Personal tools
Reports
From UntangleWiki
 Reports
|
|
About Untangle Reports
Untangle Server generates Untangle Reports, and makes them available through:
- Online
- Email summary
- CSV file (for further data analysis)
Reports can be viewed on the Untangle Server, or email summary reports can be emailed to report recipients. While the emailed report provides a significant amount of information on your network traffic, you cannot drill down to get extreme granularity. When this is needed, you should use the emailed report as a guide so that you can identify specific instances for further analysis with online reporting and/or with CSV-based report data.
Please note that upon a new Untangle server installation, Untangle Reports are unavailable until after the first full day of server usage.
Settings
The Settings tab allows you to change how the Reports are generated.
Status
The View Reports button. which is available after the first full day of server usage, will open a new window (IE) or tab (firefox) to display the current report.
Generation
The Add button will provide entry fields for adding another email address to received the reports that are generated.
- Email Address: A valid email address to receive the reports. Sometimes the reports might be caught by SPAM filters so check quarantines if reports are not recieved.
- Email Reports: Whether or not to send reports. This checkbox is useful for temporarily turning on/off reports to specific users.
- Online Reports: This checkbox allows the email address of a user to log in the online reports page to view reports. The password field must be set along with this checkbox to allow access.
- Password: Along with the Online Reports checkbox, entering a password will enable a user to login with the email address and this password to view reports.
- Confirm Password: Confirms password from above field.
Email Attachment Settings
Online reports have CSVs (comma separated value spreadsheets) which contains all the data used for generating the tables and graphs in the reports. The CSVs enable admins to perform further analysis on the traffic patterns.
- Attach Detailed Report Logs checkbox enables the sending of CSVs in a zip file with the emailed reports.
- Attachment size field limits the size of the CSVs attached to the email. As CSVs are added to the attachment zip field, once the size of the zip file reaches the size entered in this field, no more CSV files are added. This field is mostly used when the receiving email server limits the size of attachments. Limiting the size of the attached file will prevent the report email from being bounced at the receiving email server.
Daily Reports
- The checkbox is for enabling of daily reports. The reports are generally generated around 1-2am server local time.
Weekly Reports
Weekly reports are a complete summary of the past 7 days. Each day checked will generate a report for the previous 7 days from that day. For example checking Sunday and Wednesday will generate a report on Sunday for the previous Sunday through Saturday traffic and on Wednesday, the report will be previous Wednesday through Tuesday traffic.
WARNING: Retention Data should be at least 7 days to get this full report.
Monthly Reports
This type of report contains all the traffic for the previous 30 days.
WARNING: Retention Data should be at least 30 days to get this full report.
Data Retention
Data Retention is the amount in days of traffic data is kept. If desired, you may change Data Retention from its default setting (7 days) to a value of your choosing. This value controls how much time report data is kept on disk. This data is used to generate per host/user/email reports on the fly. Please note that increasing the number increases the amount of disk space that is needed for data storage, and could have negative effects.
Reports Retention
This controls how long the static reports are kept on the server. Each report uses a small amount of disk space.
Name Map
The Untangle Server makes Reports available through email and online. Emails on the recipient list with 'Email Reports' enabled will receive email summary reports. Top-level information presented in the email report is identical to that provided online, though the online report provides the capability to get information at a deeper level.
In order to maintain the name to IP Address to a specific device, it's recommended to also add those IP addresses as static reference in Config -> Networking -> DHCP Server -> Add Static in the DHCP list.
Directory Connector can provide this functionality automatically.
To replace IP addresses with names:
- From Reports, click the Settings button.
- Click the Name Map tab.
- Click the plus (Add) button above the table. A new row appears in the table.
- Specify the Name Map (IP address) and user name, and click the Save button.
Viewing Reports
Email Summary Reports
The Untangle Server makes Reports available through email and online. Emails on the recipient list with 'Email Reports' enabled will receive email summary reports. Top-level information presented in the email report is identical to that provided online, though the online report provides the capability to get information at a deeper level.
Online Reports
To access Reports from Untangle Client:
- Click on the Settings button on Reports.
- From Reports, click the View Reports button.
To access Reports directly with a browser:
- In a browser, type https://PublicAddress/reports where PublicAddress is either the public hostname or public IP address of the Untangle Server. For example, https://10.0.0.1/reports. If a non-standard HTTPS port is used, the port number must also be entered. As an example, if port 8443 is used for remote admin and report viewing, you would enter https://10.0.0.1:8443/reports.
- Specify your login and password. The Untangle Reports home page displays. If you do not have a valid login, contact your administrator.
As mentioned previously, online reports allow you to analyze reporting data in granular detail. In reports provided for each app, data contained in email reports is limited to that which is included under the Summary Report for each product (referring to the above graphics). All products have one or more tabs that contain event data for the product, which you are already familiar with in the Untangle rack. This allows you to refer to the specific event that causes the user/host/site to show up in the report.
In addition, the online Summary Report contains hyperlinks which allow you to drill down for further information. Using the sample below, each user who shows up on the pie chart (left) is shown also in the table (right), with a colored tile to help you locate them in the pie chart, and a hyperlink that allows you to analyze their usage at a deeper level. Following that link, you can see their usage on an hourly basis, on a daily basis, their acceptable web usage, unacceptable web usage, and bandwidth used.
Another major enhancement shows up near the top of each table. Immediately under the label Key Statistics is an icon. Clicking on the icon causes your Untangle server to collect data used in the report and store it into a CSV file, which you can download and have immediately available to you for analysis as you see fit. While many of the downloadable data sets appear trivial by themselves, they allow you to study in depth when used in conjunction with corresponding event data.
External Report Viewing
If you wish to access the online version of Untangle Reports from a location external to the Untangle server, click the Config tab at the left of your screen, followed by Administration. The Administration screen will open in the main part of your screen. Under External Administration, check the Enable External Report Viewing checkbox.
Configuration of reports is fairly simple. There are a few options to control which reports are generated and what data they contain. There are also a few parameters to control how long data and old reports are kept on the server.
Event Log
There isn't one!
Related Topics
Reports FAQs
Why am I not receiving Untangle Reports?
- If your Untangle Server is turned on, its possible that the reports have not yet been sent. Reports are emailed on a daily basis. Wait up to 24 hours to receive your first report email. Go to Specifying When Untangle Server Generates Untangle Reports.
- If you have been using the Untangle Server for more than 24 hours, verify that you configured the Untangle Server with your outgoing mail server settings. Go to Configuring Server Email Traffic.
Why am I not receiving the Detailed Report through email?
Beginning with Untangle 7.0, a new report engine is being used. The reports are more detailed than they have been in the past, but you can only receive maximum detail by using online reports.
What is the difference between event logs and Reports?
Event logs contain the underlying data from which the Untangle Server generates Untangle Reports. However, there are a few differences. Event logs provide real-time information whereas Untangle Reports provide next-day information. Moreover, the event logs show activity by IP address; Untangle Reports are more user-friendly because they show activity by user.
Can I email Reports to anyone?
Yes, as outlined in Emailing Recipients Untangle Reports, you can email reports to anyone. That user does not need administrator privileges. There is no limit on the number of users that receive the Untangle Reports.
I just upgraded my Untangle box. My reports are missing. Why?
The next time that scheduled reports are run, the top-level report index gets rebuilt according to the new standard. If you run reports daily, please allow 24 hours before reports are available. If you only run weekly or monthly reports (and not daily), please allow one reporting cycle.
The key statistics does not appear to match the data in the graph. Why?
The 24-hour graphs show an average of all days covered by the reports. In other words, it shows what a "typical" day looks like. The actual max and avg of any given day could be far greater or less than the "typical" day.
The spam/phishing stats don't seem to add up. Why?
You may notice that some reports may report a certain number of phish/spam email, but the event log and CSVs show a different number. This is because the graphs show the actual number of emails, but the event log and CSVs treat each recipient as an individual email so per-user/host reports are correct. So, for example, if a single spam email is sent to two users it will only be counted as one in the reports, but two in the event log/CSV file.
Timestamp ( date ) column is not displayed properly after I export reports to CSV file. Why?
If you are using MS Excel to view the exported CSV file, you can change the format of the cell ( first column) to a Date format.
What is the others column when looking at the charts in Reports?
When looking at the top 10 of a Reports chart, Others is made up of everything else not listed - in the following example, we can see the top 9 sites visited by users in a day. Others is there to give us a baseline, for example if we saw one or two users with a larger percentage than Others, we'd probably want to do some investigating as to why that user is pushing more web traffic than a large portion of the organization (relative to total organization size).
