Reports: Difference between revisions
(Created page with "Reports ======= PDF reports can be generated to give an overview about the network for a certain time span. Those reports are either automatically issued every hour or every...") |
mNo edit summary |
||
| (78 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
PDF reports can be generated to give an overview about the network for a certain time span. | |||
Those reports are either automatically issued every hour or every day, or issued on demand. | |||
every hour or every day, or issued on demand | |||
Each report can be configured about the amount of information shown in the report. | |||
The PDF can be downloaded from the web front end or sent via email to a configurable address. | |||
. | Reports are persistently stored on the internal drive so they are available even after switching the device off. | ||
== Available report options == | |||
==== Filter Options (Firmware >= 4.2) ==== | |||
* by Virtual link group: Select the [[Virtual Link Group functionality|Virtual Link Group]] | |||
* by IP | |||
** no: Use no IP Filter | |||
** address or subnet: Only create a report on an IP address or a subnet such as 10.0.0.0/24. No Network segment overview and Top protocols report is possible. | |||
** group: Only create a report on one [[IP groups|IP group]]. No Network segment overview and Top protocols report is possible. | |||
==== Network segment overview ==== | |||
This component gives a detailed overview about the activity in all network segments. | |||
The first section shows a list of all VLANs that have been activity during the report interval. | |||
The table shows the amount of MAC addresses and IP addresses and the total amount of traffic happened. | |||
addresses and IP addresses and the total amount of traffic | |||
happened | |||
The second section shows more information for each VLAN seen. It | Also, a graphic graph is shown. Q-in-Q VLAN tags are also shown if applicable. | ||
prints the number of MAC addresses, IPv4, and IPv6 | |||
addresses. Additionally, for each private IPv4 network, the number of | The second section shows more information for each VLAN seen. | ||
active IP addresses is shown as well. | |||
It prints the number of MAC addresses, IPv4, and IPv6 addresses. | |||
Additionally, for each private IPv4 network, the number of active IP addresses is shown as well. | |||
All DHCP servers in the VLAN segment is show as well as all DNS servers. | All DHCP servers in the VLAN segment is show as well as all DNS servers. | ||
| Line 43: | Line 38: | ||
Based on a passive estimation the router MAC addresses are shown. | Based on a passive estimation the router MAC addresses are shown. | ||
Finally, all NIC vendors are listed with the number of devices active | Finally, all NIC vendors are listed with the number of devices active for each vendor. | ||
for each vendor. | |||
The second component gives an overview about the kind of traffic used | ====Top protocols==== | ||
in the network the most | The second component gives an overview about the kind of traffic used in the network the most. | ||
It shows the top network protocols used in the report time window, together with the top users and their peers. | |||
For each of the top protocols, the amount of traffic is shown as well as a graph. | |||
amount of traffic | |||
Next, the top users for each protocol is shown. | |||
For each network subscriber, the IP and available name information are listed. | |||
The amount of traffic for the specific user is listed as well as a graph for the time period. | |||
Additionally, the top peer IPs are shown in a table listing what computers the top subscriber has been contacted and the corresponding amount of traffic. | |||
===== Configuration variables ===== | |||
This report component can be configured about the number of top protocols, the number of top users, and the number of top peers to beused for the report. | |||
report | |||
These settings can be chosen when issuing new reports or configuring a scheduled report. | |||
==== Top connections==== | |||
connections | The third component shows the top connections in the report time window. | ||
It lists the connections with the most throughput in the report time window. | |||
The information contain the names of both communication partners and the layer 7 protocol. | |||
Configuration variables | The output contains when the connection has been started and when the last activity has been. | ||
For easier reading, the output also contains the start time in relation to the report start time and the end time in relation to the report end time. | |||
Finally, a graph over the whole report time is shown. | |||
===== Configuration variables===== | |||
This report component can be configured about the number of top connections to be used for the report. This setting can be chosen when issuing new reports or configuring a scheduled report. | |||
==== Top retransmissions (Firmware >= 4.3) ==== | |||
This component shows the top IP address, sorted by retransmitted bytes. For each IP address, the number of TCP retransmissions and the graph of transmissions and retransmissions are displayed. | |||
In addition, the device names are displayed if this information is available. | |||
===== Configuration variables ===== | |||
This report component can be configured about the number of top IP addresses with TCP retransmissions. | |||
==== Used TLS versions with top users (Firmware >= 4.3) ==== | |||
This component shows the used TLS version with traffic graph and its top x users. TLS version and users are sorted by bytes. | |||
In addition, the device names of the users are displayed if this information is available. | |||
===== Configuration variables ===== | |||
The number of top IP users per TLS version can be configured for this report component. | |||
==== Used TLS ciphers with top users (Firmware >= 4.3) ==== | |||
This component shows the used TLS ciphers with traffic graph and its top x users. TLS ciphers and users are sorted by number of handshakes. | |||
In addition, the device names of the users are displayed if this information is available. | |||
===== Configuration variables ===== | |||
The number of top IP users per TLS cipher can be configured for this report component. | |||
==== Top IP/ports==== | |||
This component shows the top IP/port pairs grouped by IP address and sorted by traffic in the report time window. It lists the IP address, its port, layer 4 and layer 7 protocols and received and sent bytes. | |||
The traffic sorting is performed globally. | |||
=====Configuration variables===== | |||
Following configuration parameters are available: | |||
* Top IP/ports: The number of top IP/ports to be used for the report can be configured. This setting can be chosen when issuing new reports or configuring a scheduled report. The maximum value is 10000. | |||
* Max ports per IP: The number of different ports shown per IP address. Default: unlimited. | |||
* Sort by: The sorting can be selected in the drop down box. Following sortings are possible. | |||
** received bytes: sorts the IP/ports list by received bytes for a port in descending order. | |||
** sent bytes: sort by sent bytes from a port in descending order. | |||
** received + sent bytes: sorts by all traffic for a port. | |||
*:Please note that the IPs are grouped first and the traffic sorting is applied afterwards. | |||
* Select port: The ports of the connection between two IPs can be configured. By default the port is used that belongs to the IP address that is shown in the table (own port). The port of the IP of the peer can be selected in the drop down box. With this setting a source address will be shown with its destination port and vice versa. | |||
:Consider the following connections as an example: | |||
:* 12.34.56.78:80 <-> 51.2.3.4:65432 | |||
:* 12.34.56.78:80 <-> 51.2.3.7:63111 | |||
:* 12.34.56.78:80 <-> 51.2.3.9:65432 | |||
:When own port is chosen, the report will show 12.34.56.78:80 with the aggregated traffic counters of all three connections. With this setting the most used IP/ports in the network are shown. | |||
:When port of peer is chosen, the report will show 12.34.56.78:65432 and 12.24.56.78:63111. The connections will be aggregated if own IP address and port of the peer are the same. With this setting you can find out e.g. the most used client ports for a certain server. | |||
{| class="wikitable" | |||
- | |- | ||
|[[File:Reports.png|700px|none|right]] | |||
|} | |||
== Web interface == | |||
The reports web interface contains three tabs. | The reports web interface contains three tabs. | ||
The first tabs shows all already finished reports. The second tab | The first tabs shows all already finished reports. The second tab | ||
shows all scheduled report that are automatically executed at a | shows all scheduled report that are automatically executed at a | ||
configured time. | configured time. | ||
The third tab contains some settings for the reporting feature. | The third tab contains some settings for the reporting feature. | ||
List of available reports | ===== List of available reports===== | ||
The table is sorted by the issue date. The state column gives | The table is sorted by the issue date. The state column gives | ||
information about running reports, whether they have been finished or | information about running reports, whether they have been finished or | ||
| Line 176: | Line 155: | ||
In this first tab you can also issue a new report that is executed | In this first tab you can also issue a new report that is executed | ||
immediately when all other reports are finished. The details are | immediately when all other reports are finished. The details are | ||
described below in the section | described below in the section '''Report configuration'''. | ||
Scheduled reports | =====Scheduled reports===== | ||
The second tab contains the list of reports that are scheduled for | The second tab contains the list of reports that are scheduled for | ||
| Line 188: | Line 166: | ||
statistics. | statistics. | ||
The button | The button '''Create a new scheduled report''' allows to add a new entry | ||
to the list of reports. The configuration details are described below | to the list of reports. The configuration details are described below | ||
in the section | in the section '''Report configuration'''. Each report may have a | ||
different configuration about the content of the report. | different configuration about the content of the report. | ||
| Line 200: | Line 178: | ||
notification box will show up if changes are pending. | notification box will show up if changes are pending. | ||
Settings | ===== Settings===== | ||
The logo that is displayed on the top of the title page can be customized. By | The logo that is displayed on the top of the title page can be customized. By | ||
using the | using the '''Upload custom logo''' button an image in '''PNG format''' can be uploaded. Since firmware version 4.6 JPEG and GIF images are supported too. The | ||
image will be rendered at 96 dpi and the aspect ratio is maintained. Use the | image will be rendered at 96 dpi and the aspect ratio is maintained. Use the | ||
'''Remove custom logo''' button to fall back to the default logo. | |||
A optional text can be displayed on the title page. Simply enter the desired text | A optional text can be displayed on the title page. Simply enter the desired text | ||
into the text box and press the | into the text box and press the '''Save settings''' button. | ||
The report email notification settings can be used to send the report via e-mail | The report email notification settings can be used to send the report via e-mail | ||
to the address configured in the global configuration section. | to the address configured in the global configuration section. | ||
Report configuration | |||
== Report configuration == | |||
The report configuration dialog is used for issuing new reports or | The report configuration dialog is used for issuing new reports or | ||
| Line 227: | Line 205: | ||
The last section select the report interval for newly issued reports, | The last section select the report interval for newly issued reports, | ||
or the repeat interval for scheduled reports. | or the repeat interval for scheduled reports. | ||
[[File:Reports2.png|700px|border]] | |||
[[File:Reports3.png|700px|border]] | |||
[[File:Reports1.png|400px|border]] | |||
Latest revision as of 10:56, 31 July 2025
PDF reports can be generated to give an overview about the network for a certain time span.
Those reports are either automatically issued every hour or every day, or issued on demand.
Each report can be configured about the amount of information shown in the report.
The PDF can be downloaded from the web front end or sent via email to a configurable address.
Reports are persistently stored on the internal drive so they are available even after switching the device off.
Available report options
Filter Options (Firmware >= 4.2)
- by Virtual link group: Select the Virtual Link Group
- by IP
- no: Use no IP Filter
- address or subnet: Only create a report on an IP address or a subnet such as 10.0.0.0/24. No Network segment overview and Top protocols report is possible.
- group: Only create a report on one IP group. No Network segment overview and Top protocols report is possible.
Network segment overview
This component gives a detailed overview about the activity in all network segments.
The first section shows a list of all VLANs that have been activity during the report interval.
The table shows the amount of MAC addresses and IP addresses and the total amount of traffic happened.
Also, a graphic graph is shown. Q-in-Q VLAN tags are also shown if applicable.
The second section shows more information for each VLAN seen.
It prints the number of MAC addresses, IPv4, and IPv6 addresses.
Additionally, for each private IPv4 network, the number of active IP addresses is shown as well.
All DHCP servers in the VLAN segment is show as well as all DNS servers.
Based on a passive estimation the router MAC addresses are shown.
Finally, all NIC vendors are listed with the number of devices active for each vendor.
Top protocols
The second component gives an overview about the kind of traffic used in the network the most.
It shows the top network protocols used in the report time window, together with the top users and their peers.
For each of the top protocols, the amount of traffic is shown as well as a graph.
Next, the top users for each protocol is shown.
For each network subscriber, the IP and available name information are listed.
The amount of traffic for the specific user is listed as well as a graph for the time period.
Additionally, the top peer IPs are shown in a table listing what computers the top subscriber has been contacted and the corresponding amount of traffic.
Configuration variables
This report component can be configured about the number of top protocols, the number of top users, and the number of top peers to beused for the report.
These settings can be chosen when issuing new reports or configuring a scheduled report.
Top connections
The third component shows the top connections in the report time window.
It lists the connections with the most throughput in the report time window.
The information contain the names of both communication partners and the layer 7 protocol.
The output contains when the connection has been started and when the last activity has been.
For easier reading, the output also contains the start time in relation to the report start time and the end time in relation to the report end time.
Finally, a graph over the whole report time is shown.
Configuration variables
This report component can be configured about the number of top connections to be used for the report. This setting can be chosen when issuing new reports or configuring a scheduled report.
Top retransmissions (Firmware >= 4.3)
This component shows the top IP address, sorted by retransmitted bytes. For each IP address, the number of TCP retransmissions and the graph of transmissions and retransmissions are displayed.
In addition, the device names are displayed if this information is available.
Configuration variables
This report component can be configured about the number of top IP addresses with TCP retransmissions.
Used TLS versions with top users (Firmware >= 4.3)
This component shows the used TLS version with traffic graph and its top x users. TLS version and users are sorted by bytes.
In addition, the device names of the users are displayed if this information is available.
Configuration variables
The number of top IP users per TLS version can be configured for this report component.
Used TLS ciphers with top users (Firmware >= 4.3)
This component shows the used TLS ciphers with traffic graph and its top x users. TLS ciphers and users are sorted by number of handshakes.
In addition, the device names of the users are displayed if this information is available.
Configuration variables
The number of top IP users per TLS cipher can be configured for this report component.
Top IP/ports
This component shows the top IP/port pairs grouped by IP address and sorted by traffic in the report time window. It lists the IP address, its port, layer 4 and layer 7 protocols and received and sent bytes.
The traffic sorting is performed globally.
Configuration variables
Following configuration parameters are available:
- Top IP/ports: The number of top IP/ports to be used for the report can be configured. This setting can be chosen when issuing new reports or configuring a scheduled report. The maximum value is 10000.
- Max ports per IP: The number of different ports shown per IP address. Default: unlimited.
- Sort by: The sorting can be selected in the drop down box. Following sortings are possible.
- received bytes: sorts the IP/ports list by received bytes for a port in descending order.
- sent bytes: sort by sent bytes from a port in descending order.
- received + sent bytes: sorts by all traffic for a port.
- Please note that the IPs are grouped first and the traffic sorting is applied afterwards.
- Select port: The ports of the connection between two IPs can be configured. By default the port is used that belongs to the IP address that is shown in the table (own port). The port of the IP of the peer can be selected in the drop down box. With this setting a source address will be shown with its destination port and vice versa.
- Consider the following connections as an example:
- 12.34.56.78:80 <-> 51.2.3.4:65432
- 12.34.56.78:80 <-> 51.2.3.7:63111
- 12.34.56.78:80 <-> 51.2.3.9:65432
- When own port is chosen, the report will show 12.34.56.78:80 with the aggregated traffic counters of all three connections. With this setting the most used IP/ports in the network are shown.
- When port of peer is chosen, the report will show 12.34.56.78:65432 and 12.24.56.78:63111. The connections will be aggregated if own IP address and port of the peer are the same. With this setting you can find out e.g. the most used client ports for a certain server.
 |
Web interface
The reports web interface contains three tabs. The first tabs shows all already finished reports. The second tab shows all scheduled report that are automatically executed at a configured time. The third tab contains some settings for the reporting feature.
List of available reports
The table is sorted by the issue date. The state column gives information about running reports, whether they have been finished or aborted, etc.
The PDF column allows to view and download the final PDF report.
The delete button will remove the report completely. This command cannot be undone. Also, the number of reports that can be stored is 100. For each additional report, the oldest report will be removed.
In this first tab you can also issue a new report that is executed immediately when all other reports are finished. The details are described below in the section Report configuration.
Scheduled reports
The second tab contains the list of reports that are scheduled for regular execution. Reports can be run automatically on a daily or hourly basis. In each variant, the report time window will be chosen accordingly so that for daily reports the whole last day is used while for hourly reports the last hour is used as a basis for all statistics.
The button Create a new scheduled report allows to add a new entry to the list of reports. The configuration details are described below in the section Report configuration. Each report may have a different configuration about the content of the report.
In the table of reports, the individual entries can be removed or edited. Also, it is possible to issue a report immediately with the corresponding configuration.
Changes to the list take only effect if the settings are saved. A notification box will show up if changes are pending.
Settings
The logo that is displayed on the top of the title page can be customized. By using the Upload custom logo button an image in PNG format can be uploaded. Since firmware version 4.6 JPEG and GIF images are supported too. The image will be rendered at 96 dpi and the aspect ratio is maintained. Use the Remove custom logo button to fall back to the default logo.
A optional text can be displayed on the title page. Simply enter the desired text into the text box and press the Save settings button.
The report email notification settings can be used to send the report via e-mail to the address configured in the global configuration section.
Report configuration
The report configuration dialog is used for issuing new reports or configuring scheduled report.
The first elements describe which kind of report components should be included. Each component (described above) can be disabled or enabled (which is the default). For some components, variables can be chosen like the number of top protocols or the number of top connections.
The last section select the report interval for newly issued reports, or the repeat interval for scheduled reports.
