Applies To:

Show Versions Show Versions

Manual Chapter: FirePass® Controller version 6.0 Administrator Guide: Using FirePass Controller Reports
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>


10

Using FirePass Controller Reports


Overview of FirePass controller reports

You can display and print reports that describe FirePass controller activity and status. You can also download and save a report as a Microsoft® Excel (.xls) file.

You can find several types of reports on the Reports screen. To access the reports screen, in the navigation pane, click Reports.

  • Application Logs (App Logs) report
    Provides aggregate and per-user access logs. For more information, see Using the App Logs report .
  • Group report
    Provides a snapshot of the user-group distribution and group-based usage averages. For more information, see Using the Group report .
  • HTTP and HTTPS Log report
    Provides various types of server logs, such as a HTTP and HTTPS server access logs, HTTP and HTTPS server error logs, and a SSL engine log. For more information, see Using HTTP Log reports .
  • Logons report
    Provides a list of all attempts to log on to the FirePass controller. For more information, see Using the Logons report .
  • Sessions report
    Provides a list of all active user sessions and a history of sessions, along with the corresponding user names, logon names, times, and status. For more information, see Using the Sessions report .
  • Summary report
    Provides a summary of global or group-based user activity, including statistics, and descriptions of browser-type usage over specified periods of time. For more information, see Using the Summary report .
  • System Logs report
    Displays local system logs. If you use an external syslog server, only errors are logged locally. For more information, see Using the System Logs report .

For information about archiving and purging logs, see the online help for the Device Management : Maintenance : Logs screen.

Using the App Logs report

The App Logs report contains a list of entries that indicate actions that users, administrators, and the FirePass controller superuser performed on the FirePass controller. You can use the App Logs report to track user activity on the FirePass controller.

To display the App Log report

  1. In the navigation pane, click Reports, and click App Logs.
    The App Logs report screen opens.
  2. Choose the options you want or download the log.
    For more information about App Logs report options, see Working with the App Logs report , following.

Working with the App Logs report

You have several options when working with this particular report. You can take any one of these actions, several of them, or all of them.

  • To download and open the report as an Excel (.xls) file, click the Download report data link.
    The process starts the local or browser-based Excel application and opens the report.
  • To save the report locally on a Windows-based computer, right- click the Download report data link, and then follow the instructions to save the report to your local desktop.
  • In reports that contain more than 20 records, navigate to other screens by clicking the navigation buttons at the top of the screen for First , Previous , Next , and Last .
  • To filter the report for a specific user, click the link representing the user's name in the Logon column.
    To show all users again, click the Show all records link at the top of the report.
  • To display details about a specific session, click a link in the Session ID column.
    To return to the App Logs screen, click the Back to Reports : App Logs page link at the top of the screen.

Understanding entries in the App Logs report

Each entry in the App Logs report contains data that identifies one action or operation by a user. The FirePass controller records all user operations. You can use the contents of this log to monitor user activity on the FirePass controller.

The log contains several types of data.

  • Time
    Represents the start date and time of the associated session. A typical Time value looks similar to the following example: 10/25/2005 0:28.
  • Source IP
    Represents the IP address where the session originated. A typical Source IP looks similar to the following example: 192.168.12.10.
  • Logon
    Represents the name for the logged on user who originated the session. A typical Logon looks similar to the following example: joeu
  • Session ID
    Represents the unique identifier assigned to the session. A typical Session ID looks similar to the following example: f8e63
  • Record
    Represents a single action recorded for the associated user. A typical Record looks similar to the following example: [594330] Access menu App Logs.
  • User agent string
    Represents the string the browser returns to identify itself. A typical User agent string looks similar to the following example: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1).

Using the Group report

The Group report provides a snapshot of the user-group distribution and group-based averages. The FirePass controller records activity for each group.

To work with the Group report

  1. In the navigation pane, click Reports, and click Group Report.
    The Group report screen opens.
  2. Choose the options you want or download the log.
    For more information about Group report options, see Working with the Group report , following.

Working with the Group report

You have several options when working with this particular report. You can take any one of these actions, several of them, or all of them.

  • To download and open the report as an Excel (.xls) file, click the Download report data link.
    The process starts the local or browser-based Excel application and opens the report.
  • To save the report locally on a Windows-based computer, right- click the Download report data link, and then follow the instructions to save the report to your local desktop.
  • To specify a varying date range for the Group report:
    • Select starting date from the Reporting period from lists.
    • Select the ending date from the to (inclusive) lists.
    • Click the Apply button .
  • To restrict the report to a predefined date range, click the Last Week, Last 2 Weeks, Last Month, or Last Year links.
    The dates in Reporting period from and to (inclusive) change to reflect the predefined range.

Understanding entries in the Group report

Each entry in the Group report contains data that identifies how users from the various master groups have used the FirePass controller. You can use the contents of this log to determine the activity level of each master group on the FirePass controller. If no users from a specific master group logged on during the report interval, there is no entry for that group in the report.

The Group log contains several types of data.

  • Group
    Represents the name of the master group. A typical Group value looks similar to the following example: Default.
  • Users
    Represents two variables: the number of user accounts in the master group shown in the Group value, and the percentage of the total users in all master groups. A typical Users entry looks similar to the following examples: for user accounts: 9, and for percent of total: 67%.
  • Sessions
    Represents the two variables: the total number of logons by users in the master group shown in the Group value, and a percentage of the total logons for users in all groups. A typical Sessions entry looks similar to the following examples: total: 15, and for percent of total: 92%.
  • Avg. Time at
    Shows a calculated average of time spent in Desktop Access or on the FirePass controller webtop. The entry is a number representing the average number of seconds in each mode during the reporting period.
  • Favorite webifyer
    Represents the unique identifier assigned to the session. Some possible values include Windows Files, Terminal Servers, and Web Applications.

Using HTTP Log reports

The HTTP Log report provides several types of server logs. You can use entries the various logs to monitor the HTTP activity on the FirePass controller.

  • HTTP server access log
  • HTTP server error log
  • HTTPS server access log
  • HTTPS server error log
  • SSL engine log

The FirePass controller updates content in the logs in the HTTP Log report on a daily basis. You can use an online calendar to select the day for which you want to display a HTTP Log report.

To work with the HTTP Log report

  1. In the navigation pane, click Reports, and click HTTP Logs.
    The HTTP Logs report screen opens.
  2. Choose the options you want or download the log.
    For more information about HTTP Log report options, see Working with the HTTP Log report , following.

Working with the HTTP Log report

You have several options when working with this particular report. You can take any one of these actions, several of them, or all of them.

  • To sort the list, click the Date, Class, IP, ID, or Text column at the top of the report.
    The column heading that the screen is using to sort the logs is not active.
  • From the list at the top of the screen, select a log type, and then click the Apply button .
  • To download the log, click the log name link at the top of the report, and follow the instructions to open or save the report.
  • To reveal the page-navigation and online calendar boxes, click the Reveal button . Then do any of the following:
    • To display a specific page, type the page number in the Select Page box, and then click the go button.
    • To specify the number of records per page, type the number of records in the Records Per Page box, and then click the go button.
    • Click the Calendar link, and click the date for which you want to display the report.
  • To display additional records in the report, click the Previous button , or the Next button  at the top or bottom of the report to view the previous or next 20 records.

Understanding entries in the HTTP Logs report

The HTTP Logs report provides access to several logs containing different types of data. Each entry in the HTTP Logs report contains data that describes the HTTP commands that the FirePass controller runs. The HTTP Logs report consist of several logs.

  • Server access log (http)
  • Server error log (http)
  • Server access log (https)
  • Server error log (https)
  • SSL engine log

Understanding the Server access log (http) log

You can download extra-access_log to view the content of the Server access log (http). To download the log, click the log name at the top of the table.

The Server access log (http) contains several types of data.

  • Date
    Represents the start date and time of the associated session. A typical Date value looks similar to the following example: [24/Oct/2005:00:17:48 -0700].
  • Class
    Represents the class of event associated with the entry in the log. The Server access log (http) does not have any associated Class values.
  • IP
    Represents the IP address where the session originated. A typical IP looks similar to the following example: 192.168.12.10.
  • ID
    Represents the unique identifier assigned to the log entry. A typical ID value looks similar to the following example: 400.
  • Text
    Represents the HTTP command that the FirePass controller processed. A typical Text value looks similar to the following example: "GET /vdesk/admincon/index.php?a=welcome&click=1 HTTP/1.1" 200 3095.

Understanding the Server error log (http) log

You can download extra-error_log to view the content of the Server error log (http). To download the log, click the log name at the top of the table.

The Server error log (http) contains several types of data.

  • Date
    Represents the start date and time of the associated session. A typical Date value looks similar to the following example: [24/Oct/2005:00:17:48 -0700].
  • Class
    Represents the class of event associated with the entry in the log. A typical Class value looks similar to the following example: notice.
  • IP
    Represents the IP address where the session originated. A typical IP looks similar to the following example: 192.168.12.10.
  • ID
    Represents the unique identifier assigned to the log entry. A typical ID value looks similar to the following example: 400.
  • Text
    Represents the HTTP command that the FirePass controller processed. A typical Text value looks similar to the following example: "CONNECT 10.4.10.10:81 HTTP/1.0" 200 0.

Understanding the Server access log (https) log

You can download https.extra-access_log to view the content of the Server access log (https). To download the log, click the log name at the top of the table.

The Server access log (https) contains several types of data.

  • Date
    Represents the start date and time of the associated session. A typical Date value looks similar to the following example: [24/Oct/2005:00:17:48 -0700].
  • Class
    Represents the class of event associated with the entry in the log. The Server access log (https) does not have any associated Class values.
  • IP
    Represents the IP address where the session originated. A typical IP looks similar to the following example: 192.168.12.10.
  • ID
    Represents the unique identifier assigned to the log entry. A typical ID value looks similar to the following example: 400.
  • Text
    Represents the HTTPS command that the FirePass controller processed. A typical Text value looks similar to the following example: "GET /vdesk/admincon/stats.php?a=lo&exp=&newpage=29&newerrpp=20&newfilen=2&sorttype=&go=1 HTTP/1.1" 200 13180.

Understanding the Server error log (https) log

You can download https.extra-error_log to view the content of the Server error log (https). To download the log, click the name at the top of the table.

The Server error log (https) contains several types of data.

  • Date
    Represents the start date and time of the associated session. A typical Date value looks similar to the following example: [24/Oct/2005:00:17:48 -0700].
  • Class
    Represents the class of event associated with the entry in the log. A typical Class value looks similar to the following example: notice.
  • IP
    Represents the IP address where the session originated. The Server error log (https) does not show any IP values.
  • ID
    Represents the unique identifier assigned to the log entry. The Server error log (https) does not show any ID values.
  • Text
    Represents the HTTPS command that the FirePass controller processed. A typical Text value looks similar to the following example: Apache configured -- resuming normal operations.

Understanding the SSL engine log

You can download ssl_engine_log to view the content of the SSL engine log. To download the log, click the log name at the top of the table.

The SSL engine log contains several types of data.

  • Date
    Represents the start date and time of the associated session. A typical Date value looks similar to the following example: [24/Oct/2005:00:17:48 -0700].
  • Class
    Represents the class of event associated with the entry in the log. A typical Class value looks similar to the following example: error.
  • IP
    Represents the IP address where the session originated. The SSL engine log does not show any IP values.
  • ID
    Represents the unique identifier assigned to the log entry. A typical ID value looks similar to the following example: 02047.
  • Text
    Represents errors that the SSL engine sent to the FirePass controller. A typical Text value looks similar to the following example: System: No such file or directory (errno: 2).

Using the Logons report

The Logon report provides a list of attempts to log on to the FirePass controller, both successful and unsuccessful.

You can filter the report for unsuccessful attempts, which quickly provides an audit trail for detecting access attempts by unauthorized sources. In addition, the FirePass controller administrator receives a security alert message if a specified number of unsuccessful attempts (default 20) to log on occur within a configurable interval (default 5 minutes). You can change the number of unsuccessful attempts and configure the interval on the User Access Security screen, available under Security in the navigation pane.

To work with the Logons report

  1. In the navigation pane, click Reports, and click Logons.
    The Logons report screen opens.
  2. Choose the options you want or download the log.
    For more information about Logons report options, see Working with the Logons report , following.

Working with the Logons report

You have several options when working with this particular report. You can take any one of these actions, several of them, or all of them.

  • To download and open the report as an Excel (.xls) file, click the Download report data link.
    The process starts the local or browser-based Excel application and opens the report.
  • To save the report locally on a Windows-based computer, right- click the Download report data link, and then follow the instructions to save the report to your local desktop.
  • In reports that contain more than 20 records, navigate to other screens by clicking the navigation buttons at the top of the screen for First , Previous , Next , and Last .
  • To filter the report for unsuccessful logon attempts, click the Show Failures link.
    To show all logon attempts, click the Show All link.
  • To display details about a particular logon attempts, click the link for the user's name.

Understanding entries in the Logons report

Each entry in the Logons report contains data that describes the logons on the FirePass controller. You can use the contents of this log to monitor logon activity on the FirePass controller.

The Logons report contains several types of data.

  • Logon
    Represents the name for the logged on user who originated the session. A typical Logon looks similar to the following example: joeu.
  • Valid user?
    Indicates whether the user who attempted the logon operation was recognized as a user on the FirePass controller. Values for Valid user? are Yes and No.
  • Passed?
    Indicates whether the logon attempt succeeded. Values for Passed? are Yes and No.
  • Name
    Represents the values from the First Name and Last Name fields in the user's details. If the FirePass controller cannot determine an associated user, the Name field contains N/A.
  • Time (<time_zone>)
    Represents the start date and time of the associated session, represented in the time zone configured for the controller. A typical Time value looks similar to the following example: 10/25/2005 0:28.
  • User agent
    Represents the string the browser returns to identify itself. A typical User agent string looks similar to the following example: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511.
  • From
    Represents the IP address where the session originated. A typical From value looks similar to the following example: 10.40.11.4.

Using the Sessions report

The Sessions report provides various types of reports for user sessions and a history of sessions, along with the corresponding user names, logons, session duration, and status.

To display the Session report

  1. In the navigation pane, click Reports, and click Sessions.
    The Sessions report screen opens.
  2. Choose the options you want or download the log.
    For more information about Sessions report options, see Working with the Sessions report , following.

Working with the Sessions report

You have several options when working with this particular report. You can take any one of these actions, several of them, or all of them.

  • To download and open the report as an Excel (.xls) file, click the Download report data link.
    The process starts the local or browser-based Excel application and opens the report.
  • To save the report locally on a Windows-based computer, right- click the Download report data link, and then follow the instructions to save the report to your local desktop.
  • In reports that contain more than 20 records, navigate to other screens by clicking the navigation buttons at the top of the screen for First , Previous , Next , and Last .
  • To have the data update every 20 seconds, check the Refresh every 20 sec check box.
  • To filter the list for a specific user, type a logon name in the Show sessions for box, and then click the magnifying glass .
    To show all users, clear the Show sessions for box, and then click the magnifying glass .
  • To show a list of currently active sessions, click the Currently active tab.
    On the Currently active tab, you can halt a specific session by clicking the associated Kill link at the end of the row.
  • To show a list of the sessions for the current day, click the Today's sessions tab.
    On the Today's sessions tab, you can get details about a specific session (such as browser type or IP address) by clicking a date link in the Start column.
  • To show a list of all sessions that have occurred, click the Complete History tab.
    On the Complete History tab, you can get details about a specific session (such as browser type or IP address) by clicking a date link in the Start column.
  • To show daily aggregate session counts, click the Session Summary tab.
    On the Session Summary tab, you can get details about a specific session by clicking a link in the Date column.

Understanding entries in the Sessions report

Each entry in the Sessions report contains data that describes session activity on the FirePass controller. You can use the contents of these logs to monitor sessions on the FirePass controller.

The Sessions report provides access to several logs containing different types of data.

Understanding the Currently active log

The Currently active log contains a list of the active connections to the FirePass controller. The Currently active report contains several types of data.

  • Name
    Represents the values from the First Name and Last Name fields in the user's details. If the FirePass controller cannot determine an associated user, the Name field contains N/A.
  • Logon
    Represents the name for the logged on user who originated the session. A typical Logon looks similar to the following example: joeu.
  • Start Time (<time_zone>)
    Represents the start date and time of the associated session, represented in the time zone configured for the controller. A typical Start Time value looks similar to the following example: 10/25/2005 01:21:54.
  • Expiration Time (<time_zone>)
    Represents the start date and time of the associated session, represented in the time zone configured for the controller. A typical Expiration Time value looks similar to the following example: 10/25/2005 001:21:54.
  • Status
    Indicates the status of the associated session. A typical Status value looks similar to the following example: Logged on server.
  • Id
    Represents the unique identifier assigned to the session. A typical Id value looks similar to the following example: f8e63.

Understanding the Today's sessions log

The Today's sessions log contains a list of the active connections to the FirePass controller. The Today's sessions report contains several types of data.

  • Start (<time_zone>)
    Represents the start date and time of the associated session, represented in the time zone configured for the controller. A typical Start value looks similar to the following example: 10/25/2005 01:21:54.
  • User
    Represents the logon name of the logged on user who originated the session. A typical User value looks similar to the following example: joeu.
  • Name
    Represents the values from the First Name and Last Name fields in the user's details.
  • Duration
    Represents the length of the session, in the format HH:MM:SS, where HH represents the hour, in 24-hour format, MM represents the minutes, from 1 through 60, and SS represents the seconds, from 1 through 60. A typical Duration value looks similar to the following example: 00 24 43.
  • From
    Represents the IP address where the session originated. A typical From value looks similar to the following example: 10.4.0.2.
  • To
    Indicates the type of connection requested. A typical To value looks similar to the following example: MyNetwork.
  • Status
    Indicates the status of the session. A typical Status value looks similar to the following example: Server session in progress.

Understanding the Complete history log

The Complete History log contains a list of the active connections to the FirePass controller. The Complete History report contains several types of data.

  • Start (<time_zone>)
    Represents the start date and time of the associated session, represented in the time zone configured for the controller. A typical Start value looks similar to the following example: 10/25/2005 01:21:54.
  • User
    Represents the logon name of the logged on user who originated the session. A typical User value looks similar to the following example: joeu.
  • Name
    Represents the values from the First Name and Last Name fields in the user's details.
  • Duration
    Represents the length of the session, in the format HH:MM:SS, where HH represents the hour, in 24-hour format, MM represents the minutes, from 1 through 60, and SS represents the seconds, from 1 through 60. A typical Duration value looks similar to the following example: 00 24 43.
  • From
    Represents the IP address where the session originated. A typical From value looks similar to the following example: 192.168.12.10.
  • To
    Indicates the type of connection requested. A typical To value looks similar to the following example: MyNetwork.
  • Status
    Indicates the status of the session. A typical Status value looks similar to the following example: Logged out from server.

Understanding the Session summary log

The Session Summary log contains a list of the active connections to the FirePass controller. The Session Summary report contains several types of data.

  • Date
    Indicates the date of the session summary. A typical Date value looks similar to the following example: 10/25/2005.
  • Min
    Indicates the smallest number of connections (greater than 0) that occurred on the date indicated. The value in Min is a number.
  • Avg
    Indicates the average number of connections that occurred on the date indicated. The value in Avg is a value calculated based on the number of connections, divided by the number of hours in a day.
  • Max
    Indicates the largest number of simultaneous connections that occurred on the date indicated. The value in Max is a number.

The Sessions Summary screen also contains the number of access requests the FirePass controller processed as well as a visual representation of the maximum number of simultaneous connections.

Using the Summary report

The Summary report provides a summary of global or a group-based user activity, including stats and descriptions of operating system and browser type usage over specified periods of time. You can also display optional bar graphs in the report.

To display the Summary report

  1. In the navigation pane, click Reports, and click Summary Report.
    The Summary report screen opens.
  2. Choose the options you want or download the log.
    For more information about System Logs report options, see Working with the Summary report , following.

Working with the Summary report

You have several options when working with this particular report. You can take any one of these actions, several of them, or all of them.

  • From the For the group list, select the group that you want to create a Summary report for.
  • To download and open the report as an Excel (.xls) file, click the Download report data link.
    The process starts the local or browser-based Excel application and opens the report.
  • To save the report locally on a Windows-based computer, right- click the Download report data link, and then follow the instructions to save the report to your local desktop.
  • To specify a varying date range for the Summary report:
    • Select starting date from the Reporting period from lists.
    • Select the ending date from the to (inclusive) lists.
    • Click the Apply button .
  • To include bar graphs in the report, check the Show graphs check box.
  • To restrict the report to a predefined date range, click the Last Week, Last 2 Weeks, Last Month, or Last Year links.
    The dates in Reporting period from and to (inclusive) change to reflect the predefined range.

Understanding entries in the Summary report

The Summary report screen provides a number of aggregated statistics of various types. You can select varying reporting periods from the predefined lists.

  • Stats
    Provides measurements of various activity, such as total sessions, average FirePass controller session, and average number of sessions per week.
  • Daily Activation
    Shows the breakdown of logon activity by day of the week, from Sunday through Saturday.
  • User Activity Totals
    Shows the breakdown of user activity, from high activity to inactive, including the number of users and the percentage of total users they represent.
  • Browser Type
    Indicates the type of browser used to log on and the number of users who used each type.
  • OS Type
    Indicates the type of operating system used to log on and the number of users who used each type.
  • Session terminations
    Indicates the number of sessions that ended for each method of ending.
  • Feature Access
    Indicates how the users used the sessions with the FirePass controller. A typical value in the Feature Access table is Administrative Console.

Using the System Logs report

The System Logs report displays local system logs. If you use an external syslog server, only errors are logged locally. You can use the Device Management : Maintenance : Logs screen to specify and configure an external syslog server.

To display the System Logs report

  1. To access the System Logs report, in the navigation pane, click Reports, and click System Logs.
    The System Logs report screen opens.
  2. Choose the options you want or download the log.
    For more information about System Logs report options, see Working with the System Logs report , following.

Working with the System Logs report

You have several options when working with this particular report. You can take any one of these actions, several of them, or all of them.

  • From the Period list, select the month to include when creating the Summary report.
  • From the Source list, select the category to include when creating the Summary report, or select All to include all categories.
  • To download and open the report as an Excel (.xls) file, click the Download report data link.
    The process starts the local or browser-based Excel application and opens the report.
  • To save the report locally on a Windows-based computer, right- click the Download report data link, and then follow the instructions to save the report to your local desktop.

Understanding entries in the System Logs report

The System Logs report screen provides a number of aggregated statistics of various types. You can select varying reporting periods from the predefined lists.

  • Date
    Indicates the date on which the FirePass controller logged the entry. A typical Date value looks similar to the following example: Oct-25.
  • Time
    Indicates the time, in 24-hour format, at which the FirePass controller logged the entry. A typical Time value looks similar to the following example: 1:30:08.
  • Source
    Indicates the origin of the logged entry. A typical Source value looks similar to the following example: firepass
  • Message
    Indicates the type of activity the logged entry represents. A typical Message value looks similar to the following example:
    [-] FirePass service started on firepass.siterequest.com.



Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)