Hour End See “Managing Report Settings” on page 116. 3. Click the Firewall tab. or Table Only – Chart Type: Area. The ViewPoint Reporting Module displays the report for the selected date. perform the following steps: 1. 2. Expand the VPN Usage tree and click By Service.

When you are finished. – % of MBytes—the percentage of megabytes transferred by this service on the selected day. 5. For example. The ViewPoint Reporting Module shows yesterday’s report.Viewing Attacks Reports 4. See “Managing Report Settings” on page 116. 8.” – MBytes—the number of megabytes. To change the date of the report. – Events—the number of events or “hits. probes. or Table Only – Chart Type: Area. Bar or Plot chart 7. These settings will stay in effect for all similar reports during your active login session. SonicWALL ViewPoint 5. and all other malicious activity directed at the SonicWALL appliance or computers on the LAN or DMZ. intrusions. The table contains the following information: – Protocol—the service. 9. compared to all other services.000 megabytes were transferred and 900 megabytes were handled by the HTTP service. click Search. The ViewPoint Reporting Module displays the report for the selected date.0 Administrator’s Guide 209 . Note All reports appear in the Firewall’s time zone. Under Report Display Settings you can set: – Display Type: Chart and Table. use the Search Bar and click the Start or End field to access the drop-down calendar. Viewing Attacks Reports Attacks reports show the number of attacks that were directed at or through the selected SonicWALL appliance(s). 6. if 1. The bar graph displays the amount of bandwidth used by each service during each hour of the day. the % of Mbytes field will display 90%. These include denial of service attacks. or click More Options for report display settings.

2. To view errors and exceptions over a period of time. Viewing the Attack Summary Report The Attack Summary report contains information on the number of attacks attempted on a SonicWALL appliance or all SonicWALL appliances during the specified day. To view the Attack Summary report. To view a summary of the errors and exceptions. see “Viewing the Errors Report” on page 213.Viewing Attacks Reports Select from the following: • • • • • • To view a summary of the attacks. see “Viewing Errors Over Time” on page 217.0 Administrator’s Guide . 210 SonicWALL ViewPoint 5. Select the global icon or a SonicWALL appliance. To view attacks over a period of time. see “Viewing the Attacks By Category” on page 212. To view the attacks by attack category. perform the following steps: 1. see “Viewing the Errors Report” on page 213. see “Viewing the Attack Summary Report” on page 210. To view the attacks by source IP address. Click the Firewall tab. see “Viewing Attack Reports Over Time” on page 215.

the % of Attacks field will display 10%. or click More Options for report display settings. SonicWALL ViewPoint 5. Expand the Attacks tree and click Summary. – Attacks—the number of attack attempts. use the Search Bar and click the Start or End field to access the drop-down calendar. Firewall > Attacks > Summary Figure 125 4. click Search. if 1. The ViewPoint Reporting Module shows yesterday’s report. The table contains the following information: – Hour—when the sample was taken.Viewing Attacks Reports 3. or Table Only – Chart Type: Area. 5. – % of Attacks—the percentage of attacks during this hour. compared to the day. Under Report Display Settings you can set: – Display Type: Chart and Table. For example. The bar graph displays the number of attacks attempted during each hour of the day.000 attacks occurred during the day and 100 attacks occurred during the 2:00 time period.0 Administrator’s Guide 211 . Bar or Plot chart 6. See “Managing Report Settings” on page 116. 7. To change the date of the report. The ViewPoint Reporting Module displays the report for the selected date. The Summary page displays. When you are finished.

Expand the Attacks tree and click By Category. The By Category page displays.Viewing Attacks Reports Viewing the Attacks By Category The Attacks By Category report displays the attacks that occurred on the specified date.0 Administrator’s Guide . To view source and destination information on the individual attacks. To view the Attacks By Category report. sorted by category. Click the Firewall tab. perform the following steps: 1. expand the category tree (indicated by a ‘+’ sign). 2. The pie chart displays the percentage of each type of attack. Select a SonicWALL appliance. Firewall > Attacks > By Category Figure 126 4. Click the highlighted source or destination IP address to access the Who is Source Website. 212 SonicWALL ViewPoint 5. The table contains the following information: – Type—the type of attack – Source—the IP address of the source – Destination—the IP address to the destination 5. 3.

To change the date of the report. 6. By default. perform the following steps: 1. the ViewPoint Reporting Module shows yesterday’s report. When you are finished. Select the global icon or a SonicWALL appliance. See “Managing Report Settings” on page 116. Under Report Display Settings you can set: – Display Type: Chart and Table. Bar.000 attacks occurred during the day and the IP Spoof makes up 500 of the attacks.Viewing Attacks Reports – Attacks—the number of attacks – % of Attacks—the percentage of this type of attack. 2. click Search. use the Search Bar and click the Start or End field to access the drop-down calendar. These settings will stay in effect for all similar reports during your active login session. SonicWALL ViewPoint 5. Click the Firewall tab. if 5. its % of Attacks field will display 10%. To view the Errors report.0 Administrator’s Guide 213 . a pie chart. or Table Only – Chart Type: Area. compared to all other attack types. 9. 8. and the ten top categories. Viewing the Errors Report The Errors Summary report contains information on the number of dropped packets on a SonicWALL appliance or all SonicWALL appliances during the specified day. For example. or click More Options for report display settings. Pie or Plot chart – Number of Items – Entries per Item – Rows per Screen 7. The ViewPoint Reporting Module displays the report for the selected date.

5.Viewing Attacks Reports 3. click Search. compared to the day. The ViewPoint Reporting Module shows yesterday’s report. The bar graph displays the packets that were dropped during each hour of the day. 6. For example. or Table Only – Chart Type: Area. The Errors page displays. Expand the Attacks tree and click Errors. Under Report Display Settings you can set: – Display Type: Chart and Table. See “Managing Report Settings” on page 116. or click More Options for report display settings. – % of Packets—the percentage of packets dropped during this hour. 214 SonicWALL ViewPoint 5. 8. if 1. The ViewPoint Reporting Module displays the report for the selected date. Firewall > Attacks > Errors Figure 127 4. use the Search Bar and click the Start or End field to access the drop-down calendar.000 packets were dropped during the day and 100 packets were dropped during the 1:00 time period. – Packets—the number of dropped packets. the % of Packets field will display 10%.To change the date of the report.0 Administrator’s Guide . When you are finished. Bar or Plot chart 7. The table contains the following information: – Hour—when the sample was taken.

use the Search Bar and click the Start or End field to access the drop-down calendar. Expand the Attacks tree and click Attacks Over Time. For example. – Attacks—the number of attacks.000 attacks occurred on Thursday. – % of Attacks—the percentage of attacks on this day.Viewing Attacks Reports Viewing Attack Reports Over Time The Attacks Over Time report displays the daily number of attempted attacks during the specified time period. The Attacks Over Time page displays. its % of Attacks field will display 10%. 2. The table contains the following information: – Date—when the sample was taken. To change the date range of the report. compared to the time period. Select the global icon or a SonicWALL appliance. 6.0 Administrator’s Guide 215 . Click the Firewall tab. To view the Attacks Over Time report.000 attacks occurred during the time period and 1. 5. if 10. 3. perform the following steps: 1. Firewall > Attacks > Attacks Over Time Figure 128 4. SonicWALL ViewPoint 5. or click More Options for report display settings. The bar graph displays the number of attacks attempted each day of the time period.

The bar graph displays the number of attacks attempted each day of the specified time period. perform the following steps: 1. Click the Firewall tab. The ViewPoint Reporting Module displays the report for the selected date range. Expand the Attacks tree and click Categories Over Time. When you are finished. The Categories Over Time page displays. Bar or Plot chart See “Managing Report Settings” on page 116. 2.0 Administrator’s Guide . To view the Categories Over Time report. 216 SonicWALL ViewPoint 5. Viewing the Attacks By Category Over Time The Categories Over Time report displays the number of attacks in each attack category during the specified time period. Select the global icon or a SonicWALL appliance. or Table Only – Chart Type: Area. Firewall > Attacks > Categories Over Time Figure 129 4. expand the category tree (indicated by a ‘+’ sign). 3. To view source and destination information on the individual attacks. 8. Under Report Display Settings you can set: – Display Type: Chart and Table. click Search.Viewing Attacks Reports 7.

if 5. Select the global icon or a SonicWALL appliance. 6.0 Administrator’s Guide 217 . 2. SonicWALL ViewPoint 5. Under Report Display Settings you can set: – Display Type: Chart and Table. – Attacks—the number of attacks – % of Attacks—the percentage of this type of attack. use the Search Bar and click the Start or End field to access the drop-down calendar. or click More Options for report display settings. Pie or Plot chart – Number of Items – Entries per Item – Rows per Screen 7.Viewing Attacks Reports 5. 8. The table contains the following information: – Type—the type of attack – Source—the IP address of the source – Destination—the IP address to the destination Click the highlighted source or destination IP address to access the Whois Source Website. its % of Attacks field will display 10%. Viewing Errors Over Time The Errors Over Time report displays the number of errors during the specified time period. or Table Only – Chart Type: Area. For example.000 attacks occurred during the day and the IP Spoof makes up 500 of the attacks. Click the Firewall tab. To view the Errors Over Time report. Bar. When you are finished. click Search. See “Managing Report Settings” on page 116. compared to all other attack types. perform the following steps: 1. To change the date range of the report. The ViewPoint Reporting Module displays the report for the selected date range.

218 SonicWALL ViewPoint 5. Under Report Display Settings you can set: – Display Type: Chart and Table. its % of Attacks field will display 10%. or Table Only – Chart Type: Area. For example. use the Search Bar and click the Start or End field to access the drop-down calendar. 5. The Dropped Packets & Exceptions page displays. – % of Errors—the percentage of dropped packets on this day. When you are finished. Firewall > Attacks > Errors Over Time Figure 130 4.Viewing Attacks Reports 3. compared to the time period. or click More Options for report display settings.0 Administrator’s Guide . The bar graph displays the number of packets that were dropped during each day of the specified time period. See “Managing Report Settings” on page 116. click Search. Bar or Plot chart 7.000 packets were dropped during the time period and 1. – Dropped Packets—the number of dropped packets. The table contains the following information: – Date—when the sample was taken.000 packets were dropped on Wednesday. 8. The ViewPoint Reporting Module displays the report for the selected date range. Expand the Attacks tree and click Errors Over Time. 6. To change the date range of the report. if 10.

0 Administrator’s Guide 219 . or click the link at the bottom of the page to read detailed information about SonicWALL Gateway Anti-Virus and other subscription services. Figure 131 Sample Virus Attack Report SonicWALL ViewPoint 5.Viewing Virus Attacks Reports Viewing Virus Attacks Reports Virus Attacks reports show the number of virus attacks that were directed at or through the selected SonicWALL appliance(s). If the selected appliance is not licensed for SonicWALL Gateway Anti-Virus. a sample report is displayed. as shown in Figure 131. You can click the Click Here link near the top to view the global dashboard report showing all viruses and similar attacks currently being monitored by SonicWALL. Note All reports appear in the Firewall’s time zone.

see “Viewing the Virus Attack Attempts Report” on page 222. – Attempts—the number of times the virus attempted to infect the device during a pre-set time interval (the hour of the day is the default).0 Administrator’s Guide . To view virus attacks over time. The Summary page displays Firewall > Virus Attacks > Summary Figure 132 10. The bar graph displays the number of virus attacks attempted during each hour of the day. see “Viewing the Virus Attack Attempts Report” on page 222. Expand the Virus Attacks tree and click Summary. To view virus attacks by top destinations over time. To view virus attacks over a period of time. see “Viewing the Virus Attacks By User Report” on page 224. see “Viewing the Top Viruses By Attack Attempts Report” on page 221. The table contains the following information: – Hour—the hour of the day for which the summary is provided. – % of Attempts—the percent of attempts the current virus entry comprises as a portion of the aggregate number of virus attempts on the device during a pre-set time interval (the hour of the day is the default). To view the top virus. 220 SonicWALL ViewPoint 5. To view the virus attacks by top destinations.Viewing Virus Attacks Reports Select from the following reports: • • • • • 9. see “Viewing Anti-Spyware Reports” on page 226.

3. use the Search Bar and click the Start or End field to access the drop-down calendar. perform the following steps: 1. click Search. When you are finished. Firewall > Virus Attacks > By Virus Figure 133 SonicWALL ViewPoint 5. Bar or Plot chart See “Managing Report Settings” on page 116. To view the Top Viruses. The Top Viruses By Attack Attempts page displays. or Table Only – Chart Type: Area. 13. or click More Options for report display settings. Expand the Virus Attacks tree and click By Virus.Viewing Virus Attacks Reports 11. 2. Click the Firewall tab. Under Report Display Settings you can set: – Display Type: Chart and Table. To change the date range of the report. The ViewPoint Reporting Module shows yesterday’s report. The ViewPoint Reporting Module displays the report for the selected date range.0 Administrator’s Guide 221 . Viewing the Top Viruses By Attack Attempts Report The Top Viruses By Attack Attempts report displays the top viruses for the specified date. Select the global icon or a SonicWALL appliance. 12.

Bar. When you are finished.Viewing Virus Attacks Reports 4. Under Report Display Settings you can set: – Display Type: Chart and Table. 5. Pie or Plot chart – Number of Items – Entries per Item – Rows per Screen 7. To change the date range of the report. – Attempts—the number of attack attempts. 8. Select the global icon or a SonicWALL appliance.0 Administrator’s Guide . click Search. The ViewPoint Reporting Module displays the report for the selected date range. 2. or Table Only – Chart Type: Area. See “Managing Report Settings” on page 116. The pie chart displays the percentage of virus attacks attempted in a given day. To view the Virus Attack Attempts report. – % of Attempts—the percentage of attempts as compared to the day. 6. 222 SonicWALL ViewPoint 5. Viewing the Virus Attack Attempts Report The Virus Attack Attempts report displays the number of virus attempts over the specified time range. The ViewPoint Reporting Module shows yesterday’s report. Click the Firewall tab. The table contains the following information: – Virus—the name of the virus. or click More Options for report display settings. perform the following steps: 1. use the Search Bar and click the Start or End field to access the drop-down calendar.

6. use the Search Bar and click the Start or End field to access the drop-down calendar. For example.0 Administrator’s Guide 223 . 5. Firewall > Virus Attacks > Over Time Figure 134 4. The table contains the following information: – Date—the date of when the sample was taken. The bar graph displays the number of virus attempts that were made during each day over a specified time period.000 attempts were made during the time period and 500 were made on one day. – Attempts—the number of attempted virus attacks. The Virus Attack Attempts page displays. To change the date range of the report. SonicWALL ViewPoint 5. or click More Options for report display settings. Expand the Virus Attacks tree and click Over Time. its % of Attempts field will display 10%.Viewing Virus Attacks Reports 3. if 5. – % of Attempts—the percentage of attempted virus attacks in a day compared to the time period.

perform the following steps: 1. Pie or Plot chart – Number of Items – Entries per Item – Rows per Screen See “Managing Report Settings” on page 116. Viewing the Virus Attacks By User Report The Virus Attacks By User report displays the number of virus attack attempts over the specified time range. 224 SonicWALL ViewPoint 5.0 Administrator’s Guide . The ViewPoint Reporting Module displays the report for the selected date range. When you are finished. To view the Virus Attacks By User report. Under Report Display Settings you can set: – Display Type: Chart and Table. 2. or Table Only – Chart Type: Area. Bar. Click the Firewall tab.Viewing Virus Attacks Reports 7. 8. click Search. Select the global icon or a SonicWALL appliance.

SonicWALL ViewPoint 5. The Virus Attacks By User page displays. – Attempts—the number of attack attempts. The ViewPoint Reporting Module shows yesterday’s report. Expand the Virus Attacks tree and click By Viruses Over Time. 5. use the Search Bar and click the Start or End field to access the drop-down calendar. – % of Attempts—the percentage of attempts compared to the day. Firewall > Virus Attacks > By Viruses Over Time Figure 135 4. The table contains the following information: – Virus—the name of the virus. To change the date range of the report. 6. The pie chart displays the percentage of virus attacks attempted in a given day.Viewing Virus Attacks Reports 3.0 Administrator’s Guide 225 . or click More Options for report display settings.

Granular policy tools and an intuitive user interface enable administrators to configure a custom set of detection or prevention policies tailored to their specific network environment. simplifying deployment and management across a distributed network. Viewing Anti-Spyware Reports SonicWALL Anti-Spyware is included within the SonicWALL Gateway Anti-Virus (GAV). Network administrators can create global policies between security zones and group attacks by priority. SonicWALL Gateway Anti-Virus. 8. 226 SonicWALL ViewPoint 5. The ViewPoint Reporting Module displays the report for the selected date range. Unlike other threat management solutions. real-time gateway security solution for your entire network. Anti-Spyware and Intrusion Prevention Service (IPS) unified threat management (UTM) solution. SonicWALL UTM delivers a comprehensive. click Search. SonicWALL Gateway Anti-Virus. Pie or Plot chart – Number of Items – Entries per Item – Rows per Screen See “Managing Report Settings” on page 116. When you are finished.0 Administrator’s Guide . Under Report Display Settings you can set: – Display Type: Chart and Table. Bar. Anti-Spyware and Intrusion Prevention Service has the capacity to analyze files of any size in real-time without the need to add expensive hardware drive or extra memory. Anti-Spyware and Intrusion Prevention Service includes a pro-active alerting mechanism that notifies network administrators when a new threat is discovered. or Table Only – Chart Type: Area.Viewing Anti-Spyware Reports 7.

Figure 136 Sample Spyware Attack Report See the following sections to view Anti-Spyware reports: • • • • “Viewing a Spyware Summary” on page 228 “Viewing Spyware Attempts By Category” on page 229 “Viewing Spyware Attempts Over Time” on page 230 “Viewing Spyware Attempts By Category Over Time” on page 232 SonicWALL ViewPoint 5. You can click the Click Here link near the top to view the global dashboard report showing all spyware and similar attacks currently being monitored by SonicWALL. as shown in Figure 136. a sample report is displayed.0 Administrator’s Guide 227 .Viewing Anti-Spyware Reports If the selected appliance is not licensed for SonicWALL Anti-Spyware. or click the link at the bottom of the page to read detailed information about SonicWALL Anti-Spyware and other subscription services.

use the Search Bar and click the Start or End field to access the drop-down calendar. The bar graph displays the number of virus attacks attempted during each hour of the day. The table contains the following information: – Hour—the hour of the day for which the summary is provided. – % of Attempts—the percent of attempts the current spyware entry comprises as a portion of the aggregate number of spyware attempts on the device during a pre-set time interval (the hour of the day is the default). The Summary page displays. To change the date range of the report. Select the global icon or a SonicWALL appliance.Viewing Anti-Spyware Reports Viewing a Spyware Summary The Anti-Spyware Summary report contains information on the number of spyware attempts by hour of the day. Firewall > Anti-Spyware > Summary Figure 137 4. Click the Firewall tab.0 Administrator’s Guide . The ViewPoint Reporting Module shows yesterday’s report. – Attempts—the number of times the spyware attempted to infect the device during a pre-set time interval (the hour of the day is the default). 2. 5. perform the following steps: 1. Expand the Anti-Spyware tree and click Summary. or click More Options for report display settings. 228 SonicWALL ViewPoint 5. 6. To view a spyware Summary. 3.

8. 9. Expand the Anti-Spyware tree and click By Category. Click the Firewall tab. Select a SonicWALL appliance. To view spyware attempts by category. the priority. Firewall > Anti-Spyware > By Category Figure 138 SonicWALL ViewPoint 5. Bar or Plot chart See “Managing Report Settings” on page 116. click Search. Under Report Display Settings you can set: – Display Type: Chart and Table. 3. perform the following steps: 1. Note this page displays the number of spyware attempts that occurred during two-hour intervals during the past day. and the event/attacks type. or Table Only – Chart Type: Area. The ViewPoint Reporting Module displays the report for the selected date range. you can display details about the type/message text and number of events. 2.Viewing Anti-Spyware Reports 7. The By Category page displays.0 Administrator’s Guide 229 . Viewing Spyware Attempts By Category These reports display the spyware activity by category including the actual category or classification of the spyware. By using the category as criteria. When you are finished.

230 SonicWALL ViewPoint 5. To change the date range of the report. or click More Options for report display settings. 6. Click the Firewall tab. These reports are available at the unit and global levels similar to the other summary reports. – % of Attempts—the percent of attempts the current spyware entry comprises as a portion of the aggregate number of spyware attempts using the category as a criteria. The ViewPoint Reporting Module displays the report for the selected date range. click Search. Viewing Spyware Attempts Over Time You can display spyware attempts over a set time interval. See “Managing Report Settings” on page 116. 8. Under Report Display Settings you can set: – Display Type: Chart and Table.Viewing Anti-Spyware Reports 4. 2. Bar. Select the global icon or a SonicWALL appliance.0 Administrator’s Guide . perform the following steps: 1. or Table Only – Chart Type: Area. To view spyware attempts using pre-set time intervals as the viewing criteria. use the Search Bar and click the Start or End field to access the drop-down calendar. 5. When you are finished. The table contains the following information: – Category—the category of the spyware. Pie or Plot chart – Number of Items – Entries per Item – Rows per Screen 7. The pie chart displays the percentage of spyware attempts by category. – Attempts—the number of times the spyware attempted to infect the device using the category as a criteria.

The ViewPoint Reporting Module displays the report for the selected date range. use the Search Bar and click the Start or End field to access the drop-down calendar. click Search. or Table Only – Chart Type: Area. – Attempts—the number of times the spyware attempted to infect the device during a specific date.0 Administrator’s Guide 231 . Firewall > Anti-Spyware > Over Time Figure 139 4. The table contains the following information: – Date—the date for which the summary is provided. – % of Attempts—the percent of attempts the current spyware entry comprises as a portion of the aggregate number of spyware attempts on the device during a pre-set time interval. Expand the Anti-Spyware tree and click Over Time. 8. The Over Time page displays. 5. To change the date range of the report. See “Managing Report Settings” on page 116. The bar graph displays the number of spyware attempts that were made during each day over a specified time period. or click More Options for report display settings. Bar or Plot chart 7. SonicWALL ViewPoint 5.Viewing Anti-Spyware Reports 3. 6. When you are finished. Under Report Display Settings you can set: – Display Type: Chart and Table.

such as the category. – Attempts—the number of times the spyware attempted to infect the device during a pre-set time interval. 232 SonicWALL ViewPoint 5. and events/attacks over time.0 Administrator’s Guide . – % of Attempts—the percent of attempts the current spyware entry comprises as a portion of the aggregate number of spyware attempts on the device during a pre-set time interval. Using the category over time statistic as criteria for report generation provides details about the type/message text and number of events. The table contains the following information: – Category—the category of the virus. To change the date range of the report. or click More Options for report display settings. 5.Viewing Anti-Spyware Reports Viewing Spyware Attempts By Category Over Time You can generate reports that display the spyware activity by category. 3. perform the following steps: 1. Select a SonicWALL appliance. The By Category Over Time page displays. 2. use the Search Bar and click the Start or End field to access the drop-down calendar. Click the Firewall tab. priority. To view Anti-Spyware attempts using categories over time intervals as the viewing criteria. The pie chart displays the percentage of spyware attempts by category. Expand the Anti-Spyware tree and click By Category Over Time. Firewall > Anti-Spyware > By Category Over Time Figure 140 4.

“john” will match john_smith or john42. a sample report is displayed. The ViewPoint Reporting Module displays the report for the selected date range. Bar. as shown in Figure 141. Pie or Plot chart – Number of Items – Entries per Item – Rows per Screen See “Managing Report Settings” on page 116.0 Administrator’s Guide 233 . 8. If the selected appliance is not licensed for SonicWALL Intrusion Prevention Service. When you are finished. Note The search bar fields use pattern matching with operators such as “contains”. You can click the Click Here link near the top to view the global dashboard report showing all intrusions and similar attacks currently being monitored by SonicWALL. Note All reports appear in the Firewall’s time zone. For example. Under Report Display Settings you can set: – Display Type: Chart and Table. or click the link at the bottom of the page to read detailed information about SonicWALL Intrusion Prevention Service and other subscription services. use the Search Bar fields. Viewing Intrusion Prevention Reports The Intrusion Prevention Service (IPS) reports show the number of attempted intrusions that occurred during the specified time period.Viewing Intrusion Prevention Reports 6. SonicWALL ViewPoint 5. or Table Only – Chart Type: Area. To display a limited group of items. click Search. 7.

0 Administrator’s Guide . To view a summary of the errors and exceptions. see “Viewing Errors Over Time” on page 217. 234 SonicWALL ViewPoint 5. To view errors and exceptions over a period of time. see “Viewing Attack Reports Over Time” on page 215.Viewing Intrusion Prevention Reports Figure 141 Sample Intrusion Report Select from the following intrusion reports: • • • • • To view a summary of the attacks. To view attacks over a period of time. see “Viewing the Errors Report” on page 213. see “Viewing the Intrusion Prevention Summary Report” on page 235. To view the attacks by source IP address. see “Viewing the Errors Report” on page 213.

2.0 Administrator’s Guide 235 . 3. SonicWALL ViewPoint 5. Firewall > Intrusion Prevention > Summary Figure 142 4. Click the Firewall tab. Expand the Intrusion Prevention tree and click Summary. The bar graph displays the number of intrusions attempted during each hour of the day. The Summary page displays.Viewing Intrusion Prevention Reports Viewing the Intrusion Prevention Summary Report The Attack Summary report contains information on the number of attempted intrusions on a SonicWALL appliance or all SonicWALL appliances during the specified day. perform the following steps: 1. Select the global icon or a SonicWALL appliance. To view the IPS Summary report.

236 SonicWALL ViewPoint 5. For example. Under Report Display Settings you can set: – Display Type: Chart and Table. The ViewPoint Reporting Module displays the report for the selected date. When you are finished. Select a SonicWALL appliance. The table contains the following information: – Hour—when the sample was taken. click Search. To view intrusion attempts by category. and the event/attacks type. or Table Only – Chart Type: Area. 2. the priority.Viewing Intrusion Prevention Reports 5. you can display details about the type/message text and number of events.000 intrusion attempts occurred on Thursday. Click the Firewall tab. 6. its % of Intrusions field will display 10%. or click More Options for report display settings. Viewing Intrusion Attempts By Category These reports display the intrusion activity by category including the actual category or classification of the intrusion. use the Search Bar and click the Start or End field to access the drop-down calendar. perform the following steps: 1. The ViewPoint Reporting Module shows yesterday’s report. Bar or Plot chart 7. compared to the time period.000 intrusion attempts occurred during the time period and 1. – Intrusions—the number of intrusion attempts. See “Managing Report Settings” on page 116. – % of Intrusions—the percentage of intrusion attempts on this day. 8.0 Administrator’s Guide . To change the date of the report. if 10. By using the category as criteria.

The By Category page displays. Expand the Intrusion Prevention tree and click By Category. To change the date of the report. The pie chart displays a list of intrusions attempted by category. 5. SonicWALL ViewPoint 5. The table contains the following information: – Category—the category of the intrusion attempt. – % of Intrusions—the percentage of intrusion attempts as a portion of the aggregate number of intrusion attempts using the category as a criteria. or click More Options for report display settings. use the Search Bar and click the Start or End field to access the drop-down calendar. – Intrusions—the number of intrusion attempts.0 Administrator’s Guide 237 .Viewing Intrusion Prevention Reports 3. Firewall > Intrusion Prevention > By Category Figure 143 4.

0 Administrator’s Guide . Click the Firewall tab. Viewing Intrusions Over Time The Over Time report displays the daily number of intrusion attempts during the specified time period. or Table Only – Chart Type: Area. Under Report Display Settings you can set: – Display Type: Chart and Table. Select the global icon or a SonicWALL appliance. 2. click Search. To view the Intrusions Over Time report. 7. Pie or Plot chart – Number of Items – Entries per Item – Rows per Screen See “Managing Report Settings” on page 116.Viewing Intrusion Prevention Reports 6. The ViewPoint Reporting Module displays the report for the selected date. Bar. 238 SonicWALL ViewPoint 5. perform the following steps: 1. When you are finished.

To change the date range of the report. Expand the Intrusion Prevention tree and click Intrusions Over Time. or click More Options for report display settings.0 Administrator’s Guide 239 .000 intrusion attempts occurred during the time period and 1. SonicWALL ViewPoint 5. its % of Intrusions field will display 10%. if 10. 6. The table contains the following information: – Date—when the sample was taken. The Intrusions Over Time page displays.Viewing Intrusion Prevention Reports 3.000 intrusion attempts occurred on Thursday. – Intrusions—the number of intrusion attempts. – % of Intrusions—the percentage of intrusion attempts on this day. Firewall > Intrusion Prevention > Over Time Figure 144 4. The bar graph displays the number of intrusions attempted each day of the specified time period. compared to the time period. 5. use the Search Bar and click the Start or End field to access the drop-down calendar. For example.

Under Report Display Settings you can set: – Display Type: Chart and Table.Viewing Intrusion Prevention Reports 7. When you are finished. priority. To view intrusion attempts using categories over time intervals as the viewing criteria. 8. Viewing Intrusion Reports By Category Over Time You can generate reports that display the intrusion activity by category. or Table Only – Chart Type: Area. Select a SonicWALL appliance. Click the Firewall tab. such as the category. click Search.0 Administrator’s Guide . 2. Bar or Plot chart See “Managing Report Settings” on page 116. perform the following steps: 1. Using the category over time statistic as criteria for report generation provides details about the type/message text and number of events. 240 SonicWALL ViewPoint 5. The ViewPoint Reporting Module displays the report for the selected date range. and events/attacks over time.

Viewing Intrusion Prevention Reports 3. – Intrusions—the number of attempted intrusions during a pre-set time interval. Firewall > Intrusion Prevention > By Category Over Time Figure 145 4.0 Administrator’s Guide 241 . use the Search Bar and click the Start or End field to access the drop-down calendar. The By Category Over Time page displays. The table contains the following information: – Category—the category of the intrusion attempt. The pie chart displays a list of intrusions attempted by category over time. To change the date range of the report. – % of Intrusions—the percentage of intrusion attempts the current intrusion entry comprises as a portion of the aggregate number of intrusion attempts on the device during a pre-set time interval. or click More Options for report display settings. 5. The ViewPoint Reporting Module shows yesterday’s report. SonicWALL ViewPoint 5. Expand the Intrusion Prevention tree and click By Category Over Time.

Note All reports appear in the Firewall’s time zone. Select from the following: • • • “Viewing the User Login Report” on page 242 “Viewing the Administrator Login Report” on page 243 “Viewing the Failed Login Report” on page 244 Viewing the User Login Report The user login report shows users that logged on to the SonicWALL appliance during the specified day to bypass content filtering or to remotely access local network resources. To view the User Login report. and failed login attempts for users and administrators. When you are finished. perform the following steps: 1. Under Report Display Settings you can set: – Display Type: Chart and Table. Viewing Authentication Reports The login reports show user logins. Authentication reports are available at the unit level. The ViewPoint Reporting Module displays the report for the selected date range. Select a SonicWALL appliance. 242 SonicWALL ViewPoint 5.0 Administrator’s Guide .Viewing Authentication Reports 6. Bar. 2. Click the Firewall tab. Pie or Plot chart – Number of Items – Entries per Item – Rows per Screen See “Managing Report Settings” on page 116. click Search. 7. or Table Only – Chart Type: Area. administrator logins.

When you are finished. SonicWALL ViewPoint 5. The User Login page displays. 2. Viewing the Administrator Login Report The administrator login report shows successful administrator logins during the specified day. use the Search Bar and click the Start or End field to access the drop-down calendar. This report is useful for identifying misuse and unauthorized management of a SonicWALL appliance. The ViewPoint Reporting Module displays the report for the selected date. Click the Firewall tab.Viewing Authentication Reports 3. – Time—time the user logged in. Select a SonicWALL appliance. The ViewPoint Reporting Module shows yesterday’s report. The table contains the following information: – User—the user name. To view the Admin Login report. 5. Expand the Authentication tree and click User Login.0 Administrator’s Guide 243 . See “Managing Report Settings” on page 116. perform the following steps: 1. 6. click Search. To change the date of the report. Firewall > Authentication > User Login Figure 146 4.

The page displays. When you are finished.Viewing Authentication Reports 3. click Search. – Time—time the user logged in. Firewall > Authentication > Admin Login Page Figure 147 4. See “Managing Report Settings” on page 116. The table contains the following information: – User—the user name. 3. To view the Failed Login report. Expand the Authentication tree and click Admin Login. Click the Firewall tab. The ViewPoint Reporting Module displays the report for the selected date range. Select a SonicWALL appliance. 5. The Admin Login page displays. To change the date range of the report. Viewing the Failed Login Report The failed login report shows failed login attempts for users and administrators that attempted to log on to the SonicWALL appliance during the specified day.0 Administrator’s Guide . Firewall > Authentication > Failed Login Figure 148 244 SonicWALL ViewPoint 5. 2. perform the following steps: 1. 6. use the Search Bar and click the Start or End field to access the drop-down calendar. This report is useful for identifying unauthorized access attempts and potentially malicious activity. Expand the Authentication tree and click Failed Login.

Viewing the Log 4. Viewing the Log The Log Viewer contains detailed information on each transaction that occurred on the SonicWALL appliance. – IP Address—IP address of the user. Select a SonicWALL appliance. click Search. use the Search Bar and click the Start or End field to access the drop-down calendar. 5.0 Administrator’s Guide 245 . Click the Firewall tab. perform the following steps: 1. See “Managing Report Settings” on page 116. Note The Log Viewer displays raw log information for every connection. When you are finished. SonicWALL ViewPoint 5. This information is stored for the time that you specified in the configuration settings. The ViewPoint Reporting Module displays the report for the selected date. Depending on the amount of traffic. 6. It is highly recommended to be careful when choosing the number of days of information that will be stored. To change the date of the report. The ViewPoint Reporting Module shows yesterday’s report. For more information. 2. – Time—time the user logged in. this can quickly consume a large amount of space in the database. Viewing the Log for a SonicWALL Appliance To view the Log. The table contains the following information: – User—the user name. see “Scheduling and Configuring Reports” on page 95.

See “Configuring and Using Custom Reports” on page 123. Enter the ending time of events to view in the End Time field. 5. The maximum number of appliances for which Log Viewer can be enabled is controlled on the Console > Reports > Settings page. 12. enter the source IP address or user name in the Source IP/User field. To view log entries for data originating from a particular port. enter the port number in the Source Port field. Firewall > Log Viewer > Search Figure 149 4. select the date range to view data from in the Start Date and End Date fields. Note Custom Reports are available on appliances with Log Viewer enabled.Viewing the Log 3. 7. The Search page displays. To limit the report to data originating from specific IP addresses or users. enter the port number in the Destination Port field. To view log entries for data going to a particular port. Enter the starting time of events to view in the Start Time field. See “Controlling the Number of Appliances with Log Viewer Enabled” on page 47. To view log entries for data going to all IP addresses. Under Select Search Criteria. destination IP address or host name in the Destination IP/Hostname field. To view all IP addresses. Expand the Log Viewer tree and click Search. This can consume a large amount of space in your database. To limit the report to data going to specific IP addresses or hosts.0 Administrator’s Guide . Select the type of events to view from the Message Category list box. Select Enable Log Viewer and then click Update to turn on collection of raw data in the database and enable viewing of that log data. 10. 246 SonicWALL ViewPoint 5. enter All. 6. enter the 11. enter All. Review your database space constraints before enabling the log viewer. 8. 9.

click Next.0 Administrator’s Guide 247 . To limit the report to messages containing a specific text string. Click Generate Report. To view the next page of entries. The Log Viewer Results page displays. Figure 150 Firewall > Log Viewer Results 16. enter the text in the Message Text field. Select the number of entries to display per page from the Results Per Page field. 15. To generate another report. Leave the field blank to view all messages. click Search again in the Log Viewer tree. 17.Viewing the Log 13. 14. Search through the entries to find the information for which you are searching. SonicWALL ViewPoint 5.

Viewing the Log 248 SonicWALL ViewPoint 5.0 Administrator’s Guide .

This chapter contains the following sections: • • “SSL VPN Reporting Overview” section on page 249 “Using and Configuring SSL VPN Reporting” section on page 250 SSL VPN Reporting Overview This section provides an introduction to the SSL VPN reporting feature. This section contains the following subsections: • • • “What is SSL VPN Reporting?” section on page 250 “Benefits of SSL VPN Reporting” section on page 250 “How Does SSL VPN Reporting Work?” section on page 250 After reading the ViewPoint SSL VPN Reporting Overview section.0 Administrator’s Guide 249 . For details about viewing specific SSL VPN reports. see “Viewing SSL VPN Reports” on page 255. you will understand the main steps to be taken in order to create and customize reports successfully. SonicWALL ViewPoint 5.CHAPTER 14 SSL VPN Reporting This chapter describes how to manage SonicWALL ViewPoint SSL VPN reporting by customizing and defining scheduled reports and summarization for SSL VPN appliances.

Benefits of SSL VPN Reporting The following enhancements have been incorporated into the SSL VPN reporting feature: • • • • • Interactive charts New table structure with ability to adjust column width of data grid Improved report navigation Report search Scheduled reports How Does SSL VPN Reporting Work? SSL VPN appliances send syslog data to the ViewPoint syslog collector. create scheduled reports. schedule. This feature offers various types of static and dynamic reporting in which you can customize the way information is reported. similar to SonicWALL firewall appliances. SonicWALL ViewPoint SSL VPN reporting provides a visual presentation of all your configured report settings and information. and search for reports using the search bar tool. you can create. See the following subsections: • • “About Viewing Available SSL VPN Report Types” section on page 251 “Configuring SSL VPN Scheduled Reports” section on page 251 250 SonicWALL ViewPoint 5. weekly. With SSL VPN reporting.0 Administrator’s Guide . Once summarization takes place. you are able to view your reports in new enhanced graphs. and search for SSL VPN reports from the ViewPoint central reporting interface. view. Using and Configuring SSL VPN Reporting This section describes how to use and configure SSL VPN reporting.Using and Configuring SSL VPN Reporting What is SSL VPN Reporting? SSL VPN reporting allows you to configure and design the way you view your reports and the manner in which you receive them. SSL VPN Reporting supports scheduled reports to be sent on a daily. or monthly basis to any specified email address.

–Failed login: time and source host of failed logins for one day Global Level Reports: – Bandwidth –Summary: connections per SSL VPN appliance –Over Time: total connections by date Configuring SSL VPN Scheduled Reports To configure SSL VPN scheduled reports and summarization. NetExtender. and source of successful authentication-daily. 2. On the SSL-VPN tab. perform the following steps: 1. Click the SSL-VPNs tab. etc) – Authentication –User Login: user. The SSL VPN screen displays the following list of reports: Node Level reports: – Bandwidth –Summary: total connections listed by hour –Top Users: connections listed by user –Over Time: connections listed by date –Top Users Over Time: connections listed by user for the selected date range – Resources –Summary: connections per connection protocol (HTTPS. User Login reports now combine admin users with all other users in the same report. Click the Add button.Using and Configuring SSL VPN Reporting About Viewing Available SSL VPN Report Types To view the available types of reports for SSL VPN. time. Log into your ViewPoint management console. perform the following tasks: 1. 2.0 Administrator’s Guide 251 . navigate to Configuration > Scheduled Reports. SonicWALL ViewPoint 5.

0 Administrator’s Guide . 252 SonicWALL ViewPoint 5. The screen displays the configuration appropriate for the level. see the following sections: – “Configuring Scheduled Reports” on page 95 – “Exporting Reports to PDF” on page 106.Using and Configuring SSL VPN Reporting 3. The Scheduled Report Configuration form displays. The reports that can be summarized for a SSL VPN appliance are configurable at either global or unit level. For more information. Figure 151 SSL VPN Scheduled Report Configuration Page Configuring SSL VPN Summarization 1. The report type lists can also be expanded for a detailed description of report content. On the SSL-VPN tab. Fill out the fields accordingly. navigate to Configuration > Summarizer Settings.

Using and Configuring SSL VPN Reporting The report types you can summarize are shown below.0 Administrator’s Guide 253 . see: – “Selecting Reports for Summarization” on page 99 – “Using Summarize Now” on page 101 – “Exporting Reports to PDF” on page 106 SonicWALL ViewPoint 5. For more information about the Summarizer and exporting reports in PDF format. Figure 152 SSL VPN Report Types Available for Summarization SSL VPN reports generated in ViewPoint can be exported in PDF format. providing easy online transfer.

0 Administrator’s Guide .Using and Configuring SSL VPN Reporting 254 SonicWALL ViewPoint 5.

For information on how to configure scheduled reports and summarization.CHAPTER 15 Viewing SSL VPN Reports This chapter describes the available reports for SonicWALL SSL VPN appliances. see: • “Using and Configuring SSL VPN Reporting” on page 250 “Viewing SSL VPN Bandwidth Reports” section on page 256 “Viewing SSL VPN Resource Reports” section on page 262 “Viewing SSL VPN Authentication Reports” section on page 264 “Viewing the SSL VPN Log” section on page 266 Select from the following reports: • • • • SonicWALL ViewPoint 5.0 Administrator’s Guide 255 .

day. Note All reports appear in the time zone of the selected appliance. Select from the following: • • • • “Viewing SSL VPN Bandwidth Summary Reports” on page 256 “Viewing SSL VPN Top Users of Bandwidth Reports” on page 258 “Viewing SSL VPN Bandwidth Usage Over Time Reports” on page 259 “Viewing SSL VPN Top Users of Bandwidth Over Time Reports” on page 261 Viewing SSL VPN Bandwidth Summary Reports The Bandwidth Summary report shows the number of connections handled by a SSL VPN appliance during each hour of the specified day. or you might simply need to curtail the bandwidth usage of a few employees. Select the global icon or a SSL VPN appliance. To view the Bandwidth Summary report.0 Administrator’s Guide . Additionally.Viewing SSL VPN Bandwidth Reports Viewing SSL VPN Bandwidth Reports Bandwidth reports display the amount of data transferred through one or more selected SSL VPN appliances. Click the SSL-VPN tab. you can view the top users of bandwidth. 2. From this information. you can determine network strategies. if you need more bandwidth. or over a period of days. For example. 256 SonicWALL ViewPoint 5. you might need to upgrade network equipment. perform the following steps: 1. by each SSL VPN appliance for the day. Bandwidth reports are an ideal starting point for viewing overall bandwidth usage. or at the global level. You can view bandwidth usage view by hour.

After selecting a date. Note The date setting will stay in effect for all similar reports during your active login session. 7. SonicWALL ViewPoint 5. click the Start field to access the drop-down calendar. The table contains the following information: – Hour—when the sample was taken. SSL VPN Unit View: SSL-VPN > Bandwidth > Summary Figure 153 4. The Summary page displays. The graph displays the number of connections to the SSL VPN appliance during each hour of the day.Viewing SSL VPN Bandwidth Reports 3. – Connections—number of connections to the SSL VPN appliance 6. 5. Expand the Bandwidth tree and click Summary.0 Administrator’s Guide 257 . click Search. The ViewPoint Reporting Module displays the report for the selected day. The ViewPoint Reporting Module shows yesterday’s report. To change the date of the report.

The pie chart displays the percentage of connections used by each user. To view the Top Users report. Select a SSL VPN appliance. SSL VPN Unit View: SSL-VPN > Bandwidth > Top Users Figure 154 4. 258 SonicWALL ViewPoint 5. 2. 3. perform the following steps: 1.Viewing SSL VPN Bandwidth Reports Viewing SSL VPN Top Users of Bandwidth Reports The Top Users report displays the users who used the most connections on the specified date. Click the SSL-VPN tab. Expand the Bandwidth tree and click Top Users. The Top Users page displays.0 Administrator’s Guide .

Viewing SSL VPN Bandwidth Usage Over Time Reports The Bandwidth Usage Over Time report displays the daily number of connections handled by a SSL VPN appliance or a group of SSL VPN appliances for the specified time period. The table contains the following information for all users: – Users—the user name – Connections—number of connection events or “hits” 6. SonicWALL ViewPoint 5. Select the global icon or a SSL VPN appliance. Note The search bar fields use pattern matching with operators such as “contains”. 8. 7. click the Start field to access the drop-down calendar. To view the Bandwidth Usage Over Time report. Note The date setting will stay in effect for all similar reports during your active login session. The ViewPoint Reporting Module displays the report for the selected day.0 Administrator’s Guide 259 . and a table for all users. Click the SSL-VPN tab. “john” will match john_smith. the ViewPoint Reporting Module shows yesterday’s report. or big_john. By default. When you are finished. john42. click Search. For example. To change the date of the report. 2. a pie chart for the top six users. perform the following steps: 1.Viewing SSL VPN Bandwidth Reports 5. use the Search Bar fields. To display a limited number of users.

click Search. 7. When you are finished. The graph displays the number of connections during each day of the specified time period.Viewing SSL VPN Bandwidth Reports 3. To change the date of the report. The table contains the following information: – Date—when the sample was taken – Connections—number of hits 6. The Over Time page displays. use the Search Bar and click the Start or End fields to access the drop-down calendar. 5. Note These date settings will stay in effect for all similar reports during your active login session. Expand the Bandwidth tree and click Over Time. 260 SonicWALL ViewPoint 5.0 Administrator’s Guide . SSL VPN Unit View: SSL-VPN > Bandwidth > Over Time Figure 155 4. The ViewPoint Reporting Module displays the report for the selected date range.

SonicWALL ViewPoint 5. The pie chart displays the percentage of connections used by the top users. 3.Viewing SSL VPN Bandwidth Reports Viewing SSL VPN Top Users of Bandwidth Over Time Reports The Top Users Over Time report displays the users who used the most connections during the specified date range. perform the following steps: 1.0 Administrator’s Guide 261 . Select a SSL VPN appliance. Click the SSL-VPN tab. SSL VPN Unit View: SSL-VPN > Bandwidth > Top Users Over Time Figure 156 4. Expand the Bandwidth tree and click Top Users Over Time. The Top Users Over Time page displays. 2. To view the Top Users Over Time report. This report is available at the unit level.

someone using FTP to transfer large files. Note The search bar fields use pattern matching with operators such as “contains”. or another service.0 Administrator’s Guide . “john” will match john_smith. click the Start or End field to access the drop-down calendar. enter the user IDs in the Search Bar fields. Resource reports are useful for revealing inappropriate usage of bandwidth and can help determine network policies. For example. 8. Viewing SSL VPN Resource Reports Resource reports provide information on the amount of data transmitted through the selected SSL VPN appliance by each service or protocol. an attempted Denial of Service (DoS) attack. or big_john. 7. The ViewPoint Reporting Module shows yesterday’s report. To display a limited group of users. To change the date range of the report. Note These settings will stay in effect for all similar reports during your active login session. The procedure for viewing the Resource Summary Report is described in the following section: • “Viewing SSL VPN Resource Summary Reports” on page 263 Note You cannot view resource reports from the global view. For example. if there is a large spike of bandwidth usage. Note All reports appear in the appliance’s time zone. you can determine whether this is caused by regular Web access. john42. When you are finished. click Search. 262 SonicWALL ViewPoint 5. The table contains the following information for all users: – Users—the user name of the user – Connections—number of connection events or “hits” 6. The ViewPoint Reporting Module displays the report for the selected users and date range.Viewing SSL VPN Resource Reports 5.

0 Administrator’s Guide 263 . To view the Resource Summary report. The graph displays the number of connections used by each service or protocol during the day. Click the SSL-VPN tab. perform the following steps: 1. 5. The table contains the following information: SonicWALL ViewPoint 5. 3. The Resource Summary page displays. Select a SSL VPN appliance. SSL VPN: SSL-VPN > Resources > Summary Figure 157 4.Viewing SSL VPN Resource Reports Viewing SSL VPN Resource Summary Reports The Resource Summary report displays the number of connections handled by each service or protocol during the specified day. Expand the Resources tree and click Summary. 2.

Select from the following: • • “Viewing SSL VPN User Login Reports” on page 264 “Viewing SSL VPN Failed Login Reports” on page 265 Viewing SSL VPN User Login Reports The user login report shows the user name. To view the User Login report. Select a SSL VPN appliance. perform the following steps: 1. Click the SSL-VPN tab. When you are finished.0 Administrator’s Guide . source host IP address. click Search. 264 SonicWALL ViewPoint 5. 2. Viewing SSL VPN Authentication Reports The Authentication reports show user logins and failed login attempts. Note This date setting will stay in effect for all similar reports during your active login session. 7.Viewing SSL VPN Authentication Reports – Resource name—the service or protocol – Connections—number of connection events or “hits” 6. Note All reports appear in the appliance’s time zone. and time of login for users that logged on to the SSL VPN appliance during the specified day. Authentication reports are available at the unit level. The ViewPoint Reporting Module displays the report for the selected date. use the Search Bar and click the Start field to access the drop-down calendar. To change the date of the report.

2. use the Search Bar and click the Start field to access the drop-down calendar. 6. click Search. This report is useful for identifying unauthorized access attempts and potentially malicious activity. To view the Failed Login report. When you are finished. The ViewPoint Reporting Module shows yesterday’s report.Viewing SSL VPN Authentication Reports 3. Expand the Authentication tree and click User Login. Select a SSL VPN appliance. The table contains the following information: – Type—equal to User Login – User Name—the user name – Source Host—the IP address of the user’s computer – Time—the time that the user logged in – Duration—the duration of the user login session 5. SSL VPN: SSL-VPN > Authentication > User Login Figure 158 4. Viewing SSL VPN Failed Login Reports The failed login report shows failed login attempts for users who attempted to log into the SSL VPN appliance during the specified day. SonicWALL ViewPoint 5. The ViewPoint Reporting Module displays the report for the selected date. The User Login page displays.0 Administrator’s Guide 265 . To change the date of the report. perform the following steps: 1. Click the SSL-VPN tab.

266 SonicWALL ViewPoint 5. This information is stored for the time that you specified in the configuration settings. The table contains the following information: – Type—equal to Failed Login – User Name—the user name – Source Host—the IP address of the user’s computer – Time—the time that the user attempted to log in – Duration—not applicable 5. use the Search Bar and click the Start field to access the drop-down calendar. SSL VPN: SSL-VPN > Authentication > Failed Logins Figure 159 4. Expand the Authentication tree and click Failed Login. When you are finished. The Failed Logins page displays. 6. To change the date of the report.Viewing the SSL VPN Log 3. The ViewPoint Reporting Module displays the report for the selected date. click Search. The ViewPoint Reporting Module shows yesterday’s report. Viewing the SSL VPN Log The Log Viewer contains detailed information on each transaction that occurred on the SSL VPN appliance.0 Administrator’s Guide .

Click the SSL-VPN tab. Select Enable Log Viewer and then click Update to turn on collection of raw data in the database and enable viewing of that log data. For more information. The Search page displays.Viewing the SSL VPN Log Note The Log Viewer displays raw log information for every connection. It is highly recommended to be careful when choosing the number of days of information that will be stored. SonicWALL ViewPoint 5. Under Select Search Criteria. select the date range to view data from in the Start Date and End Date fields. Review your database space constraints before enabling the log viewer. 3. Enter the starting time of events to view in the Start Time field. 267 . 6. Select a SSL VPN appliance. 2. Depending on the amount of traffic. Expand the Log Viewer tree and click Search. SSL-VPN > Log Viewer > Search Figure 160 4. Viewing the Log for a SSL VPN Appliance To view the Log. this can quickly consume a large amount of space in the database. see “Scheduling and Configuring Reports” on page 95. perform the following steps: 1. This can consume a large amount of space in your database.0 Administrator’s Guide 5.

enter the user name in the User field. enter the source IP address in the Source IP field. enter the text in the Message Text field. You can select from the following: – All Categories – Connections – Rejected Connections – User Events – Unrecognized Events 12. enter the 11. click Search again in the Log Viewer tree. 268 SonicWALL ViewPoint 5. To view data for all IP addresses. To view the next page of entries. To limit the report to messages containing a specific text string. To view all IP addresses. 13. To limit the report to data going to specific IP addresses or hosts. 9. 8. 10. To generate another report. enter All. 14. click Next. Enter the ending time of events to view in the End Time field. Figure 161 SSL-VPN > Log Viewer Results 15. To limit the report to data originating from specific IP addresses.Viewing the SSL VPN Log 7.0 Administrator’s Guide . To view log entries for data originating from a particular user. Select the type of events to view from the Message Category list box. enter All. Click Generate Report. The Log Search Results page displays. destination IP address or host name in the Destination IP/Hostname field. Select the number of entries to display per page from the Results Per Page field. Leave the field blank to view all messages. 16.

see “Configuring Syslog Data Storage Configuration and Sort Settings” on page 46. For information about setting the number of days data is stored. It is highly recommended to be careful when choosing the number of days of information that will be stored.0 Administrator’s Guide 269 . To configure Log Viewer settings for generating a report. this can quickly consume a large amount of space in the database. perform the following steps: 1. Depending on the amount of traffic. SonicWALL ViewPoint 5.Appendix A Technical Tips This chapter includes the following sections: • • • • “Log Viewer” section on page 269 “Real-time Syslog Viewer” section on page 271 “Forwarding Syslog Data to Another Syslog Server” section on page 272 “Posting ViewPoint Reporting to Another Web Server for End-User Access” section on page 273 Log Viewer The Log Viewer contains detailed information on each transaction that occurred on the SonicWALL appliance. This information is stored for the time that you specified in the configuration settings. Start and log into SonicWALL ViewPoint. Note The Log Viewer displays raw log information for every connection.

Log Viewer 2. Expand the Log Viewer tree and click Search. Enter the source IP address to view in the Source IP Address field. Review your database space constraints before enabling the log viewer. Log Viewer must be enabled for the appliance in order to display all the fields on the page. See “Controlling the Number of Appliances with Log Viewer Enabled” on page 47. To view all IP addresses. The maximum number of appliances for which Log Viewer can be enabled is controlled on the Console > Reports > Settings page. 10. This can consume a large amount of space in your database. 9.0 Administrator’s Guide . 7. 3. The Search page displays. Note Custom Reports are available on appliances with Log Viewer enabled. Select a SonicWALL appliance. Log Viewer > Search Figure 162 5. See “Configuring and Using Custom Reports” on page 123. 4. Click the Firewall or SSL-VPN tab. 6. enter All. 8. Select the date to view from the Date list box. 11. Enter the starting time of events to view in the Start Time field. 270 SonicWALL ViewPoint 5. Select the type of events to view from the Message Category list box. Select Enable Log Viewer and then click Update to turn on collection of raw data in the database and enable viewing of that log data. Select the ending date of events to view in the End Date list box Enter the ending time of events to view in the End Time field.

Expand Real-Time Viewer and click Syslog. The Real-Time Syslog page appears. 13. Select the number of entries to display per page from the Results Per Page field. Click Generate Report. perform the following steps: 1. To open the real-time syslog utility. Note Only use this utility when needed for diagnostic purposes. 14. 3. To view all IP addresses. 2. enter All. Click the Firewall or SSL-VPN tab. Figure 163 Log Viewer Results Real-time Syslog Viewer The real-time syslog utility enables you to diagnose the system by viewing the syslog messages in real time.Real-time Syslog Viewer 12. Enter the destination IP address to view in the Destination IP Address field.0 Administrator’s Guide 271 . The Log Viewer Results page displays. Start and log into SonicWALL ViewPoint. SonicWALL ViewPoint 5.

use the browser’s Find utility. 5. 272 SonicWALL ViewPoint 5. Number of Messages List Box Figure 165 8. 6. To stop the viewer. set the IP address and port used by the syslog reader. select the time from the Refresh Time list box at the bottom of the screen. 11. select Enable Syslog Forwarding. select a number from the Number of Messages list box at the bottom of the screen. The Syslog Viewer begins showing the latest syslog entries. To search for text. 10. 9. Syslog Viewer Entries Figure 164 7. click the Stop button.Forwarding Syslog Data to Another Syslog Server 4. To change how many messages are displayed. To change how often the Syslog Viewer is refreshed. and then click Update. perform the following steps: 1. If the Syslog Reader is not already running. Click Start Button at the bottom of the screen.0 Administrator’s Guide . Forwarding Syslog Data to Another Syslog Server To forward SonicWALL ViewPoint syslog data to another syslog server. Open the sgmsConfig.xml file with a text editor. click Start Syslog Reader. close the Syslog Viewer. If syslog forwarding is not enabled. When you are finished.

4. and click Update. You can then allow end user access to the redundant Console for viewing ViewPoint Reporting real-time and historical reports.1.0 Administrator’s Guide 273 . To do this. install the SonicWALL ViewPoint Console in redundant mode. 5. Save the sgmsConfig. Note To configure SonicWALL ViewPoint to not store the syslog data after it has been forwarded. SonicWALL ViewPoint 5. open the ViewPoint Settings page in the Console Panel. Locate the following line: Parameter name =“syslog.3.forwardToHost” value=“” Add the IP address or hostname of the destination syslog server to the value attribute. Ensure that at least firmware 6. Posting ViewPoint Reporting to Another Web Server for End-User Access To allow end user access to another web server for end-user access. deselect the Enable Reporting check box. End user access will be isolated from the main Console that is used for managing and configuring SonicWALL appliances. you must disable the ViewPoint Reporting Module.Posting ViewPoint Reporting to Another Web Server for End-User Access 2.xml file and exit.0 is running on the SonicWALL appliances. 3.

Posting ViewPoint Reporting to Another Web Server for End-User Access 274 SonicWALL ViewPoint 5.0 Administrator’s Guide .

745. 1143 Borregas Avenue Sunnyvale CA 94089-1306 PN: 232-001558-00 10/08 ©2008 SonicWALL.com .v 1 T +1 408.4_GMS.9300 www. G035.9600 F +1 408.sonicwall. is a registered trademark of SonicWALL. Inc.SonicWALL. Inc.GSG. Inc.745. Spec cation s and description s subject to change without notice. Other product names mention ed herein may be trademark s and/or registered trademark s of their respective companies.