PDF reports can be generated to give an overview about the network for a certain time span.
Those reports are either automatically issued every hour or every day, or issued on demand.
Each report can be configured about the amount of information shown in the report.
The PDF can be downloaded from the web front end or sent via email to a configurable address.
Reports are persistently stored on the internal drive so they are available even after switching the device off.
Available report content
Currently there are three different report components available:
Network segment overview
This component gives a detailed overview about the activity in all network segments.
The first section shows a list of all VLANs that have been activity during the report interval.
The table shows the amount of MAC addresses and IP addresses and the total amount of traffic happened.
Also, a graphic graph is shown. Q-in-Q VLAN tags are also shown if applicable.
The second section shows more information for each VLAN seen.
It prints the number of MAC addresses, IPv4, and IPv6 addresses.
Additionally, for each private IPv4 network, the number of active IP addresses is shown as well.
All DHCP servers in the VLAN segment is show as well as all DNS servers.
Based on a passive estimation the router MAC addresses are shown.
Finally, all NIC vendors are listed with the number of devices active for each vendor.
The second component gives an overview about the kind of traffic used in the network the most.
It shows the top network protocols used in the report time window, together with the top users and their peers.
For each of the top protocols, the amount of traffic is shown as well as a graph.
Next, the top users for each protocol is shown.
For each network subscriber, the IP and available name information are listed.
The amount of traffic for the specific user is listed as well as a graph for the time period.
Additionally, the top peer IPs are shown in a table listing what computers the top subscriber has been contacted and the corresponding amount of traffic.
This report component can be configured about the number of top protocols, the number of top users, and the number of top peers to beused for the report.
These settings can be chosen when issuing new reports or configuring a scheduled report.
The third component shows the top connections in the report time window.
It lists the connections with the most throughput in the report time window.
The information contain the names of both communication partners and the layer 7 protocol.
The output contains when the connection has been started and when the last activity has been.
For easier reading, the output also contains the start time in relation to the report start time and the end time in relation to the report end time.
Finally, a graph over the whole report time is shown.
This report component can be configured about the number of top connections to be used for the report. This setting can be chosen when issuing new reports or configuring a scheduled report.
This component shows the top IP/port pairs grouped by IP address and sorted by traffic in the report time window. It lists the IP address, its port, layer 4 and layer 7 protocols and received and sent bytes.
The traffic sorting is performed globally.
Following configuration parameters are available:
- Top IP/ports: The number of top IP/ports to be used for the report can be configured. This setting can be chosen when issuing new reports or configuring a scheduled report. The maximum value is 10000.
- Max ports per IP: The number of different ports shown per IP address. Default: unlimited.
- Sort by: The sorting can be selected in the drop down box. Following sortings are possible.
- received bytes: sorts the IP/ports list by received bytes for a port in descending order.
- sent bytes: sort by sent bytes from a port in descending order.
- received + sent bytes: sorts by all traffic for a port.
- Please note that the IPs are grouped first and the traffic sorting is applied afterwards.
- Filter by IP or subnet: An IP address or subnet can be specified. The traffic accounting will use this filter criteria and will only take connections into account with matching IPs. A drop down box allows selecting on which IPs the filter is applied. The filter is either applied on the IP address that is shown, or the IP address of the peer or on both addresses.
- Select port: The ports of the connection between two IPs can be configured. By default the port is used that belongs to the IP address that is shown in the table (own port). The port of the IP of the peer can be selected in the drop down box. With this setting a source address will be shown with its destination port and vice versa.
- Consider the following connections as an example:
- 188.8.131.52:80 <-> 184.108.40.206:65432
- 220.127.116.11:80 <-> 18.104.22.168:63111
- 22.214.171.124:80 <-> 126.96.36.199:65432
- When own port is chosen, the report will show 188.8.131.52:80 with the aggregated traffic counters of all three connections. With this setting the most used IP/ports in the network are shown.
- When port of peer is chosen, the report will show 184.108.40.206:65432 and 220.127.116.11:63111. The connections will be aggregated if own IP address and port of the peer are the same. With this setting you can find out e.g. the most used client ports for a certain server.
The reports web interface contains three tabs. The first tabs shows all already finished reports. The second tab shows all scheduled report that are automatically executed at a configured time. The third tab contains some settings for the reporting feature.
List of available reports
The table is sorted by the issue date. The state column gives information about running reports, whether they have been finished or aborted, etc.
The PDF column allows to view and download the final PDF report.
The delete button will remove the report completely. This command cannot be undone. Also, the number of reports that can be stored is 100. For each additional report, the oldest report will be removed.
In this first tab you can also issue a new report that is executed immediately when all other reports are finished. The details are described below in the section Report configuration.
The second tab contains the list of reports that are scheduled for regular execution. Reports can be run automatically on a daily or hourly basis. In each variant, the report time window will be chosen accordingly so that for daily reports the whole last day is used while for hourly reports the last hour is used as a basis for all statistics.
The button Create a new scheduled report allows to add a new entry to the list of reports. The configuration details are described below in the section Report configuration. Each report may have a different configuration about the content of the report.
In the table of reports, the individual entries can be removed or edited. Also, it is possible to issue a report immediately with the corresponding configuration.
Changes to the list take only effect if the settings are saved. A notification box will show up if changes are pending.
The logo that is displayed on the top of the title page can be customized. By using the Upload custom logo button an image in PNG format can be uploaded. The image will be rendered at 96 dpi and the aspect ratio is maintained. Use the Remove custom logo button to fall back to the default logo.
A optional text can be displayed on the title page. Simply enter the desired text into the text box and press the Save settings button.
The report email notification settings can be used to send the report via e-mail to the address configured in the global configuration section.
The report configuration dialog is used for issuing new reports or configuring scheduled report.
The first elements describe which kind of report components should be included. Each component (described above) can be disabled or enabled (which is the default). For some components, variables can be chosen like the number of top protocols or the number of top connections.
The last section select the report interval for newly issued reports, or the repeat interval for scheduled reports.