Applies To:

Show Versions Show Versions

Manual Chapter: Using FirePass Controller Reports
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

10 
You can display and print reports that describe FirePass controller activity and status. You can also download and save a report as a Microsoft® Excel (.xls) file.
You can find several types of reports on the Reports screen. To access the reports screen, in the navigation pane, click Reports.
Application Logs (App Logs) report
Provides aggregate and per-user access logs. For more information, see Using the App Logs report.
Group report
Provides a snapshot of the user-group distribution and group-based usage averages. For more information, see Using the Group report.
HTTP and HTTPS Logs report
Provides various types of server logs, such as a HTTP and HTTPS server access logs, HTTP and HTTPS server error logs, and a SSL engine log. For more information, see Using HTTP Logs reports.
Logons report
Provides a list of all attempts to log on to the FirePass controller. For more information, see Using the Logons report.
Sessions report
Provides a list of all active user sessions and a history of sessions, along with the corresponding user names, logon names, times, and status. For more information, see Using the Sessions report.
Summary report
Provides a summary of global or group-based user activity, including statistics, and descriptions of browser-type usage over specified periods of time. For more information, see Using the Summary report.
System Logs report
Displays local system logs. If you use an external syslog server, you must configure your FirePass controller to generate log errors locally. For more information, see Using the System Logs report.
The App Logs report contains a list of entries indicating actions that users, administrators, and superusers perform on the FirePass controller. You can use the App Logs report to track user activity on the FirePass controller.
1.
In the navigation pane, click Reports, and click App Logs.
The App Logs report screen opens.
2.
Choose the options you want or download the log.
For more information about App Logs report options, see Working with the App Logs report, following.
You have several options when working with this particular report. You can take any one of these actions, several of them, or all of them.
To download and open the report as an Excel (.xls) file, click the Download report data link.
The process starts the local or browser-based Excel application and opens the report.
To save the report locally on a Windows-based computer, right- click the Download report data link, and then follow the instructions to save the report to your local desktop.
In reports that contain more than 20 records, navigate to other screens by clicking the navigation buttons at the top of the screen for First , Previous , Next , and Last .
To filter the report for a specific user, click the link representing the users name in the Logon column.
To show all users again, click the Show all records link at the top of the report.
To display details about a specific session, click a link in the Session ID column.
To return to the App Logs screen, click the Back to Reports : App Logs page link at the top of the screen.
Each entry in the App Logs report contains data that identifies one action or operation by a user. The FirePass controller records all user operations. You can use the contents of this log to monitor user activity on the FirePass controller.
Time
Represents the start date and time of the associated session. A typical Time value looks similar to the following example: 10/25/2005 0:28.
Source IP
Represents the IP address where the session originated. A typical Source IP looks similar to the following example: 192.168.12.10.
Logon
Represents the name for the logged on user who originated the session. A typical Logon looks similar to the following example: joeu
Session ID
Represents the unique identifier assigned to the session. A typical Session ID looks similar to the following example: f8e63
Record
Represents a single action recorded for the associated user. A typical Record looks similar to the following example: [594330] Access menu App Logs.
User agent string
Represents the string the browser returns to identify itself. A typical User agent string looks similar to the following example: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1).
The Group report provides a snapshot of the user-group distribution and groupbased averages. The FirePass controller records activity for each group.
1.
In the navigation pane, click Reports, and click Group Report.
The Group report screen opens.
2.
Choose the options you want or download the log.
For more information about Group report options, see Working with the Group report, following.
You have several options when working with this particular report. You can take any one of these actions, several of them, or all of them.
To download and open the report as an Excel (.xls) file, click the Download report data link.
The process starts the local or browser-based Excel application and opens the report.
To save the report locally on a Windows-based computer, right- click the Download report data link, and then follow the instructions to save the report to your local desktop.
Select starting date from the Reporting period from lists.
To restrict the report to a predefined date range, click the Last Week, Last 2 Weeks, Last Month, or Last Year links.
The dates in Reporting period from and to (inclusive) change to reflect the predefined range.
Each entry in the Group report contains data that identifies how users from the various master groups have used the FirePass controller. You can use the contents of this log to determine the activity level of each master group on the FirePass controller. If no users from a specific master group logged on during the report interval, there is no entry for that group in the report.
Group
Represents the name of the master group. A typical Group value looks similar to the following example: Default.
Users
Represents two variables: the number of user accounts in the master group shown in the Group value, and the percentage of the total users in all master groups. A typical Users entry looks similar to the following examples: for user accounts: 9, and for percent of total: 67%.
Sessions
Represents the two variables: the total number of logons by users in the master group shown in the Group value, and a percentage of the total logons for users in all groups. A typical Sessions entry looks similar to the following examples: total: 15, and for percent of total: 92%.
Avg. Time at
Shows a calculated average of time spent on the FirePass controller webtop. The entry is a number representing the average number of seconds in each mode during the reporting period.
Favorite webifyer
Represents the unique identifier assigned to the session. Some possible values include Windows Files, Terminal Servers, and Web Applications.
The HTTP Logs report provides several types of server logs. You can use entries from various logs to monitor the HTTP activity on the FirePass controller.
The FirePass controller updates content in the logs in the HTTP Log report in real-time. You can use an online calendar to select the day for which you want to display a HTTP Log report.
1.
In the navigation pane, click Reports, and click HTTP Logs.
The HTTP Logs report screen opens.
2.
Choose the options you want or download the log.
For more information about HTTP Logs report options, see Working with the HTTP Logs report, following.
You have several options when working with this particular report. You can take any one of these actions, several of them, or all of them.
To download the log, click the log name link at the top of the report, and follow the instructions to open or save the report.
To reveal the page-navigation and online calendar boxes, click the Reveal button . Then do any of the following:
To display a specific page, type the page number in the Select Page box, and then click the go button.
To specify the number of records per page, type the number of records in the Records Per Page box, and then click the go button.
Click the Calendar link, and click the date for which you want to display the report.
To display additional records in the report, click the Previous button , or the Next button  at the top or bottom of the report to view the previous or next 20 records.
The HTTP Logs report provides access to several logs containing different types of data. Each entry in the HTTP Logs report contains data that describes the HTTP commands that the FirePass controller runs. The HTTP Logs report consist of several logs.
You can download extra-access_log to view the content of the Server access log (http). To download the log, click the log name at the top of the table.
The Server access log (http) contains several types of data.
Date
Represents the start date and time of the associated session. A typical Date value looks similar to the following example: [24/Oct/2005:00:17:48 -0700].
Class
Represents the class of event associated with the entry in the log. The Server access log (http) does not have any associated Class values.
IP
Represents the IP address where the session originated. A typical IP looks similar to the following example: 192.168.12.10.
ID
Represents the unique identifier assigned to the log entry. A typical ID value looks similar to the following example: 400.
Text
Represents the HTTP command that the FirePass controller processed. A typical Text value looks similar to the following example: "GET /vdesk/admincon/index.php?a=welcome&click=1 HTTP/1.1" 200 3095.
You can download extra-error_log to view the content of the Server error log (http). To download the log, click the log name at the top of the table.
The Server error log (http) contains several types of data.
Date
Represents the start date and time of the associated session. A typical Date value looks similar to the following example: [24/Oct/2005:00:17:48 -0700].
Class
Represents the class of event associated with the entry in the log. A typical Class value looks similar to the following example: notice.
IP
Represents the IP address where the session originated. A typical IP looks similar to the following example: 192.168.12.10.
ID
Represents the unique identifier assigned to the log entry. A typical ID value looks similar to the following example: 400.
Text
Represents the HTTP command that the FirePass controller processed. A typical Text value looks similar to the following example: "CONNECT 10.4.10.10:81 HTTP/1.0" 200 0.
You can download https.extra-access_log to view the content of the Server access log (https). To download the log, click the log name at the top of the table.
The Server access log (https) contains several types of data.
Date
Represents the start date and time of the associated session. A typical Date value looks similar to the following example: [24/Oct/2005:00:17:48 -0700].
Class
Represents the class of event associated with the entry in the log. The Server access log (https) does not have any associated Class values.
IP
Represents the IP address where the session originated. A typical IP looks similar to the following example: 192.168.12.10.
ID
Represents the unique identifier assigned to the log entry. A typical ID value looks similar to the following example: 400.
Text
Represents the HTTPS command that the FirePass controller processed. A typical Text value looks similar to the following example: "GET /vdesk/admincon/stats.php?a=lo&exp=&newpage=29&newerrpp=20&newfilen=2&sorttype=&go=1 HTTP/1.1" 200 13180.
You can download https.extra-error_log to view the content of the Server error log (https). To download the log, click the name at the top of the table.
The Server error log (https) contains several types of data.
Date
Represents the start date and time of the associated session. A typical Date value looks similar to the following example: [24/Oct/2005:00:17:48 -0700].
Class
Represents the class of event associated with the entry in the log. A typical Class value looks similar to the following example: notice.
IP
Represents the IP address where the session originated. The Server error log (https) does not show any IP values.
ID
Represents the unique identifier assigned to the log entry. The Server error log (https) does not show any ID values.
Text
Represents the HTTPS command that the FirePass controller processed. A typical Text value looks similar to the following example: Apache configured -- resuming normal operations.
You can download ssl_engine_log to view the content of the SSL engine log. To download the log, click the log name at the top of the table.
Date
Represents the start date and time of the associated session. A typical Date value looks similar to the following example: [24/Oct/2005:00:17:48 -0700].
Class
Represents the class of event associated with the entry in the log. A typical Class value looks similar to the following example: error.
IP
Represents the IP address where the session originated. The SSL engine log does not show any IP values.
ID
Represents the unique identifier assigned to the log entry. A typical ID value looks similar to the following example: 02047.
Text
Represents errors that the SSL engine sent to the FirePass controller. A typical Text value looks similar to the following example: System: No such file or directory (errno: 2).
You can filter the report for unsuccessful attempts, which quickly provides an audit trail for detecting access attempts by unauthorized sources. In addition, the FirePass controller administrator receives a security alert message if a specified number of unsuccessful attempts (default 20) to log on occur within a configurable interval (default 5 minutes). You can change the number of unsuccessful attempts and configure the interval on the User Access Security screen, available under Security in the navigation pane.
1.
In the navigation pane, click Reports, and click Logons.
The Logons report screen opens.
2.
Choose the options you want or download the log.
For more information about Logons report options, see Working with the Logons report, following.
You have several options when working with this particular report. You can take any one of these actions, several of them, or all of them.
To download and open the report as an Excel (.xls) file, click the Download report data link.
The process starts the local or browser-based Excel application and opens the report.
To save the report locally on a Windows-based computer, right-click the Download report data link, and then follow the instructions to save the report to your local desktop.
In reports that contain more than 20 records, navigate to other screens by clicking the navigation buttons at the top of the screen for First , Previous , Next , and Last .
To filter the report for unsuccessful logon attempts, click the Show Failures link.
To show all logon attempts, click the Show All link.
Each entry in the Logons report contains data that describes the Logons on the FirePass controller. You can use the contents of this log to monitor logon activity on the FirePass controller.
Logon
Represents the name for the logged-on user who originated the session. A typical logon looks similar to the following example: joeu.
Valid user?
Indicates whether the user who attempted the operation was recognized as a user on the FirePass controller. Values for Valid user are Yes and No.
Passed?
Indicates whether the logon attempt succeeded. Values for Passed are Yes and No.
Name
Represents the values from the First Name and Last Name settings in the users details. If the FirePass controller cannot determine an associated user, the Name column contains N/A.
Time (<time_zone>)
Represents the start date and time of the associated session, represented in the time zone configured for the controller. A typical time value looks similar to the following example: 10/25/2005 0:28.
User agent
Represents the string the browser returns to identify itself. A typical User agent string looks similar to the following example: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511.
From
Represents the IP address where the session originated. A typical From value looks similar to the following example: 10.40.11.4.
The Sessions report provides various types of reports for user sessions and a history of sessions, along with the corresponding user names, session duration, and status.
1.
In the navigation pane, click Reports, and click Sessions.
The Sessions report screen opens.
2.
Choose the options you want or download the log.
For more information about Sessions report options, see Working with the Sessions report, following.
You have several options when working with this particular report. You can take any one of these actions, several of them, or all of them.
To download and open the report as an Excel (.xls) file, click the Download report data link.
The process starts the local or browser-based Excel application and opens the report.
To save the report locally on a Windows-based computer, right- click the Download report data link, and then follow the instructions to save the report to your local desktop.
In reports that contain more than 20 records, navigate to other screens by clicking the navigation buttons at the top of the screen for First , Previous , Next , and Last .
To filter the list for a specific user, type a logon name in the Show sessions for box, and then click the magnifying glass .
To show all users, clear the Show sessions for box, and then click the magnifying glass .
To show a list of currently active sessions, click the Currently active tab.
On the Currently active tab, you can halt a specific session by clicking the associated Kill link at the end of the row.
To show a list of the sessions for the current day, click the Todays sessions tab.
On the Todays sessions tab, you can get details about a specific session (such as browser type or IP address) by clicking a date link in the Start column.
To show a list of all sessions that have occurred, click the Complete History tab.
On the Complete History tab, you can get details about a specific session (such as browser type or IP address) by clicking a date link in the Start column.
To show daily aggregate session counts, click the Session Summary tab.
On the Session Summary tab, you can get details about a specific session by clicking a link in the Date column.
Each entry in the Sessions report contains data that describes session activity on the FirePass controller. You can use the contents of these logs to monitor sessions on the FirePass controller.
The Currently active log contains a list of the active connections to the FirePass controller. The logs contains several types of data.
Name
Represents the values from the First Name and Last Name settings in the users details. If the FirePass controller cannot determine an associated user, the Name column contains N/A.
Logon
Represents the name for the logged on user who originated the session. A typical logon looks similar to the following example: joeu.
Start Time (<time_zone>)
Represents the start date and time of the associated session, represented in the time zone configured for the controller. A typical Start Time value looks similar to the following example: 10/25/2005 01:21:54.
Expiration Time (<time_zone>)
Represents the start date and time of the associated session, represented in the time zone configured for the controller. A typical Expiration Time value looks similar to the following example: 10/25/2005 001:21:54.
Status
Indicates the status of the associated session. A typical Status value looks similar to the following example: Logged on server.
Id
Represents the unique identifier assigned to the session. A typical ID value looks similar to the following example: f8e63.
The Todays sessions log contains a list of the active connections to the FirePass controller. The Todays sessions report contains several types of data.
Start (<time_zone>)
Represents the start date and time of the associated session, represented in the time zone configured for the controller. A typical Start value looks similar to the following example: 10/25/2005 01:21:54.
User
Represents the logon name of the logged on user who originated the session. A typical User value looks similar to the following example: joeu.
Name
Represents the values from the First Name and Last Name settings in the users details.
Duration
Represents the length of the session, in the format HH:MM:SS, where HH represents the hour, in 24-hour format, MM represents the minutes, from 1 through 60, and SS represents the seconds, from 1 through 60. A typical Duration value looks similar to the following example: 00 24 43.
From
Represents the IP address where the session originated. A typical From value looks similar to the following example: 10.4.0.2.
To
Indicates the type of connection requested. A typical To value looks similar to the following example: MyNetwork.
Status
Indicates the status of the session. A typical Status value looks similar to the following example: Server session in progress.
The Complete history log contains a list of the active connections to the FirePass controller. The Complete history report contains several types of data.
Start (<time_zone>)
Represents the start date and time of the associated session, represented in the time zone configured for the controller. A typical Start value looks similar to the following example: 10/25/2005 01:21:54.
User
Represents the logon name of the logged on user who originated the session. A typical User value looks similar to the following example: joeu.
Name
Represents the values from the First Name and Last Name settings in the users details.
Duration
Represents the length of the session, in the format HH:MM:SS, where HH represents the hour, in 24-hour format, MM represents the minutes, from 1 through 60, and SS represents the seconds, from 1 through 60. A typical Duration value looks similar to the following example: 00 24 43.
From
Represents the IP address where the session originated. A typical From value looks similar to the following example: 192.168.12.10.
To
Indicates the type of connection requested. A typical To value looks similar to the following example: MyNetwork.
Status
Indicates the status of the session. A typical Status value looks similar to the following example: Logged out from server.
The Session Summary log contains a list of the active connections to the FirePass controller. The Session Summary report contains several types of data.
Date
Indicates the date of the session summary. A typical Date value looks similar to the following example: 10/25/2005.
Min
Indicates the smallest number of connections (greater than 0) that occurred on the date indicated. The value in Min is a number.
Avg
Indicates the average number of connections that occurred on the date indicated. The value in Avg is a value calculated based on the number of connections, divided by the number of hours in a day.
Max
Indicates the largest number of simultaneous connections that occurred on the date indicated. The value in Max is a number.
The Sessions Summary screen also contains the number of access requests the FirePass controller processed as well as a visual representation of the maximum number of simultaneous connections.
The Summary report provides a summary of global or a group-based user activity, including stats and descriptions of operating system and browser type usage over specified periods of time. You can also display optional bar graphs in the report.
1.
In the navigation pane, click Reports, and click Summary Report.
The Summary report screen opens.
2.
Choose the options you want or download the log.
For more information about System Logs report options, see Working with the Summary report, following.
You have several options when working with this particular report. You can take any one of these actions, several of them, or all of them.
From the For the group list, select the group that you want to create a Summary report for.
To download and open the report as an Excel (.xls) file, click the Download report data link.
The process starts the local or browser-based Excel application and opens the report.
To save the report locally on a Windows-based computer, right- click the Download report data link, and then follow the instructions to save the report to your local desktop.
Select starting date from the Reporting period from lists.
To restrict the report to a predefined date range, click the Last Week, Last 2 Weeks, Last Month, or Last Year links.
The dates in Reporting period from and to (inclusive) change to reflect the predefined range.
The Summary report screen provides a number of aggregated statistics of various types. You can select varying reporting periods from the predefined lists.
Stats
Provides measurements of various activity, such as total sessions, average FirePass controller session, and average number of sessions per week.
Daily Activation
Shows the breakdown of logon activity by day of the week, from Sunday through Saturday.
User Activity Totals
Shows the breakdown of user activity, from high activity to inactive, including the number of users and the percentage of total users they represent.
Browser Type
Indicates the type of browser used to log on and the number of users who used each type.
OS Type
Indicates the type of operating system used to log on and the number of users who used each type.
Session terminations
Indicates the number of sessions that ended for each method of ending.
Feature Access
Indicates how the users used the sessions with the FirePass controller. A typical value in the Feature Access table is Administrative Console.
The System Logs report displays local system logs. If you use an external syslog server, you can configure the FirePass controller to log errors locally. You can use the Device Management : Maintenance : Logs screen to specify and configure an external syslog server.
1.
To access the System Logs report, in the navigation pane, expand Reports, and click System Logs.
The System Logs report screen opens.
2.
Choose the options you want or download the log.
For more information about System Logs report options, see Working with the System Logs report, following.
You have several options when working with this particular report. You can take any one of these actions, several of them, or all of them.
From the Period list, select the month to include when creating the Summary report.
From the Source list, select the category to include when creating the Summary report, or select All to include all categories.
To download and open the report as an Excel (.xls) file, click the Download report data link.
The process starts the local or browser-based Excel application and opens the report.
To save the report locally on a Windows-based computer, right- click the Download report data link, and then follow the instructions to save the report to your local desktop.
The System Logs report screen provides a number of aggregated statistics of various types. You can select varying reporting periods from the predefined lists.
Date
Indicates the date on which the FirePass controller logged the entry. A typical Date value looks similar to the following example: Oct-25.
Time
Indicates the time, in 24-hour format, at which the FirePass controller logged the entry. A typical Time value looks similar to the following example: 1:30:08.
Source
Indicates the origin of the logged entry. A typical Source value looks similar to the following example: firepass.
Message
Indicates the type of activity the logged entry represents. A typical Message value looks similar to the following example:
[-] FirePass service started on firepass.siterequest.com.
The following logging options and database control features are available from the Device Management : Maintenance : Logs screen.
Disable database logging
When checked, this option disables database logging in the FirePass controller. When log messages are disabled, the system can achieve better performance, such as an increase in authentications per second.
Disable local system logging
When checked, this option disables local system logging from the FirePass controller.
Logging levels (Emergency, Alert, Critical, Error, Warning, Notice, Information)
For each FirePass component (Application Access, Endpoint Security, Portal Access, and so on), there is an option list from which you can select a logging level per component.
HTTP and SSL logging options
This HTTP logging option includes an on or off toggle for HTTP Access Logs, selectable HTTP Error Log levels (Emergency, Alert, Critical, Error, Warning, Notice, Information), and SSL Engine log levels (Error, Warning, Information).
Purge logs
This displays the last-purged and next-purged schedule near the top of the Purge logs area. The actual interval and day posted depends on the option selected in Keep logs for list, and the dates applicable to your set up.
Temporary archive storage
When enabled, you can create new archives and transmit those archived logs in several ways: E-Mail, FTP, and SCP.
Local logs
This provides options for logging for applications.
System logs
This provides options to log user activity and system events to a remote system log server.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)