Cyberoam Iview Administrator Guide: Document Version 1.0-10.04.3.0543-21/06/2013

Cyberoam iView
Administrator Guide
Version 10
Document Version 1.0- 10.04.3.0543-21/06/2013
Cyberoam iView Administrator Guide
Contents
Preface ...................................................................................................................... 3
Intended Audience.......................................................................................................................... 3
Guide Organization......................................................................................................................... 3
Technical Support ................................................................................................... 5

Part 1: Cyberoam iView Basics ............................................................................... 6
Introduction ..................................................................................................................................... 6
Accessing Cyberoam iView ............................................................................................................ 6
Understanding Interface Web Admin Console ............................................................................ 8
Dashboard .................................................................................................................................... 10
Part 2: Configuration.............................................................................................. 65
Custom View Management .......................................................................................................... 65
Report Notification Management .................................................................................................. 70
Data Management ........................................................................................................................ 76
Manual Purge ............................................................................................................................... 80
Bookmark Management ............................................................................................................... 81
Chart Preferences ........................................................................................................................ 84
ConnectWise ................................................................................................................................ 86
Preface
Welcome to Cyberoam iView Administrators Guide.
Intended Audience
This Guide is intended for the people who want to access reports generated by Cyberoam iView. A
basic TCP/IP networking concepts knowledge is required.
Guide Organization
This Guide provides information regarding the administration and customization of Cyberoam
iView and helps you manage and customize Cyberoam iView to meet your organizations various
requirements.
This Guide is organized into six parts:
Part 1 Cyberoam iView Basics
It describes how to start using Cyberoam iView.
Part 2 Configuration
It describes minimum configuration settings required to generate reports using Cyberoam iView,
which includes Custom View management, Report Notification Management, Data Management,
Manual Purge, Bookmark Management and Chart Preferences.
Part 3 Reports
It describes how to access and navigate through the drilldown reports. It also provides description
of all the reports generated by Cyberoam iView. Refer to Cyberoam iView Reports Guide for more
details.
Part 4 Compliance Reports
It describes various types of compliance reports provided by Cyberoam iView and how to access
and navigate through the drilldown reports. It also provides description of all the compliance
reports generated by Cyberoam iView. Refer to Cyberoam iView Reports Guide for more details.
Part 5 - Trend Reports
It describes various types of trend reports to interpret the pattern of the network activities. Refer to
Cyberoam iView Reports Guide for more details.
Part 6 - Search Reports
It describes how to retrieve various reports based on multiple search parameters. Refer to
Cyberoam iView Reports Guide for more details.
Typographic Conventions
All contents in this guide including text or screenshots follow the given list of conventions.
Item
Convention
Server
Machine where Cyberoam Software - Server component is

installed
Machine where Cyberoam Software - Client component is
installed
The end user
Username uniquely identifies the user of the system
Client
User
Username
Topic titles
Example
Shaded
typefaces
font
Introduction
Subtitles
Bold & Black

typefaces
Navigation link
Bold typeface
System Configuration Bookmark Management

It means, to open the required page click on System then on
Configuration and finally click Bookmark Management menu.
Name
of
a
particular
parameter / field
/
command
button text
Cross
references
Notes & points
to remember
Lowercase italic
type
Enter policy name, replace policy name with the specific name of
a policy
Or
Click Name to select where Name denotes command button text
which is to be clicked
Refer to Customizing User database Clicking on the link will open
the particular topic
Prerequisites
Bold typefaces
between
the
black borders
Hyperlink
in
different color
Bold typeface
between
the
black borders
Notation conventions
Note
Prerequisite
Prerequisite details
Technical Support
You may direct all questions, comments, or requests concerning the software you purchased, your
registration status, or similar issues to Customer care/service department at the following address:
Corporate Office
Cyberoam Technologies Pvt. Ltd.
901, Silicon Tower
Off C.G. Road
Ahmedabad 380006
Gujarat, India.
Phone: +91-79-66065606
Fax: +91-79-26407640
Web site: www.cyberoam.com
Cyberoam contact:
Technical support (Corporate Office): +91-79-26400707
Email: support@cyberoam.com
Web site: www.cyberoam.com
Visit www.cyberoam.com for the regional and latest contact information.
Part 1: Cyberoam iView Basics

Introduction
Cyberoam iView is a logging and reporting solution that provides organizations with visibility into
their networks for high levels of security, data confidentiality while meeting the requirements of
regulatory compliance.
Cyberoam iView offers a single view of the entire network activity. This allows organizations not
just to view information across hundreds of users, applications and protocols; it also helps them
correlate the information, giving them a comprehensive view of network activity.
With Cyberoam iView, organizations receive logs and reports related to intrusions, attacks, spam
and blocked attempts, both internal and external, enabling them to take rapid action throughout
their network anywhere in the world.
Accessing Cyberoam iView

Access Web Admin Console, a browser-based Interface to configure and manage Cyberoam iView
and view reports. You can access Cyberoam iView reports from following ways:
Log on to Cyberoam iView reports from Cyberoam Web Admin Console
Log on to Cyberoam Web Admin Console and go to Logs & Reports View Reports
click Report option given in the button bar
ScreenCyberoam iView Web Admin Console
Screen Elements
Description
Username
Password
Language
Specify user login name. Default username is admin

Specify password. Default password is admin
Select the language. The available options are
Simplified, Chinese-Traditional, English, French, Hindi
To view reports and configure iView, select Reports
Logs on to Web Admin Console
Log on to
Login button
Click to login
Table - Login screen elements
Chinese-
Web Browser should meet the following requirements:

Microsoft Internet Explorer 6.0+
Mozilla Firefox 2.0+ (Best view)
Google Chrome
Cyberoam iView displays Main Dashboard as soon as you logon to the Web Admin Console.
Log out procedure

To avoid un-authorized users from accessing Cyberoam iView, log off after you have finished
working. This will end the session and exit from Cyberoam iView.
Understanding Interface Web Admin Console

Screen components
Screen Basic Screen Components

Screen Elements
Description
Navigation Pane
Navigation Pane on the leftmost side consists of multi-level dropdown Main menu. Main menu has following items:
Dashboards
Search
Reports
Custom Views (if created)
Trend Reports
Bookmarks (if created)
Compliance Reports
System
Admin Tool Bar
Click the menu item to access the next level menu.

A bar includes collection of links provides access to most common
and often used functions like:
Home: Click to return to main dashboard
Help: Click to access context sensitive online help
Button Bar
Logout: Click to log out from Cyberoam iView

Bar appears on upper rightmost corner of every page.
A bar that includes a collection of buttons provides an easy way to
perform tasks like add or delete on clicking them.
Global Selection
Checkbox
Individual
Selection
Checkbox
Page Information
Area
Bar appears at the top left hand corner of the Information Area of
every page.
Click to select all items.
Click to select individual item.
Displays page information corresponding to the selected menu.

Table Basic Screen Elements
Reports Menu Screen components
Screen Report Screen Components
Screen Elements
Description
Calendar
Click to select date and time range.
Breadcrumb
Navigation
Risk Meter
Reports will be generated and displayed for the selected time.

Displays the path that the user has taken to arrive at the current
page.
Displays associated risk amount.
Export to Excel
Export to PDF
Create Bookmark
Page Controls
Applicable in case of application reports only.

Exports displayed report in MS-Excel format.
Exports displayed report in PDF format.
Creates a bookmark.
Select number of rows to be displayed on each page.
Use page controls to navigate to a specific page of the report.
Table Report Screen Elements
Dashboard
Cyberoam iView displays Main Dashboard as soon as you logon to the Web Admin Console.
Dashboard provides a summary view of web and mail traffic including what is happening on the
network, such as top attacks or top spammers.
By default, Cyberoam iView provides following dashboards:
Main Dashboard: Provides network traffic overview of the device.
Custom Dashboard: Provides snapshot of users activities in your network
To return to the Main Dashboard from any other page of the Web Admin console, click Home link
provided in Admin Tool bar.
Main Dashboard
Cyberoam iView Main Dashboard provides in depth traffic visibility of the device in terms of traffic
and security overview.
It displays graphical and tabular overview of device network activities in Widget form.
Widget displays report in graphical as well as tabular format. By default, the report is displayed for
the current date. Report date can be changed through the Calendar available on the topmost row
of the page.
Click
button to close the widget and
page to retrieve the closed report widget.
button to minimize the widget. You need to refresh the
Cyberoam Main dashboard consists of two sub-dashboards:

Traffic Dashboard
Security Dashboard
Traffic Dashboard
Cyberoam iView Traffic dashboard is a collection of widgets displaying information regarding total
network traffic.
This dashboard gives complete visibility of network traffic in terms of applications, web categories,
users, hosts, source and destination countries, mail traffic and FTP activities.
Traffic Dashboard consists of following reports in widget form:
Top Applications
Top Application Categories
Top Users
Top Hosts
Top Source Countries
Top Destination Countries
Top Rule ID
Top Web Categories
Top Web Users
Top Domains
Top File Upload
Top Files Uploaded via FTP
Top Files Downloaded via FTP
Top FTP Servers
Mail Traffic Summary
Top Mail Senders
Top Mail Recipients
Top Applications widget

Report displays list of top applications along application wise distribution of total data transfer and
relative percent distribution among those applications.
View the report from Traffic Dashboard.
Report is displayed as pie chart as well as in tabular format.
By default, the report is displayed for the current date. Report date can be changed from the top
most row of the page.
Pie chart displays amount of data transferred per application while tabular report contains following
information:
Application/Proto:Port: Displays name of the application as defined in Cyberoam iView. If
application is not defined in Cyberoam iView then this field will display application identifier as
combination of protocol and port number. To define an unidentified application and group an
unassigned application, please refer to Add Custom Application under System.
Bytes: Amount of data transferred
Percent: Amount of data transfer in percentage
Screen - Top Applications
Top Application Categories widget

Report displays list of top application categories along with category wise distribution of total data
transfer and relative percent distribution among those categories.
Pie chart displays amount of data transferred per application category while tabular report contains
following information:
Category: Name of the category as defined in Cyberoam
Hits: Number of Hits to the Web category
Percent : Amount of data transfer in percentage
Screen - Top Application Categories
Top Users widget

Report displays list of top network users along with the amount of traffic generated for various
applications, hosts, destinations, domains and categories.
Pie chart displays number of Hits and amount of data transferred per user while tabular report
contains following information:
User: Username of the user as defined in the monitored device. If User is not defined in the
monitored device then it will be considered as traffic generated by Unknown user.
Screen - Top Users
Top Hosts widget

Report displays list of top hosts along with host wise distribution of total data transfer and relative
percent distribution among those hosts.
Pie chart displays number of Hits and amount of data transferred per host while tabular report
Host: IP Address of the host
Screen - Top Hosts
Top Source Countries widget

Report displays list of top source countries from where Internet traffic is generated along with
country wise distribution of total data transfer and relative percent distribution among those
countries.
Pie chart displays list of top source countries while tabular report contains following information:
Country: Name of the top source countries
Bytes: Total data transfer per source country
Percent: Relative percent distribution among the top source country
Screen - Top Source Countries
Top Destination Countries widget

Report displays list of top destination countries where web traffic is directed along with country
wise distribution of total data transfer and relative percent distribution among those countries.
Pie chart displays list of top destination countries while tabular report contains following
information:
Country: Name of the top destination countries
Bytes: Total data transfer per destination country
Percent: Relative percent distribution among the top destination country
Screen - Top Destination Countries
Top Rule ID widget

Widget displays list of rules along with rule wise distribution of total data transfer and relative
percent distribution among those rules.
Pie chart displays various countries through which the application is accessed and number of Hits
to the country while tabular report contains following information:
Rule ID: Displays firewall rule ID
Screen - Top Rule ID
Top Web Categories widget

Report displays list of top web categories along with category wise distribution of total data transfer
and relative percent distribution among those categories.
Pie chart displays amount of data transferred per web category while tabular report contains
Category: Name of the Web category as defined in Cyberoam
Hits: Number of Hits to the Web category
Screen - Top Web Categories
Top Web Users widget

Widget displays list of top web users along with user wise distribution of total data transfer and
relative percent distribution among those users.
Pie chart displays list of top web users and amount of data transferred per user while tabular report
Users: Displays user name
Screen - Top Web Users
Top Domains widget

Widget displays list of domains along with domain wise distribution of total data transfer and
relative percent distribution among those domains.
Pie chart displays various domains and amount of data transferred while tabular report contains
Domain: Displays domain name
Screen - Top Domains
Top File Upload widget

Widget displays list of files along with date, user, domain name, file name, size and source IP.
Tabular report contains following information:
Date: Time and date when the file is uploaded in YYYY-MM-DD HH:MM::SS format
Users: Name of the user who uploaded the file
Source IP: Source IP Address from where the file is uploaded
Domain Name: Name of the domain where the file is uploaded
File Name: Name of the file
Size: Size of the file
Screen - Top File Upload
Top Files Uploaded via FTP widget

Widget report displays list of the files uploaded via FTP with file wise distribution of total data
transfer and relative percent distribution among those files.
View report from Traffic Dashboard.
Report is displayed as graph as well as in tabular format.
File: Name of the top file uploaded using FTP
Bytes: Size of the top uploaded files
Percent: Relative percent distribution among the top files uploaded via FTP
Screen - Top File Uploaded via FTP
Top Files Downloaded via FTP widget

Widget report displays list of the files downloaded via FTP with file wise distribution of total data
transfer and relative percent distribution among those files.
File: Name of the top file downloaded using FTP
Bytes: Size of the top downloaded files
Percent: Relative percent distribution among the top files downloaded via FTP
Screen - Top Files Downloaded via FTP
Top FTP Servers widget

Report displays list of top FTP servers.
Server: Name of the FTP server
Bytes: Total data transfer through the FTP server
Percent: Relative percent distribution among the top FTP servers
Screen - Top FTP Servers
Mail Traffic Summary widget

Report displays type of email traffic along with number of bytes and percentage of the traffic.
Pie chart displays amount of traffic per traffic type while tabular report contains following
information:
Traffic: Type of email traffic. Possible types are :
Clean Mail
Spam
Probable Spam
Virus
Hits: Number of hits per email traffic type
Percent: Type of traffic in percentage
Screen - Mail Traffic Summary
Top Mail Senders widget

Report displays list of top email senders along with number of bytes and percentage of the traffic.
Bar graph displays amount of data transferred by each sender while tabular report contains
Sender: Email ID of the sender
Percent: Relative percent distribution among the top Mail Senders
Screen - Top Mail Senders
Top Mail Recipients widget

Report displays list of top email recipients along with number of bytes and percentage of the traffic.
Bar graph displays amount of data received by each recipient while tabular report contains
Recipient: Email ID of the recipient
Percent: Relative percent distribution among the top Mail Recipients
Screen - Top Mail Recipients
Security Dashboard
Cyberoam iView Security dashboard is a collection of widgets displaying information regarding
denied network activities and traffic. It also gives overview of malwares and spam along with
source and destination countries.
Security Dashboard consists of following reports in widget form:
Top Denied Hosts
Top Denied Users
Top Denied Applications
Top Denied Destination Countries
Top Denied Source Countries
Top Denied Rule ID
Top Denied Categories
Top Denied Domains
Top Attacks
Top Viruses
Top Spam Senders
Top Spam Recipients
Top Denied Hosts widget

Report displays a list of top hosts which made the maximum attempts to access the blocked sites.
View report from Security Dashboard.
Report is displayed using a pie chart as well as in tabular format.
Pie chart displays top denied hosts while tabular report contains following information:
Host: IP Address of the hosts
Hits: Number of attempts to access the blocked site
Percent: Relative percent distribution among the denied hosts
Screen - Top Denied Hosts
Top Denied Users widget

Report displays a list of users who made the maximum attempts to access the blocked sites.
Pie chart displays top denied users while tabular report contains following information:
User: Name of the top denied user as defined in Cyberoam iView
Hits: Number of attempts by a particular user to access the blocked site
Percent: Relative percent distribution among the denied users
Screen - Top Denied Users
Top Denied Applications widget

Report displays a list of blocked applications which has the maximum number of access attempts.
Pie chart displays top denied applications while tabular report contains following information:
Application/Proto: Port: Displays name of the application as defined in Cyberoam iView. If
application is not defined in Cyberoam iView then this field will display application identifier as
combination of protocol and port number. To define an unidentified application and group an
unassigned application, please refer to Add Custom Application under System.
Hits: Number of attempts to access the application
Percent: Relative percent distribution among the denied applications
Screen - Top Denied Applications
Top Denied Destination Countries widget

Report displays a list of destination countries with maximum number of blocked attempts.
Pie chart displays top denied destination countries while tabular report contains following
information:
Country: Name of the top denied destination country
Hits: Number of denied attempts per destination country
Percent: Relative percent distribution among the denied destination countries.
Screen - Top Denied Destination Countries
Top Denied Source Countries widget

Report displays a list of source countries from where the maximum number of blocked attempts is
originated.
Pie chart displays top denied source countries while tabular report contains following information:
Country: Name of the top denied source country
Hits: Number of denied attempts per source country
Percent: Relative percent distribution among the denied source countries
Screen - Top Denied Source Countries
Top Denied Rule ID widget

Report displays the list of the most denied firewall rule IDs.
Pie chart displays top denied rule ID while tabular report contains following information:
Rule ID: ID number of the top denied rules
Hits: Number of denied attempts per firewall rule
Percent: Relative percent distribution among the denied rule IDs
Screen - Top Denied Rule ID
Top Denied Categories widget

Report displays list of categories with the maximum number of denied attempts.
Pie chart displays top denied categories while tabular report contains following information:
Category: Name of the denied categories
Hits: Number of blocked attempts to access the category
Percent: Relative percent distribution among the denied categories
Screen - Top Denied Categories
Top Denied Domains widget

Report displays list of domain name/IP Address with the maximum number of denied attempts.
Pie chart displays denied categories while tabular report contains following information:
Domain: IP Address or domain name of the denied domain
Hits: Number of blocked attempts to access the domain
Percent: Relative percent distribution among the denied domains
Screen - Top Denied Domains
Top Attacks widget

Report displays list of attacks launched at your network along with number hits per attack.
Pie chart displays blocked attacks while tabular report contains following information:
Attack: Name of the top denied attacks
Hits: Number of blocked attempts per attack
Percent: Relative percent distribution among the attacks
Screen - Top Attacks
Top Viruses widget

Report displays list of the blocked viruses along with relative percentage distribution among the
viruses.
Pie chart displays top denied attacks while tabular report contains following information:
Virus Name: Name of the virus
Count: Number of virus instances
Percent: Relative percent distribution among the viruses
Screen - Top Viruses
Top Spam Senders widget

Report displays list of spam senders along with number of hits and relative percentage distribution.
Pie chart displays top spam senders while tabular report contains following information:
Sender: Email ID of the spam sender
Hits: Number of hits per email ID
Percent: Relative percent distribution among the spam senders
Screen - Top Spam Senders
Top Spam Recipients widget

Report displays list of spam recipients along with number of hits and relative percentage
distribution.
Pie chart displays spam recipients while tabular report contains following information:
Recipient: Email ID of spam recipient
Hits: Number of hits per recipient
Percent: Relative percent distribution among the spam recipients
Screen - Top Spam Recipients
Custom Dashboard
Cyberoam iView provides option to generate custom dashboard based on Username, Source
Host, Senders Email Address and Recipients Email Address.
Cyberoam Custom dashboard consists of three sub-dashboards:

User Dashboard : Provides Internet behavior overview of the selected user.
Source Host Dashboard: Provides overview of traffic generated by the selected source host.
Senders Email Address Dashboard: Provides the Internet activities conducted through the
selected Senders Email Address.
Recipients Email Address Dashboard: Provides the Internet activities conducted through the
selected Recipients Email Address.
User Dashboard
Cyberoam iView User Dashboard provides snapshot of users activities in your network.
To view the User Dashboard:
Go to Dashboards Custom Dashboard.
Select Username in Criteria drop-down and specify the username.
Click Go to view user based dashboard.
Screen User Criteria

User Dashboard displays following reports in Widget form:
Top Web Categories
Top Web Viruses
Internet Usage

Widget report displays number of connections and amount of data transferred per category for the
selected user.
View report from Dashboards Custom Dashboard Username.
Bar graph displays amount of data transferred per category while tabular report contains following
information:
Category: Displays name of the category as defined in monitored device. If category is not
defined in the monitored device then this field will display None at place of category name.
Hits: Number of Hits to the category
Screen Top Web Categories

Widget report displays number of connections and amount of data transferred per file for the
selected user.
Bar graph displays amount of data transferred per file while tabular report contains following
information:
File: Name of the file uploaded
Hits: Number of Hits to the file
Bytes: Amount of data uploaded
Screen Top Files Uploaded via FTP

selected user.
information:
File: Name of the file downloaded
Bytes: Amount of data downloaded
\
Screen Top Files Downloaded via FTP

Widget report displays number of connections per category for the selected user.
Bar graph displays number of connections per category while tabular report contains following
information:
Category: Displays name of the category as defined in monitored device.
Screen Top Denied Categories
Top Web Viruses widget

Widget report displays number of connections per virus for the selected user.
most row of the page
Bar graph displays number of connections per virus while tabular report contains following
information:
Virus: Name of the virus as identified by monitored device
Count: Number of virus occurrence
Screen Top Web Viruses
Internet Usage widget

Widget report displays total amount of data transfer and surfing time for the selected user.
most row of the page
Bar graph displays total amount of data transfer per user while tabular report contains following
information:
User Name: Name of the user as defined in monitored device
Data Transfer: Total amount of data transfer
Used Time: Total surfing time
Screen - Internate Usage
Source Host Dashboard

Cyberoam iView Source Host dashboard provides snapshot of traffic generated by individual host.
To view the Source Host Dashboard:
Select Source Host in Criteria drop-down and specify the source host IP Address.
Click Go to view source host based dashboard.
Screen Source Host Criteria

Source Host Dashboard displays following reports in Widget form:
Top Web Categories

Widget report displays number of connections and amount of data transferred per category for the
selected host.
View report from Dashboards Custom Dashboard Source Host IP Address.
Bar graph displays amount of data transferred per category while tabular report contains following
information:
Category: Displays name of the category as defined in monitored device. If category is not
defined in the monitored device then this field will display None at place of category name.
Screen Top Web Categories

selected host.
information:
File: Name of the file uploaded
Bytes: Amount of data uploaded
Screen Top Files Uploaded via FTP

selected user.
View report from Dashboards Custom Dashboard Source Host IP Address
information:
File: Name of the file downloaded
Bytes: Amount of data downloaded
\
Screen Top Files Downloaded via FTP

Widget report displays number of connections per category for the selected host.
Bar graph displays number of connections per category while tabular report contains following
information:
Category: Displays name of the category as defined in monitored device.
Screen Top Denied Categories
Senders Email Address Dashboard

Cyberoam iView provides snapshot of email traffic generated by selected Senders Email Address.
To view the Senders Email Address Dashboard
Select Senders Email Address in Criteria drop-down and specify the Email Address.
Click Go to view Senders Email Address based dashboard.
Screen Senders Email Address Criteria

Senders Email Address Dashboard displays following reports in Widget form:
Top Mails Sent to
Top Sender Hosts
Top Sender Destinations
Top Sender Users
Top Spam Sent
Top Mails Sent to Widget

Widget report displays list of top recipients along with the number of connections and amount of
data transferred.
View report from Dashboards Custom Dashboard Senders Email Address.
Bar graph displays amount data transferred per recipient, while tabular report contains following
information:
Recipient: Email Address of the recipient
Hits: Number of Hits to the recipient
Screen Top Mails Sent to
Top Sender Hosts Widget

Widget report displays list of top sender hosts along with the number of connections and amount of
data transferred.
Bar graph displays amount data transferred per source host, while tabular report contains following
information:
Source Host: IP Address of the host
Screen Top Sender Hosts
Top Sender Destinations Widget

Widget report displays list of top sender destinations along with the number of connections and
amount of data transferred.
Bar graph displays amount data transferred per sender destination, while tabular report contains
Destination: URL name or IP Address of the destination
Screen Top Sender Destinations
Top Sender Users Widget

Widget report displays list of top sender users along with the number of connections and amount
of data transferred.
Bar graph displays amount data transferred per sender user, while tabular report contains
User: Username of the user as defined in the monitored device. If username is not defined in
the monitored device then it will be considered as traffic generated by Unknown user
Screen Top Sender Users
Top Spam Sent Widget

Widget report displays list of top spam recipient along with the number of connections.
Bar graph displays number of connections per spam recipient, while tabular report contains
Recipient: Email Address of the spam recipient
Screen Top Spam Sent
Recipients Email Address Dashboard

Cyberoam iView provides snapshot of email traffic generated by selected Recipients Email
Address.
To view the Email Address Dashboard
Select Recipients Email Address in Criteria drop-down and specify the Email Address.
Click Go to view Recipients Email Address based dashboard.
Screen Recipients Email Address Criteria

Recipients Email Address Dashboard displays following reports in Widget form:
Top Mails Received From
Top Recipients Hosts
Top Recipient Destinations
Top Recipient Users

Top Spam Received
Top Mails Received from Widget
Widget report displays list of top senders along with the number of connections and amount of
data transferred.
View report from Dashboards Custom Dashboard Recipients Email Address.
Bar graph displays amount data transferred per sender, while tabular report contains following
information:
Sender: Email Address of the sender
Screen Top Mails Received from

Top Recipient Hosts Widget
Widget report displays list of top recipient hosts along with the number of connections and amount
of data transferred.
Bar graph displays amount data transferred per recipient host, while tabular report contains
Source Host: IP Address of the host
Screen Top Recipient Hosts
Top Recipient Destinations Widget

Widget report displays list of top recipient destinations along with the number of connections and
amount of data transferred.
Bar graph displays amount data transferred per recipient destination, while tabular report contains
Destination: URL name or IP Address of the destination
Screen Top Recipient Destinations
Top Recipient Users Widget

Widget report displays list of recipient users along with the number of connections and amount of
data transferred.
Bar graph displays amount data transferred per recipient user, while tabular report contains
User: Username of the user as defined in the monitored device. If username is not defined in
the monitored device then it will be considered as traffic generated by Unknown user
Screen Top Recipient Users
Top Spam Received Widget

Widget report displays list of top spam senders along with the number of connections.
Bar graph displays number of connections per spam sender, while tabular report contains following
information:
Sender: Email Address of the spam sender
Screen Top Spam Received
Part 2: Configuration
Cyberoam iView provides number of configuration options for customization as per your network
requirement. You can, configure mail server to send report notifications, create Custom Views and
many more.
This chapter covers following sections:
Custom View Management
Report Notification Management
Data Management
Manual Purge
Bookmark Management
Chart Preferences
Custom View Management

Custom View of reports allows grouping of the most pertinent reports that requires the special
attention for managing the network. Reports from different report groups can also be grouped in a
single view.
Use System Configuration Custom View to create and manage Custom Views in
Cyberoam iView.
In a View, maximum eight reports can be grouped. Custom View provides a single page view of all
the grouped reports.
This section describes how to:
Add Custom View
Update Custom View
Delete Custom View
Add Custom View

Go to System Configuration Custom View and click Add to create new Custom
View.
Screen Custom View Management
Screen Add Custom View Profile

Screen Elements
Description
Custom View
Specify Custom View Name, Custom View name can be any

combination of alphanumeric characters and special characters
_, @ and ..
Specify description of the Custom View, if required.
Custom
View
Description
Select Report
Ok Button
Cancel Button
Expand report group and click against the report to be added in

Custom View. Maximum 8 reports can be added.
Click to add a new Custom View.
Click to cancel Custom View addition.
Table Add New Custom View Profile Screen Elements
Screen Custom View display in Navigation Pane

Note
Added Custom Views will be displayed under Custom Views Sub menu of navigation pane.
Update Custom View

Go to System Configuration Custom View and click Custom View name to be
updated.
Screen Update Custom View

Screen Elements
Description
Custom View
Custom
View
Description
Select Report
Displays name of the Custom View.

Displays description of Custom View, modify if required.
Ok Button
Cancel Button
Expand report group tree to view current reports of Custom View.

You can add or remove reports by clicking checkbox against
them. Number of selected reports from each report group will be
displayed against group name. Maximum 8 reports can be added
to a single Custom View.
Click to save changes in Custom View.
Click to return to Custom View management page.
Table Update Custom View Screen Elements
Note
All fields except Custom View Name are editable.
Delete Custom View
Go to System Configuration Custom View to view list of Custom Views.
Screen Delete Custom View
Screen Elements
Description
Global Selection
Individual
Selection
Delete Button
Click to select all Custom Views.

Click to select individual Custom View.
Click to delete selected Custom View.
Table Delete Custom View Screen Elements
Report Notification Management

Cyberoam iView can mail reports in PDF format to specified Email Addresses as per the
configured frequency.
Add Report Notification
Update Report Notification
Delete Report Notification
Use the System Configure Report Notification to create and manage report
notifications. You can send either Cyberoam-iView reports or ConnectWise reports in report
notifications.
Screen Report Notification Management

Screen Elements
Description
Add Button
Click to add a new report notification.
Delete Button
Click to delete a report notification.
Send Test Mail Click to send a test mail.
Button
Report Notification
Name
Name of the report notification.
Report
Category of the reports.
Group/Bookmark
Email Frequency
Report notification frequency- daily or weekly.
To Email Address
Email ID of recipient(s).
Last Sent Time
Last time when the report notification was sent.
ConnectWise Schedule
Name
Name of the report notification.
Report
Name of the report to be sent
Frequency
Report notification frequency with time of the day
Number
of Number of records to be sent in report notification.
Record(s)
Last Sent Time
Last time when the report notification was sent.
Table Report Notification Management Screen Elements
Add Report Notification

Go to System Configuration Report Notification and click Add to create a new
report notification.
Screen Add Report Notification

If you want to send Cyberoam-iView reports:
Screen Add Report Notification
Screen Elements
Description
Name
Specify Report Name. Report name can be any combination of

alphanumeric characters and special characters _, @ and ..
Specify description of the report notification, if required.
Specify Email Address of the recipient in To Email Address field. Use
comma to separate multiple E-mail IDs.
Select type of the report. Possible types of reports are Report Groups
and Bookmarks
Select type of the sorting criteria. Possible types of sorting criteria are
Hits and Bytes.
Select report category from the Report Group drop down list. Reports
from selected category will be sent to the recipients.
Select bookmark from the Bookmarks drop down list. Selected
bookmarks will be sent to the recipients.
Set E-mail frequency and time. Reports can be mailed daily or weekly,
as per configured interval.
Description
To Email Address
Notification Type
Sorting Criteria
Report Group
Bookmark
Email Frequency
In case of daily notification, reports from previous day or same

day can be sent on configured time. The administrator can also
customize the time interval for generating reports.
In case of weekly notification, select day of the week and time of
the day to send report notification.
Ok Button
Cancel Button

Click to return to report notification management page.
Table Add Report Notification Screen Elements
If you want to send ConnectWise reports notification:
Screen - Add ConnectWise Report Notification
Screen Elements
Description
Name
Specify Report Name. Report name can be any combination of

alphanumeric characters and special characters _, @ and ..
Select reports to be sent. Available reports are Top Sites, Filtered Sites,
Bandwidth Usage, Top Attacks.
Specify number of records to be sent in the report notification. You can
send maximum of 50 records in a report notification.
Set E-mail frequency and time. Reports can be mailed daily as per
configured interval.
Description
Report
Number
of
Record(s)
Email Frequency
Ok Button
Cancel Button
Table Add ConnectWise Report Notification Screen Elements
Update Report Notification

Go to System Configuration Report Notification and select report notification to be
updated.
If you want to update Cyberoam-iView reports notification,
Screen Update Report Notification

Screen Elements
Description
Description
To Email Address
Displays description of the report notification, modify if required.

Displays Email Address of the recipient in To Email Address field,
modify if required.
Notification Type
Sorting Criteria
Report Group
Email Frequency
Ok Button
Cancel Button
Select type of the report. Possible types of reports are Report Groups
and Bookmarks
Select type of the sorting criteria. Possible types of sorting criteria are
Hits and Bytes.
Displays report category to send report notification, change if required.
Displays e-mail frequency and time. Reports can be mailed daily or
weekly at the configured interval. In case of weekly notification, select
day of the week.
Click to save the changes in report notification.
Table Update Report Notification Screen Elements
Note
All fields except Report Notification name are editable.
If you want to update ConnectWise reports notification,
Screen Update ConnectWise Report Notification
Screen Elements
Description
Description
Report

Select reports to be sent. Available reports are Top Sites, Filtered Sites,
Bandwidth Usage, Top Attacks.
Specify number of records to be sent in the report notification. You can
send maximum of 50 records in a report notification.
Set E-mail frequency and time. Reports can be mailed daily as per
configured interval.
Number
of
Record(s)
Email Frequency
Ok Button
Cancel Button
Table Update ConnectWise Report Notification Screen Elements
Note
All fields except Report Notification name are editable.
Delete Report Notification

Go to System Configuration Report Notification to view list of report notifications.
Screen Delete Report Notification
Screen Elements
Description
Global Selection
Individual
Selection
Delete Button
Click to select all report notifications.

Click to select individual report notification.
Click to delete selected report notifications.
Table Delete Report Notification Screen Elements
Data Management
Prerequisite
Super Admin privilege required to access and manage Data Management sub menu of System menu.
Retention of data and log archives use enormous amount of disk space. To control and optimize
the disk space usage, configure the data retention period of detailed and summarized table.
Depending on the compliance requirement, configure the log retention period.
Configure Retention Period
Use System Configuration Data Management page to configure retention period
of various data tables. You can configure retention period for various log types.
Screen Data Management
Screen Elements
Log Retention
Description
Displays type of logs to be retained.
Web Surfing Logs:
Web Surfing logs can be retained for time interval starting from 1 month
to 1 year.
Cyberoam iView has set default storage of 6 months for Web Surfing
logs. You can configure 1 Month, 2 Months, 3 Months, 6 Months, 9
Months or 1 year to retain Web Surfing logs.
Mail Logs:
Mail logs can be retained for time interval starting from 1 month to 3
months.
Cyberoam iView has set default storage of 3 months for Mail logs. You
can configure 1 Month, 2 Months or 3 Months to retain Mail logs.
IM and Blocked IM Logs:
IM and blocked IM logs can be retained for time interval starting from 1
month to 3 months.
Cyberoam iView has set default storage of 3 months for IM and Blocked
IM logs. You can configure 1 Month, 2 Months or 3 Months to retain IM
and Blocked IM logs.
FTP Logs:
FTP logs can be retained for time interval starting from 1 month to 3
months
Cyberoam iView has set default storage of 3 months for FTP logs. You
can configure 1 Month, 2 Months or 3 Months to retain FTP logs.
VPN Logs:
VPN logs can be retained for time interval starting from 1 day to 1 month.
Cyberoam iView has set default storage of 3 months for VPN logs. You
can configure 1 Day, 2 Days, 3 Days, 5 Days, 7 Days or 1 Month to
retain VPN logs.
Internet Usage Logs:
Internet usage logs can be retained for time interval starting from 1 day
to 3 months.
Cyberoam iView has set default storage of 3 months for Internet usage
logs, but you can configure 1 day, 2 days, 3 days, 5 days, 7 days, 1
month or 3 months to retain Internet Usage logs.
Blocked Web Attempts Logs:
Blocked Web Attempts logs can be retained for time interval starting from
1 month to 3 months.
Cyberoam iView has set default storage of 3 months for Blocked Web
Attempts logs, but you can configure 1 month or 2 months to retain
Blocked Web Attempts logs.

IPS (Attacks) Logs:
IPS logs can be retained for time interval starting from 1 month to 3
months.
Cyberoam iView has set default storage of 3 months for IPS logs, but
you can configure 1 month or 2 months to retain IPS logs.
Spam Logs:
Spam logs can be retained for time interval starting from 1 month to 3
months.
Cyberoam iView has set default storage of 3 months for spam logs, but
you can configure 1 month or 2 months to retain spam logs.
Virus Logs:
Virus logs can be retained for time interval starting from 1 month to 3
months.
Cyberoam iView has set default storage of 3 months for virus logs, but
you can configure 1 month or 2 months to retain virus logs.
Appliance Audit Logs:
Appliance audit logs can be retained for time interval starting from 1 day
to 1 month.
Cyberoam iView has set default storage of 1 month day for appliance
audit logs, but you can configure 1 day, 2 days, 3 days, 5 days or 7 days
to retain appliance audit logs.
Application Logs:
Application logs can be retained for time interval starting from 1 month to
1 year.
Cyberoam iView has set default storage of 6 months for appliance audit
logs, but you can configure 1 month, 2 months, 3 months, 9 months or 1
year to retain application logs.
Blocked Attempts Logs:
Blocked Attempt logs can be retained for time interval starting from 1
month to 1 year.
Cyberoam iView has set default storage of 6 months for blocked attempt
logs, but you can configure 1 month, 2 months, 3 months, 9 months or 1
year to retain blocked attempts logs.
WAF Logs:
WAF logs can be retained for time interval starting from 1 month to 1
year.
Cyberoam iView has set default storage of 6 months for WAF logs, but
you can configure 1 month, 2 months, 3 months, 9 months or 1 year to
retain blocked attempts logs.
Report Period
Displays retention period for summary reports
Export
Customization
Apply Button
Enable to allow number of records selection while saving reports in MSExcel format.
Click to apply changes in database configuration.
Table Database Configuration Screen Elements
Configure Retention Period

Go to System Configuration Data Management.
Specify retention period for Web Surfing logs, Mail logs, IM and Blocked IM logs, Internet
usage, FTP logs, Blocked Web attempts logs, IPS logs, Spam logs, Virus logs, Appliance Audit
logs, VPN logs, Application logs, Blocked Attempts logs and WAF logs.
Click Apply.
Screen Configure Retention Period

Screen Elements
Description
Period
Specify retention period value for:

Web Surfing Logs
Mail Logs
IM and Blocked IM Logs
FTP Logs
VPN logs
Internet Usage Logs
Blocked Web Attempt Logs

IPS(Attack) Logs
Spam Logs
Virus Logs
Appliance Audit Logs
Application Logs
Blocked Attempts Logs
WAF Logs
Apply Button
Click to apply changes. Changes in the retention period will be

applied at 12:00 O clock in the night.
Table Configure Retention Period Screen Elements
Note
Based on configured retention period, data from the tables will be deleted on day-by-day basis.
Manual Purge
Prerequisite
Super Admin privilege is required to access and manage Manual Purge sub menu of System menu.
Retention of data and log archives use enormous amount of disk space. You can configure the log
retention period from Data Management. Based on the configured retention period data will be
automatically deleted on day-by-day basis
Use System Configuration Manual Purge page to delete logs manually.
Screen Purge Report Data

Screen Elements
Description
Report Module
Select reports to be purged. Available Reports:

All Reports
Web Usage Mail Usage
IM and Blocked IM Usage
FTP Usage
VPN
SSL VPN
Internet Usage
Blocked Web Attempt

IPS(Attack)
Spam
Virus
Event
Application
Blocked Attempt
WAF
Criteria
From
Up To
Purge Button
Select Custom to purge selected reports for specified period or

Purge All to purge all the reports.
Select month and year from which the reports have to be purged.
Select month and year up to which the reports have to be purged.
Click to purge the logs manually
Table Purge Report Data Screen Elements
Bookmark Management
Bookmark management allows the user to create bookmark of any Cyberoam iView report at any
level of report drill-down. It provides administrator with great level of network visibility based on any
criterion. E.g. the administrator can monitor web usage of a particular user by creating bookmark
of user based web usage report.
Every bookmark should be a part of a defined bookmark group; if the bookmark group is not
created then bookmarks will be members of Default group.
Every bookmark can be sent to the specified Email Address(s) in the form of report notification.
Use System Configuration Bookmark Management to create bookmark groups in
Cyberoam iView.
Screen Bookmark Management
Screen Elements
Description
Add
Bookmark
Group Button
Bookmark Groups
Delete Button
Click to add a new bookmark group.

Name of the bookmark group
Click to delete a bookmark group.
Table Bookmark Management Screen Elements
This section describes, how to

Add Bookmark Group
Delete Bookmark Group
Add Bookmark Group
Go to System Configuration Bookmark Management and click Add to create
bookmark group.
Screen Bookmark Management
Screen Add Bookmark Group
Screen Elements
Description
Bookmark Group
Name
Add Button
Close Button
Specify Bookmark Group Name, name can be any combination of

alphanumeric characters and special characters _, @ and .
Click to add a new bookmark group
Click to return to bookmark management page.
Table Add Bookmark Group Screen Elements
Note
Created bookmarks will be displayed under Bookmarks Sub menu of navigation pane.
Delete Bookmark Group

Go to System Configuration Bookmark Management to view list of bookmark
groups.
Screen Delete Bookmark Group

Screen Elements
Description
Bookmark Group
Bookmarks
Description
Displays bookmark group name

Displays bookmark name
Displays discription of the bookmark
Click to delete bookmark group or individual bookmark
Table Delete Bookmark Group Screen Elements
Note
Removing a bookmark group will remove the bookmark from Cyberoam iView.
Chart Preferences
Chart Preferences menu allows the administrator to configure settings for graphical presentation of
reports. Cyberoam iView reports can be viewed in following graphical forms:
Bar Chart
Pie-Doughnut Chart
Use System Configuration Chart Preferences to configure chart preferences in
Cyberoam iView.
Screen - Chart Preferences
Screen Elements
Bar Chart
Chart Type
Palette
Pie-Doughnut Chart
Chart Type
Palette
Description
Specify Chart Type for bar chart. Available options:
Glass Bar (Default)
Round Bar
Specify Palette for bar chart. Available options:
Light Grey (Default)
Light Green
Light Blue
Light Brown
Light Pink
Specify Palette for Pie-Doughnut chart. Available options:
Pie (Default)
Doughnut
Specify Palette for Pie-Doughnut chart. Available options:
Light Grey (Default)
Light Green
Light Blue
Light Brown
Light Pink
Show Legend
By default, legend display is off but you can choose it to be on.
Save Button
Click to save configured chart preferences.

Table - Chart Preferences Screen Elements
ConnectWise
ConnectWise menu allows the administrator to integrate ConnectWise server with Cyberoam
iView. This integration allows use of Cyberoam iView report data to generate reports at
ConnectWise server.
Use System Configuration ConnectWise to integrate Cyberoam iView with
ConnectWise server.
Screen - ConnectWise Configuration
Screen Elements
Description
Enable
ConnectWise
Checkbox
Company ID
Select to send Cyberoam iView report data to ConnectWise server.
URL
Integrator Login
Integrator
Password
Appliance Name
Manage ID
Management
Solution
Apply Button
Specify Company ID configured in ConnectWise server to identify your

company.
Specify URL for ConnectWise server. Report data from Cyberoam iView
will be sent to the specified URL.
Specify Integrators Username created in ConnectWise to send report
data from Cyberoam iView to ConnectWise server.
Specify Integrators Password created in ConnectWise to send report
data from Cyberoam iView to ConnectWise server.
Specify appliance name. By default Cyberoam iView displays appliance
key in appliance name field.
Specify Manage ID configured in ConnectWise to link management
solution with your company.
Specify name of Management Solution configured in ConnectWise to
link management solution with your company.
Click to apply ConnectWise settings.
Table - ConnectWise Configuration Screen Elements
Given below is the list of Cyberoam iView reports, which can be sent to ConnectWise along with
respective ConnectWise report name:
Cyberoam
iView
Report
Name
Web Usage Top Domains
Blocked Web Attempts Top
Denied Domains
Internet Usage Top Users
Attacks Top Attacks
ConnectWise Report Name

Top Sites
Filtered Sites
Bandwidth
Intrusion
Table - ConnectWise Report Screen Elements

Note
If there is no report notification configured for ConnectWise, Cyberoam iView will create report notification
for all four reports automatically as soon as ConnectWise configuration is applied. But if there exists a report
notification for ConnectWise, the administrator will need to create rest of the report notifications manually.

Cyberoam Iview Administrator Guide: Document Version 1.0-10.04.3.0543-21/06/2013

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Cyberoam Iview Administrator Guide: Document Version 1.0-10.04.3.0543-21/06/2013

Загружено:

Авторское право:

Доступные форматы

Cyberoam iView

Document Version 1.0- 10.04.3.0543-21/06/2013

Cyberoam iView Administrator Guide

Technical Support ................................................................................................... 5

Cyberoam iView Administrator Guide

Cyberoam iView Administrator Guide

Machine where Cyberoam Software - Server component is

Bold & Black

System Configuration Bookmark Management

Cyberoam iView Administrator Guide

Visit www.cyberoam.com for the regional and latest contact information.

Cyberoam iView Administrator Guide

Part 1: Cyberoam iView Basics

Accessing Cyberoam iView

ScreenCyberoam iView Web Admin Console

Specify user login name. Default username is admin

Cyberoam iView Administrator Guide

Web Browser should meet the following requirements:

Log out procedure

Cyberoam iView Administrator Guide

Understanding Interface Web Admin Console

Screen Basic Screen Components

Admin Tool Bar

Click the menu item to access the next level menu.

Logout: Click to log out from Cyberoam iView

Cyberoam iView Administrator Guide

Displays page information corresponding to the selected menu.

Reports Menu Screen components

Screen Report Screen Components

Click to select date and time range.

Reports will be generated and displayed for the selected time.

Applicable in case of application reports only.

Cyberoam iView Administrator Guide

button to minimize the widget. You need to refresh the

Cyberoam Main dashboard consists of two sub-dashboards:

Cyberoam iView Administrator Guide

Cyberoam iView Administrator Guide

Top Applications widget

Screen - Top Applications

Cyberoam iView Administrator Guide

Top Application Categories widget

Screen - Top Application Categories

Cyberoam iView Administrator Guide

Top Users widget

Screen - Top Users

Cyberoam iView Administrator Guide

Top Hosts widget

Screen - Top Hosts

Cyberoam iView Administrator Guide

Top Source Countries widget

Screen - Top Source Countries

Cyberoam iView Administrator Guide

Top Destination Countries widget

Screen - Top Destination Countries

Cyberoam iView Administrator Guide

Top Rule ID widget

Screen - Top Rule ID

Cyberoam iView Administrator Guide

Top Web Categories widget

Screen - Top Web Categories

Cyberoam iView Administrator Guide

Top Web Users widget

Screen - Top Web Users