Cyberoam-iView Administrators - Guide PDF

Administrator Guide
Document Version 1.2- 0.1.2.4

Cyberoam iView Administrator Guide
Contents
Preface ................................................................................................................... 3
Intended Audience.......................................................................................................................... 3
Guide Organization......................................................................................................................... 3
Typographic Conventions ............................................................................................................... 4
Part 1: Cyberoam iView Basics ............................................................................... 5
Introduction ............................................................................................................. 5
Accessing Cyberoam iView .................................................................................... 5
Log out procedure ...................................................................................................................... 6
Understanding Interface Web Admin Console ..................................................... 7
Screen components ................................................................................................................... 7
Reports Menu Screen components ........................................................................................... 8
Dashboard .............................................................................................................. 9
Main Dashboard ........................................................................................................................... 10
Traffic Dashboard ..................................................................................................................... 11
Security Dashboard.................................................................................................................. 31
Custom Dashboard....................................................................................................................... 48
User Dashboard ....................................................................................................................... 48
Source Host Dashboard ........................................................................................................... 57
Email Address Dashboard ....................................................................................................... 65
Cyberoam iView Dashboard ......................................................................................................... 76
User Management ........................................................................................................................ 83
Part 2: Basic Configuration ................................................................................... 88

Device Integration......................................................................................................................... 88
Auto-Discover Device ............................................................................................................... 88
Device Management..................................................................................................................... 90
Add Device ............................................................................................................................... 91
Update Device .......................................................................................................................... 93
Activate Device ........................................................................................................................ 94
Deactivate Device .................................................................................................................... 95
Delete Device ........................................................................................................................... 96
View Real-time Logs ................................................................................................................ 96
Device Group Management ......................................................................................................... 99
Part 3: Advanced Configuration.......................................................................... 103

Mail Server Configuration ........................................................................................................... 103
Application Group Management ................................................................................................. 105
Custom View Management ........................................................................................................ 117
Report Notification Management ................................................................................................ 122
Data Management ...................................................................................................................... 127
Bookmark Management ............................................................................................................. 137
Logs ............................................................................................................................................ 139
Syslog Server Port...................................................................................................................... 139
Backup & Restore (Detail Data) ................................................................................................. 140
Audit Logs .............................................................................................................................. 142
Archives ...................................................................................................................................... 145
Preface
Welcome to Cyberoam iView Administrators Guide.
Intended Audience
This Guide is intended for the people who want to configure Cyberoam iView. A basic TCP/IP
networking concepts knowledge is required.
Guide Organization
This Guide provides information regarding the administration and customization of Cyberoam iView
and helps you manage and customize Cyberoam iView to meet your organizations various
requirements.
This Guide is organized into three parts:

Part 1 Cyberoam iView Basics
It describes how to start using Cyberoam iView after successful installation.
Part 2 Basic Configuration

It describes minimum configuration settings required to generate reports using Cyberoam iView,
which includes adding and managing devices and administrators, and define their roles for device
management.
Part 3 Advanced Configuration

It describes advanced configuration settings of Cyberoam iView, which includes setting data storage
sizes for archiving logs; configure mail server and email schedule for mailing reports.
Part 4 Reports
It describes how to access and navigate through the drilldown reports. It also provides description of
all the reports generated by Cyberoam iView. Refer to Cyberoam iView Reports Guide.
Typographic Conventions
Material in this guide is presented in text or screen display notations:
Item Convention Example

Cyberoam iView Machine where Cyberoam iView is installed
Server
Username Username uniquely identifies the user of the system
Topic titles Shaded font
Introduction
typefaces
Subtitles Bold & Black

typefaces Notation conventions
Navigation link Bold typeface System Configuration Users

it means, to open the required page click System, then
Configuration and finally click Users
Name of a Lowercase italic Enter policy name, replace policy name with the specific name of
particular type a policy
parameter / field Or
/ command Click Name to select where Name denotes command button text
button text which is to be clicked
Cross Hyperlink in Refer to Customizing User database Clicking on the link will open
references different color the particular topic
Notes & points Bold typeface

to remember between the Note
black borders
Prerequisites Bold typefaces

between the
black borders Prerequisite
Prerequisite details
Part 1: Cyberoam iView Basics

Introduction
Cyberoam iView is an open source logging and reporting solution that provides organizations with
visibility into their networks across multiple devices for high levels of security, data confidentiality while
meeting the requirements of regulatory compliance.
Enabling centralized reporting from multiple devices across geographical locations, Cyberoam iView
offers a single view of the entire network activity. This allows organizations not just to view information
across hundreds of users, applications and protocols; it also helps them correlate the information,
giving them a comprehensive view of network activity.
With Cyberoam iView, organizations receive logs and reports related to intrusions, attacks, spam and
blocked attempts, both internal and external, enabling them to take rapid action throughout their
network anywhere in the world.
Accessing Cyberoam iView

After successful installation, Cyberoam iView needs to be configured to collect the logs in order to
generate the reports.
Access Web Admin Console, a browser-based Interface to configure and manage Cyberoam iView as
well as view reports.
Web Browser should meet the following requirements:

Microsoft Internet Explorer 6.0+
Mozilla Firefox 2.0+ (Best view)
Google Chrome
Browse to http://<IP Address of the machine on which Cyberoam iView is installed i.e. local
machine>:8000 and log on using default username admin and password specified at the time of
installation.
ScreenCyberoam iView Web Admin Console
Screen Elements Description

Username Specify user login name.
If you are logging on for the first time after installation, please use
default username admin.
Password Specify password.
If you are logging on for the first time after installation, please use
password specified at the time of installation.
Login button Logs on to Web Admin Console.
Click to login.
Table - Login screen elements
Cyberoam iView displays Main Dashboard as soon as you logon to the Web Admin Console. Main
Dashboard provides a quick and fast overview of the allowed and denied traffic of all the devices
added to Cyberoam iView.
If you are logging for the first time after installation:

You will be logged in with the super administrator privileges.
Dashboard will not show any traffic details as devices are yet added to Cyberoam iView.
Log out procedure
To avoid un-authorized users from accessing Cyberoam iView, log off after you have finished working.
This will end the session and exit from Cyberoam iView.
Understanding Interface Web Admin Console

Screen components
Screen Basic Screen Components

Navigation Pane Navigation Pane on the leftmost side consists of multi-level drop-
down Main menu. Main menu has following items:
Dashboards
Reports
Trend Reports
Search
Compliance Reports
Custom View (if created)
System
Click the menu item to access the next level menu.

Admin Tool Bar A bar includes collection of links provides access to most common
and often used functions like:
Home: Click to return to main dashboard
Help: Click to access context sensitive online help
About Us: Click to know about license information of
Cyberoam iView
Logout: Click to log out from Cyberoam iView
Bar appears on upper rightmost corner of every page.
Button Bar A bar that includes a collection of buttons provides an easy way to
perform tasks like add or delete on clicking them.
Bar appears at the top left hand corner of the Information Area of
every page.
Global Selection Click to select all items.
Checkbox
Individual Click to select individual item.
Selection
Checkbox
Page Information Displays page information corresponding to the selected menu.
Area
Table Basic Screen Elements
Reports Menu Screen components
Screen Report Screen Components

Device Selection Click to select device(s) or device group(s).
Reports will be generated and displayed for all the selected

devices
Calendar Click to select date and time range.
Reports will be generated and displayed for the selected time.

Breadcrumb Displays the path that the user has taken to arrive at the current
Navigation page.
Export to Excel Exports displayed report in MS-Excel format.
Export to PDF Exports displayed report into PDF format.
Page Bookmark Click to create bookmark of the displayed report for customized
access.
Page Controls Select number of rows to be displayed on each page.
Use page controls to navigate to a specific page of the report.

Table Report Screen Elements
Dashboard
Cyberoam iView displays Dashboard as soon as you logon to the Web Admin Console.
To view dashboard for other product category you need to select product category from drop down
provided on top left.
Dashboard provides a summary view of web and mail traffic including what is happening on the
network, such as top attacks or top spammers.
It also provides the current resource usage - CPU, Disk, Memory as well total events received by
Cyberoam iView from each device.
By default, Cyberoam iView provides following dashboards:

Main Dashboard: Displays allow and deny traffic statistics for all the monitored devices.
Traffic Dashboard: Displays information regarding total network traffic
Security Dashboard: Displays information regarding denied network activities and traffic
Cyberoam iView Dashboard: Provides overview of all the important parameters like memory
usage, disk usage, CPU usage of Cyberoam iView.
Cyberoam iView also provides following custom dashboards:
User Dashboard : Provides Internet behavior overview of the selected user.
Source Host Dashboard: Provides overview of traffic generated by the selected source host.
Email Address Dashboard: Provides the Internet activities conducted through the selected
Email Address.
To return to the Main Dashboard from any other page of the Web Admin console, click Home link
provided in Admin Tool bar.
Main Dashboard
Main Dashboard provides a quick overview of top allowed and denied traffic of network including
Web, FTP, mail, database and other applications.
It displays graphical and tabular overview of allowed and denied traffic of the top traffic generating
applications for all the added devices in a Widget form.
Widget displays report in graphical as well as tabular format. By default, the report is displayed for the
current date. Report date can be changed through the Calendar available on the topmost row of the
page.
Click button to close the widget and button to minimize the widget. You need to refresh the
page to retrieve the closed report widget.
Allowed Traffic Overview widget

Denied Traffic Overview widget
Allowed Traffic Overview widget

Allowed Traffic Overview widget displays amount of data transferred by the top six traffic-generating
applications for each device.
Widget report is displayed as graph as well as in tabular format.

By default, the report is displayed for the current date and all the devices. Report date or devices can
be changed using Calendar and Device Selection button from the top-most row of the page.
Bar graph displays amount of data transferred by top applications while tabular report contains
following information:
Device: Name of the device as defined in Cyberoam iView
Applications (e.g. Web, SSL, POP3 etc as shown in the below given screen): Amount of data
transfer through each application
Others: Amount of data transfer through other applications
To view the allowed and denied traffic summary of a particular device, drill down by clicking
Application in the graph or the Device hyperlink in the table.
Screen Allowed Traffic Overview
Denied Traffic Overview widget

Denied Traffic Overview widget displays denied connection for the top five applications for each
device.
Widget report is displayed as graph as well as in tabular format.
Bar graph displays amount of denied traffic by IDP attacks, spam, virus, firewall and content filtering
while tabular report contains following information:
Device: Name of the device as defined in Cyberoam iView
Applications (e.g. IPS attacks, spam, virus, firewall denied, content filtering denied) :Number of
denied attempts per application
To view the allowed and denied traffic summary of a particular device, drill down by clicking
Application in the graph or the Device hyperlink in the table.
Screen Denied Traffic Overview
Cyberoam Main dashboard can be drilled down for following dashboards:

Traffic Dashboard
Security Dashboard
Traffic Dashboard
Cyberoam iView Traffic dashboard is a collection of widgets displaying information regarding total
network traffic.
This dashboard gives complete visibility of network traffic in terms of applications, web categories,
users, hosts, source and destination countries, mail traffic and FTP activities.
Traffic Dashboard consists of following reports in widget form:

Top Applications
Top Categories
Top Users
Top Hosts
Top Source Countries
Top Destination Countries
Top Rule ID
Top Domains
Top File Upload
Top Files Uploaded via FTP
Top Files Downloaded via FTP
Top FTP Servers
Mail Traffic Summary
Top Mail Senders
Top Mail Recipients
Allowed Traffic Summary
Web Traffic Summary
FTP Traffic Summary
Top Applications widget
Report displays list of top applications along application wise distribution of total data transfer and
relative percent distribution among those applications.
View the report from Main Dashboard Traffic Dashboard.
Report is displayed as pie chart as well as in tabular format.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays amount of data transferred per application while tabular report contains following
information:
Application/Proto: Port: Displays name of the application as defined in Cyberoam iView. If
application is not defined in Cyberoam iView then this field will display application identifier as
combination of protocol and port number. To define an unidentified application and group an
unassigned application, please refer to Add Custom Application under System.
Bytes: Amount of data transferred
Percent: Amount of data transfer in percentage
Screen - Top Applications

Top Categories widget
Report displays list of top web categories along with category wise distribution of total data transfer
and relative percent distribution among those categories.
row of the page.
Pie chart displays amount of data transferred per web category while tabular report contains following
information:
Category: Name of the Web category as defined in Cyberoam
Hits: Number of Hits to the Web category
Percent : Amount of data transfer in percentage
Screen - Top Categories
Top Users widget
Report displays list of top network users along with the amount of traffic generated for various
applications, hosts, destinations, domains and categories.

row of the page.
Pie chart displays number of Hits and amount of data transferred per user while tabular report
contains following information:
User: Username of the user as defined in the monitored device. If User is not defined in the
monitored device then it will be considered as traffic generated by Unknown user.
Screen - Top Users
Top Hosts widget
Report displays list of top hosts along with host wise distribution of total data transfer and relative
percent distribution among those hosts.
row of the page.
Pie chart displays number of Hits and amount of data transferred per host while tabular report
contains following information:

Host: IP Address of the host
Screen - Top Hosts
Top Source Countries widget
Report displays list of top source countries from where Internet traffic is generated along with country
wise distribution of total data transfer and relative percent distribution among those countries.
row of the page.
Pie chart displays list of top source countries while tabular report contains following information:
Country: Name of the top source countries
Bytes: Total data transfer per source country
Percent: Relative percent distribution among the top source country
Screen - Top Source Countries
Top Destination Countries widget
Report displays list of top destination countries where web traffic is directed along with country wise
distribution of total data transfer and relative percent distribution among those countries.
row of the page.
Pie chart displays list of top destination countries while tabular report contains following information:
Country: Name of the top destination countries
Bytes: Total data transfer per destination country
Percent: Relative percent distribution among the top destination country
Screen - Top Destination Countries
Top Rule ID widget
Widget displays list of rules along with rule wise distribution of total data transfer and relative percent
distribution among those rules.
row of the page.
Pie chart displays various countries through which the application is accessed and number of Hits to
the country while tabular report contains following information:
Rule ID: Displays firewall rule ID
Screen - Top Rule ID
Top Domains widget
Widget displays list of domains along with domain wise distribution of total data transfer and relative
percent distribution among those domains.
row of the page.
Pie chart displays various domains and amount of data transferred while tabular report contains
Domain: Displays domain name
Screen - Top Domains
Top File Upload widget
Widget displays list of files along with date, user, domain name, file name, size and source IP.
row of the page.
Tabular report contains following information:

Date: Time and date when the file is uploaded in YYYY-MM-DD HH:MM::SS format
User: Name of the user who uploaded the file
Source IP: Source IP Address from where the file is uploaded
Domain Name: Name of the domain where the file is uploaded
File Name: Name of the file
Size: Size of the file

Screen - Top File Upload

Top Files Uploaded via FTP widget
Widget report displays list of the files uploaded via FTP with file wise distribution of total data transfer
and relative percent distribution among those files.
View report from Main Dashboard Traffic Dashboard.
Report is displayed as graph as well as in tabular format.
row of the page.

File: Name of the top file uploaded using FTP
Bytes: Size of the top uploaded files
Percent: Relative percent distribution among the top files uploaded via FTP
Screen - Top File Uploaded via FTP
Top Files Downloaded via FTP widget
Widget report displays list of the files downloaded via FTP with file wise distribution of total data
transfer and relative percent distribution among those files.

row of the page.

File: Name of the top file downloaded using FTP
Bytes: Size of the top downloaded files
Percent: Relative percent distribution among the top files downloaded via FTP
Screen - Top Files Downloaded via FTP
Top FTP Servers widget
Report displays list of top FTP servers.
row of the page.

Server: Name of the FTP server
Bytes: Total data transfer through the FTP server

Percent: Relative percent distribution among the top FTP servers
Screen - Top FTP Servers
Mail Traffic Summary widget
Report displays type of email traffic along with number of bytes and percentage of the traffic.
row of the page.
Pie chart displays amount of traffic per traffic type while tabular report contains following information:
Traffic: Type of email traffic. Possible types are :
Clean Mail
Spam
Probable Spam
Virus
Hits: Number of hits per email traffic type
Percent: Type of traffic in percentage
Screen - Mail Traffic Summary
Top Mail Senders widget
Report displays list of top email senders along with number of bytes and percentage of the traffic.
row of the page.
Bar graph displays amount of data transferred by each sender while tabular report contains following
information:
Sender: Email ID of the sender
Percent: Relative percent distribution among the top Mail Senders
Screen - Top Mail Senders
Top Mail Recipients widget
Report displays list of top email recipients along with number of bytes and percentage of the traffic.
row of the page.
Bar graph displays amount of data received by each recipient while tabular report contains following
information:
Recipient: Email ID of the recipient
Percent: Relative percent distribution among the top Mail Recipients
Screen - Top Mail Recipients
Allowed Traffic Summary widget
Report displays list of top email recipients along with number of bytes and percentage of the traffic.
row of the page.
Bar graph displays amount of data received per Web Traffic protocol while tabular report contains
Allowed Traffic: Allowed traffic protocol
Percent: Relative percent distribution among the top Mail Recipients
Screen - Allowed Traffic Summary
Web Traffic Summary widget
Report displays list of top web traffic along with number of bytes and percentage of the traffic.
Report is displayed as graph as well as in tabular format. The bar graph displays amount of data per
Web Traffic type.
row of the page.
Bar graph displays amount of data received per Web Traffic while tabular report contains following
information:
Traffic: Allowed/Denied web traffic
Percent: Relative percent distribution among the top web traffic types
Screen - Web Traffic Summary
FTP Traffic Summary widget
Report displays list of top FTP traffic along with number of bytes and percentage of the traffic.
Report is displayed as graph. The bar graph displays amount of data FTP traffic type.
row of the page.
Bar graph displays amount of data received per FTP traffic type while tabular report contains following
information:
Traffic: Allowed/Denied FTP traffic
Percent: Relative percent distribution among the top FTP traffic types
Screen - FTP Traffic Summary

Security Dashboard
Cyberoam iView Security dashboard is a collection of widgets displaying information regarding denied
network activities and traffic. It also gives overview of malwares and spam along with source and
destination countries.
Traffic Dashboard consists of following reports in widget form:

Top Denied Hosts
Top Denied Users
Top Denied Applications
Top Denied Destination Countries
Top Denied Source Countries
Top Denied Rule ID
Top Denied Categories
Top Denied Domains
Top Attacks
Top Viruses
Top Spam Senders
Top Spam Recipients
Denied Traffic Summary
Virus Summary
Spam Summary
IDP Attacks Summary
Content Filtering Denied Summary
Top Denied Hosts widget
Report displays a list of top hosts which made the maximum attempts to access the blocked sites.
View report from Main Dashboard Security Dashboard.
Report is displayed using a pie chart as well as in tabular format.
row of the page.
Pie chart displays top denied hosts while tabular report contains following information:
Host: IP Address of the hosts
Hits: Number of attempts to access the blocked site
Percent: Relative percent distribution among the denied hosts
Screen - Top Denied Hosts
Top Denied Users widget
Report displays a list of users who made the maximum attempts to access the blocked sites.

row of the page.
Pie chart displays top denied users while tabular report contains following information:
User: Name of the top denied user as defined in Cyberoam iView
Hits: Number of attempts by a particular user to access the blocked site
Percent: Relative percent distribution among the denied users
Screen - Top Denied Users
Top Denied Applications widget
Report displays a list of blocked applications which has the maximum number of access attempts.
row of the page.
Pie chart displays top denied applications while tabular report contains following information:
Application/Proto: Port: Displays name of the application as defined in Cyberoam iView. If
application is not defined in Cyberoam iView then this field will display application identifier as
combination of protocol and port number. To define an unidentified application and group an
unassigned application, please refer to Add Custom Application under System.
Hits: Number of attempts to access the application

Percent: Relative percent distribution among the denied applications
Screen - Top Denied Applications
Top Denied Destination Countries widget
Report displays a list of destination countries with maximum number of blocked attempts.
row of the page.
Pie chart displays top denied destination countries while tabular report contains following information:
Country: Name of the top denied destination country
Hits: Number of denied attempts per destination country
Percent: Relative percent distribution among the denied destination countries.
Top Denied Source Countries widget
Report displays a list of source countries from where the maximum number of blocked attempts is
originated.
row of the page.
Pie chart displays top denied source countries while tabular report contains following information:
Country: Name of the top denied source country
Hits: Number of denied attempts per source country
Percent: Relative percent distribution among the denied source countries
Top Denied Rule ID widget
Report displays the list of the most denied firewall rule IDs.
row of the page.
Pie chart displays top denied rule ID while tabular report contains following information:
ID: ID number of the top denied rules
Hits: Number of denied attempts per firewall rule
Percent: Relative percent distribution among the denied rule IDs
Screen - Top Denied Rule ID
Top Denied Categories widget
Report displays list of categories with the maximum number of denied attempts.
row of the page.
Pie chart displays top denied categories while tabular report contains following information:
Category: Name of the denied categories
Hits: Number of blocked attempts to access the category
Percent: Relative percent distribution among the denied categories
Screen - Top Denied Categories
Top Denied Domains widget
Report displays list of domain name/IP Address with the maximum number of denied attempts.
row of the page.
Pie chart displays denied categories while tabular report contains following information:
Domain: IP Address or domain name of the denied domain
Hits: Number of blocked attempts to access the domain
Percent: Relative percent distribution among the denied domains
Screen - Top Denied Domains
Top Attacks widget
Report displays list of attacks launched at your network along with number hits per attack.
row of the page.
Pie chart displays blocked attacks while tabular report contains following information:
Attack: Name of the top denied attacks
Hits: Number of blocked attempts per attack
Percent: Relative percent distribution among the attacks
Screen - Top Attacks
Top Viruses widget
Report displays list of the blocked viruses along with relative percentage distribution among the
viruses.
row of the page.
Pie chart displays top denied attacks while tabular report contains following information:
Virus Name: Name of the virus
Count: Number of virus instances
Percent: Relative percent distribution among the viruses
Screen - Top Viruses
Top Spam Senders widget
Report displays list of spam senders along with number of hits and relative percentage distribution.
row of the page.
Pie chart displays top spam senders while tabular report contains following information:
Sender: Email ID of the spam sender
Hits: Number of hits per Email ID
Percent: Relative percent distribution among the spam senders
Screen - Top Spam Senders
Top Spam Recipients widget
Report displays list of spam recipients along with number of hits and relative percentage distribution.
row of the page.
Pie chart displays spam recipients while tabular report contains following information:
Recipient: Email ID of spam recipient
Hits: Number of hits per recipient
Percent: Relative percent distribution among the spam recipients
Screen - Top Spam Recipients
Denied Traffic Summary widget
Report displays list of denied traffic types along with number of hits and relative percentage
distribution.
row of the page.
Pie chart displays denied traffic while tabular report contains following information:
Traffic: Denied traffic type
Hits: Number of hits per denied traffic type
Percent: Relative percent distribution among the denied traffic type
Screen - Denied Traffic Summary
Virus Summary widget
Report displays list of top virus types along with number of hits and relative percentage distribution.
row of the page.
Pie chart displays top viruses while tabular report contains following information:
Application: Application type
Hits: Number of hits per application type
Percent: Relative percent distribution among the application types
Screen - Virus Summary
Spam Summary widget
Report displays list of spam protocols along with number of hits and relative percentage distribution.
row of the page.
Pie chart displays spam protocol summary while tabular report contains following information:
Application: Application protocol type
Hits: Number of hits per application protocol
Percent: Relative percent distribution among the application protocol types
Screen - Spam Summary
IDP Attacks Summary widget
Report displays list of IDP attacks along with number of hits and relative percentage distribution.
row of the page.
Pie chart displays IDP attack types while tabular report contains following information:
Attack Type: Displays type of attacks
Hits: Number of hits per attack type
Percent: Relative percent distribution among the attack types
Screen - IDP Attacks Summary
Content Filtering Denied Summary widget
Report displays list of applications denied by Content Filtering along with number of hits and relative
percentage distribution.
row of the page.
Pie chart displays applications denied by Content Filtering while tabular report contains following
information:
Recipient: Application protocol denied by Content Filtering
Hits: Number of hits per denied application protocol
Percent: Relative percent distribution among the denied applications types
Screen - Content Filtering Denied Summary

Custom Dashboard
Cyberoam iView provides option to the user to create custom dashboard based on user, source host
and Email Address.
Custom Dashboard is divided into following sub-dashboards:

User Dashboard
Source Host Dashboard
Email Address Dashboard
User Dashboard
Cyberoam iView user dashboard provides snapshot of users activities in your network.
To view the User Dashboard:

Go to Dashboards Custom Dashboard.
Select Username in Criteria drop-down and specify the username.
Click Go to view user based dashboard.
Screen User Criteria
User Dashboard displays following reports in Widget form:

Top Application Groups
Top Web Categories
Top Hosts
Top Denied Application Group
Top Web Viruses
Top Application Group Widget

Widget report displays list of application groups along with the number of hits that generate the most
traffic for the selected user.
View report from Dashboards Custom Dashboard Username.

be changed from the top most row of the page.
Bar graph displays amount of data transferred by each application group while tabular report contains
Application Group: Name of the application group. If application group is not identified by
Cyberoam iView then this field will display application identifier as combination of protocol and
port number. To define the unidentified application or to group unassigned application please
refer to Add Application.
Hits: Number of hits to the application group
Screen Top Application Groups
Top Web Categories widget

Widget report displays number of hits and amount of data transferred per category for the selected
user.

Bar graph displays amount of data transferred per category while tabular report contains following
information:
Category: Displays name of the category as defined in monitored device. If category is not
defined in the monitored device then this field will display None at place of category name.
Hits: Number of hits to the category
Screen Top Web Categories

Widget report displays number of hits and amount of data transferred per file for the selected user.

Bar graph displays amount of data transferred per file while tabular report contains following
information:
File: Name of the file uploaded
Hits: Number of hits to the file
Bytes: Amount of data uploaded
Screen Top Files Uploaded via FTP


information:
File: Name of the file downloaded
Bytes: Amount of data downloaded
\
Screen Top Files Downloaded via FTP

Top Hosts widget

Widget report displays number of hits and amount of data transferred per host for the selected user.

Bar graph displays amount of data transferred per host while tabular report contains following
information:
Host: IP Address of the host
Hits: Number of connections to the host
Screen Top Hosts
Top Denied Application Group Widget

Widget report displays list of denied application groups along with the number of hits that generate the
most traffic for selected user.

Bar graph displays number of hits per application group while tabular report contains following
information:
Screen Top Denied Application Groups

Widget report displays number of hits per category for the selected user.

Bar graph displays number of hits per category while tabular report contains following information:
Category: Displays name of the category as defined in monitored device.
Screen Top Denied Categories
Top Web Viruses widget

Widget report displays number of connections per virus for the selected user.

be changed from the top most row of the page
Bar graph displays number of connections per virus while tabular report contains following
information:
Virus: Name of the virus as identified by monitored device
Count: Number of the virus
Screen Top Web Viruses

Source Host Dashboard

Cyberoam iView Source Host dashboard provides snapshot of traffic generated by individual host.
To view the Source Host Dashboard:
Go to Dashboards Custom Dashboard
Select Source Host in Criteria drop-down and specify the source host IP Address.
Click Go to view source host based dashboard.
Screen Source Host Criteria

Source Host Dashboard displays following reports in Widget form:
Top Application Groups
Top Web Categories
Top Users
Top Attacks Received
Top Attacks Generated
Top Application Group Widget

Widget report displays list of application groups along with the number of hits that generate the most
traffic for the selected host.
.
View report from Dashboards Custom Dashboard Source Host IP Address

Bar graph displays amount of data transferred by each application group while tabular report contains
Screen Top Application Groups
Top Web Categories widget

Widget report displays number of hits and amount of data transferred per category for the selected
host.
View report from Dashboards Custom Dashboard Source Host IP Address.

Bar graph displays amount of data transferred per category while tabular report contains following
information:
Category: Displays name of the category as defined in monitored device. If category is not
defined in the monitored device then this field will display None at place of category name.
Screen Top Web Categories

Widget report displays number of hits and amount of data transferred per file for the selected host.

information:
File: Name of the file uploaded
Bytes: Amount of data uploaded
Screen Top Files Uploaded via FTP

View report from Dashboards Custom Dashboard Source Host IP Address

information:
File: Name of the file downloaded
Bytes: Amount of data downloaded
\
Screen Top Files Downloaded via FTP
Top Users Widget

Widget report displays list of top users along with the number of hits that generate the most traffic for
selected host.

Bar graph displays amount of data transferred by each user while tabular report contains following
information:
User: Username of the user as defined in the monitored device. If username is not defined in
the monitored device then it will be considered as traffic generated by Unknown user.
Hits: Number of hits to the user
Bytes: Amount of data transferred by the user
Screen Top Users

Widget report displays number of hits per category for the selected host.

Bar graph displays number of hits per category while tabular report contains following information:
Category: Displays name of the category as defined in monitored device.
Screen Top Denied Categories

Top Attacks Received Widget

Widget report displays list of top attacks received along with the number of hits.

Bar graph displays amount of number of hits per attack while tabular report contains following
information:
Attack: Name of the attack as identified by monitored device
Hits: Number of hits to the attack
Screen Top Attacks Received
Top Attacks Generated Widget

Report displays list of top attacks generated along with the number of connections.

Bar graph displays number of hits per attack while tabular report contains following information:
Attack: Name of the attack as identified by monitored device
Hits: Number of hits to the attack
Screen Top Attacks Generated

Email Address Dashboard

Cyberoam iView provides snapshot of Email traffic generated by selected Email Address.
To view the Email Address Dashboard
Go to Dashboards Custom Dashboard.
Select Email Address in Criteria drop-down and specify the Email Address.
Click Go to view Email Address based dashboard.
Screen Email Address Criteria
Email Address Dashboard displays following reports in Widget form:

Top Mails Sent to
Top Mails Received From
Top Sender Hosts
Top Recipients Hosts
Top Sender Destinations
Top Recipient Destinations
Top Sender Users
Top Recipient Users
Top Spam Received
Top Spam Sent
Top Mails Sent to Widget

Widget report displays list of top recipients along with the number of hits and amount of data
transferred.
View report from Dashboards Custom Dashboard Email Address.

Bar graph displays amount data transferred per recipient, while tabular report contains following
information:
Recipient: Email Address of the recipient
Hits: Number of hits to the recipient
Screen Top Mails Sent to
Top Mails Received from Widget

Widget report displays list of top senders along with the number of hits and amount of data
transferred.

Bar graph displays amount data transferred per sender, while tabular report contains following
information:
Sender: Email Address of the sender
Hits: Number of hits to the sender
Screen Top Mails Received from
Top Sender Hosts Widget

Widget report displays list of top sender hosts along with the number of hits and amount of data
transferred.

Bar graph displays amount data transferred per source host, while tabular report contains following
information:
Source Host: IP Address of the host
Hits: Number of hits to the host
Screen Top Sender Hosts
Top Recipient Hosts Widget

Widget report displays list of top recipient hosts along with the number of hits and amount of data
transferred.

Bar graph displays amount data transferred per recipient host, while tabular report contains following
information:
Source Host: IP Address of the host
Hits: Number of hits to the host
Screen Top Recipient Hosts
Top Sender Destinations Widget

Widget report displays list of top sender destinations along with the number of hits and amount of data
transferred.

Bar graph displays amount data transferred per sender destination, while tabular report contains
Destination: URL name or IP Address of the destination
Hits: Number of hits to the destination
Screen Top Sender Destinations
Top Recipient Destinations Widget

Widget report displays list of top recipient destinations along with the number of hits and amount of
data transferred.

Bar graph displays amount data transferred per recipient destination, while tabular report contains
Destination: URL name or IP Address of the destination
Hits: Number of hits to the destination
Screen Top Recipient Destinations

Top Sender Users Widget

Widget report displays list of top sender users along with the number of hits and amount of data
transferred.

Bar graph displays amount data transferred per sender user, while tabular report contains following
information:
the monitored device then it will be considered as traffic generated by Unknown user
Screen Top Sender Users
Top Recipient Users Widget

Widget report displays list of recipient users along with the number of hits and amount of data
transferred.

Bar graph displays amount data transferred per recipient user, while tabular report contains following
information:
the monitored device then it will be considered as traffic generated by Unknown user

Screen Top Recipient Users
Top Spam Received Widget

Widget report displays list of top spam senders along with the number of hits.

Bar graph displays number of hits per spam sender, while tabular report contains following
information:
Sender: Email Address of the spam sender
Hits: Number of hits to the sender
Screen Top Spam Received
Top Spam Sent Widget

Widget report displays list of top spam recipient along with the number of hits.

Bar graph displays number of hits per spam recipient, while tabular report contains following
information:
Recipient: Email Address of the spam recipient
Hits: Number of hits to the recipient
Screen Top Spam Sent

Cyberoam iView Dashboard

Cyberoam iView Dashboard gives overview of main components of Cyberoam iView. This page
displays following information:
CPU Usage
Memory Usage
Disk Usage
Event Frequency
CPU Usage widget

Widget report displays percentage of CPU usage in graphical as well as tabular form.
View report from Dashboards iView Dashboard.

CPU: State of CPU - Idle or Used
Percent: Percentage wise distribution of CPU state
Screen CPU Usage
To view CPU usage trend drill down by clicking the CPU hyperlink in the table.
CPU Usage Trend

Report displays trend of CPU usage. Records are collected at the time interval of 5 seconds.
View report from Dashboards iView Dashboard CPU Usage widget CPU.
Time: Time in (YYYY-MM-DD HH:MM:SS) format
Usage: CPU usage corresponding to time
Screen CPU Usage Trend
Memory Usage widget

Widget report displays percentage of memory used.
View report from Dashboards iView Dashboard. Tabular report contains following
information:
Memory: Status of Cyberoam iView memory as used and free
Usage: Usage of memory
Screen Memory Usage
To view memory usage trend drill down by clicking the memory hyperlink in the table.
Memory Usage Trend

Report displays trend of memory usage.
View report from Dashboards iView Dashboard Memory Usage widget

Memory.

Usage: Memory usage corresponding to time
Screen Memory Usage Trend
Disk Usage widget

Widget report displays percentage of hard disk used by Cyberoam iView.
View report from Dashboards iView Dashboard. Tabular report contains following
information:
Disk: Name and status of disk used to store database and archive logs
Usage: Disk usage
Screen Disk Usage

To view disk usage trend drill down by clicking the memory hyperlink in the table.
Disk Usage Trend

Report displays trend of disk usage in the form of database and archive usage.
View report from Dashboards iView Dashboard Disk Usage widget Disk.

Usage: Disk usage corresponding to time
Screen Disk Usage Trend
Event Frequency widget

Widget report displays event frequency per minute for time slots of 1 hour, 12 hours and 24 hours.
View report from Dashboards iView Dashboard.

Time: Displays average time slot
Events per minute: Displays event per minutes for time slot
Screen Event Frequency
To view device wise event frequency drill down by clicking the time hyperlink in the table.
Device wise Event Frequency

Report displays device wise event frequency.
View report from Dashboards iView Dashboard Event Frequency widget Time.
Graph displays number of events based on time slots while tabular report contains following
information:
Device: Device ID
Events: Number of events per device
Screen Event Frequency by Device

User Management
Pre-requisite
Super Admin or Admin privilege required to access and manage User sub menu of System menu.
This section describes how to:

Add User
Update User
Delete User
Cyberoam iView supports three types of user roles:

Super Admin Default account. No additional account can be created
Admin Only administrator with the Super Admin role can add Admin roles
Viewer Administrator with Super Admin and Admin roles can add Viewer roles
Below given table lists the various access privileges associated with the each user role:
Super Admin Admin Viewer

Menu/Role
For all the devices Only for assigned devices Only for assigned device
Add Update Delete View Add Update Delete View Add Update Delete View
Mail Server
Y Y Y Y N N N N N N N N
Configuration
User
Y Y Y Y Y Y Y Y N N N N
Management
Device
Management
Device Group
Management
Application
Y Y Y Y Y Y Y Y N N N N
Group
Custom View Y Y Y Y Y Y Y Y N N N N
Report
Notification Y Y Y Y Y Y Y Y N N N N
Settings
Data
Configuration
Audit Logs - - - Y - - - Y - - - N
Super Admin Admin Viewer
For all the devices Only for assigned devices Only for assigned device
Load and
Search Y Y N
Archive
Unload,
Backup and
Y Y N
Restore
Archive Files
View Live
Y Y N
Logs
View and
Search Y Y Y
Reports
Dashboards
Main, Device,
User, Host,
Y Y Y
Email
Address,
iView)
Table Privilege Matrix
Use the System Configuration Users page to configure and maintain administrators, set
user's administrative access, password maintenance.
Screen User Management

Add Button Click to add a new user.
Delete Button Click to delete the selected user(s).
Username Username with which the user has logged in.
Name Name of the user.
Role Administrative access privilege of the user.
Email Email Address of the user.
Created by Username of the Administrator who added this user.
Last Login Time Last time when the user had logged in.
Table User Management Screen Elements
Add User
Go to System Configuration Users and click Add to add a new user.
Screen Add User

Name Name of the user.
Username Specify username, which uniquely identifies the user and will be
used for login.
Username can be any combination of alphanumeric characters

and special characters _, @ and ..
Password Specify password.
Password is case sensitive.
Confirm Password Specify the same password to confirm spelling.
Email Specify a valid Email ID.
The Email ID can be any combination of alphanumeric characters

and special characters _, @ and .
Role Select user role from the drop down. Roles define administrative
access privilege.
Refer to Privilege Matrix for details.
Select Device Select the device or device group, which the user can manage.
Click checkbox against the device/device group(s) OR click global

checkbox to select all device/device group(s).
Add Button Click to add a new user.
Cancel Button Click to return to user management page.

Table Add User Screen Elements
Note
Multiple administrators can have rights to manage same device.

In case of simultaneous updation by multiple administrators, last updation will be saved.
Update User
Go to System Configuration Users and click user to be updated from the user list.
Screen Update User

Name Displays name of the user, modify if required.
Password Modify password, if required.
Confirm Password Re-enter changed password.
Email Displays Email Address of the user, modify it required.
Role Displays role of the user, modify if required.
Refer Privilege Matrix to specify the role.

Select Device Displays devices assigned to the user, modify if required.
Update Button Click to save changes in the user.
Cancel Button Click to return to user management page.
Table Update User Screen Elements
Note
All the fields except Username are editable.
Delete User
Go to System Configuration Users to view list of users.
Screen Delete User

Global Selection Click to select all users.
Individual Click to select individual user.
Selection
Delete Button Click to delete selected user.
Table Delete User Screen Elements
Note
Default account- Super Admin cannot be deleted.

Part 2: Basic Configuration

The section describes how to add and configure devices that communicate with Cyberoam iView.
This chapter covers following sections:

Device Integration
Device Management
Device Group Management
Device Integration
Pre-requisite
Super Admin privilege required to access and manage Device sub menu of System menu.
Cyberoam iView collects the log information from multiple devices to generate reports from that log
data.
There are two ways to integrate device to the Cyberoam iView:
Auto-discover Device
Add Device (manually)
Auto-Discover Device
Cyberoam iView uses UDP protocol to discover the network device automatically. In order to send
logs to Cyberoam iView, network device has to configure Cyberoam iView as a Syslog server.
On successful login, Super Admin will be prompted with a popup "New Device(s) Found" if a new
device is discovered; else the Main Dashboard is displayed. This prompt will be displayed every time
Super Admin logs in until she takes action on the newly discovered device.
Super Admin can:

ignore this prompt by clicking
accept and activate the device by providing Device Name and Device Type. Cyberoam iView
will accept the logs only after device is activated.
accept and keep device in deactivated state. Cyberoam iView will not accept the logs if device
is in deactive state.
Screen Device Auto Discovery

Device Name Specify name of the device.
Device name can be any combination of alphanumeric characters

and special characters _, @ and .
IP Address Displays IP Address of the discovered device.
Device Type Select device type from the drop down.
Possible device types:

Cyberoam
FortiGate
SonicWALL
Squid
24Online
Linux Firewall Netfilter/Iptables
Cisco ASA
Cisco ASA_CSC_
Apache
eScan
NetGenie
Status Status of the device.
Possible status:
Active : Click to accept logs from the device
Deactive: Click to reject device logs
Save Button Click to save the information of newly discovered device.
Table Device Auto Discovery Screen Elements
Device Management
Prerequisite
Super Admin privilege required to access and manage Device sub menu of System menu.
The Cyberoam iView can collect log messages from multiple devices and generate many different
types of reports from that log data.

Add Device
Update Device
Activate Device
Deactivate Device
Delete Device
View Real Time Logs
Go to System Configuration Device page to view the list of devices with device name, IP
Address, device type and status.
Screen Device Management

Add Button Click to add a new device.
Delete Button Click to delete a device.
Current Status Current status of the device.
Possible status:
: Device is added and activated
: Device is added but deactivated
Device Name Name of the device
IP Address IP Address of the device
Device Type Type of the device.
Possible Device types:

Cyberoam
FortiGate
SonicWALL
Squid
24Online
Cisco ASA
Cisco ASA_CSC_
Apache
eScan
NetGenie
Status Action that can be performed on the device.
Possible actions:
Active: Click to accept logs from the device.
Deactive: Click to reject device logs.
Save Button Click to save the information after changing the status.
Table Device Management Screen Elements
Add Device
Go to System Configuration Device and click Add to add a new device in Cyberoam
iView.

Screen Add Device


Device ID Specify device ID.
Device Name Specify name of the device.
Device ID and device name can be any combination of

alphanumeric characters and special characters _, @ and ..
IP Address Specify IP Address of the device.
Device Type Select device type from the drop down. Possible device types:
Cyberoam
FortiGate
SonicWALL
Squid
24Online
Cisco ASA
Cisco ASA_CSC_
Apache
eScan
NetGenie
Description Specify device description, if required.
Status Select status of the device from drop down. To accept logs from
the device one needs to activate the device.
Default status Deactive

Add Button Click to add the device.
Cancel Button Click to return to Device Management page.
Table Add Device Screen Elements
Update Device
Go to System Configuration Device and click the device to be updated.

Screen Update Device

Device ID Displays Device ID.
Device Name Displays name of the device, modify if required.
IP Address Displays IP Address of the device, modify if required.
Device Type Displays device type.
Description Displays description of the device, modify if required.
Status Displays status of the device, modify if required.
Possible options:
Active: Device is active and Cyberoam iView is accepting
logs
Deactive: Device is inactive and Cyberoam iView is not
accepting logs from the device
Update Button Click to save changes in the device.
Cancel Button Click to return to Device Management page.
Table Update Device Screen Elements
Activate Device
To start accepting logs from the added device one needs to activate the device in Cyberoam iView.
Go to System Configuration Device and click Active against device name.
Click Save to change status of device.
Screen Activate Device
Note
You can also activate the device from Update Device section. After activation, Cyberoam iView will start
accepting logs from the device.
Deactivate Device
To stop accepting logs from the added device, one needs to deactivate the device in Cyberoam iView.
Go to System Configuration Device and click Deactivate option against the device
name.
Click Save to change the status of device.

Screen Deactivated Device
Note
You can also deactivate the device from Update Device section. After deactivation, Cyberoam iView will
stop accepting logs from the device.
To access the data of device for forensic investigations do not delete the device from Cyberoam iView, just
deactivate it.
Delete Device
Prerequisite
The Device to be deleted should not be a member of any device group.
The Device to be deleted should not be a part of any Report Notification.
Go to System Configuration Device to view the device list.

Global Selection Click to select all the devices.
Individual Click against the device(s) to be deleted.
Selection
Delete Button Click to delete the selected device(s).
Table Delete Device Screen Elements
View Real-time Logs

Once the device is added, Administrator can verify whether the device is sending the logs or not
through Live Archive Logs. With the real-time logs, Administrator can view the most recent log
received from the selected device without loading the archive log file.
Live Logs
Go to SystemArchives Live Logs to view real-time logs. Page displays the most recent log
received from the selected device.
Screen Live Archive Logs Criterion

Screen Received Live Logs

Device Name Select the device whose most recent log should be displayed.
Refresh Time Select the time to refresh the log view automatically.
Possible options:
3 sec, 5 sec, 10 sec, 20 sec,30 sec, 1 min, 2 min, 5 min
Go Button Click to view real-time log for the selected device.
Show Last Specify number of rows of the log entries to be displayed per
Records page.
Possible options:
25, 50, 100
Start Update Click to start log view.
Button
Stop Update Click to stop log view.
Button
Refresh Button Click to refresh the logs manually.
Log view is refreshed automatically as per the configured refresh

time. If you wish to refresh the log view in between, use refresh
button.
Table Live Logs Screen Elements
Device Group Management
Prerequisite
Super Admin privilege required to access and manage Device Group sub menu of System menu.
Device group is logical grouping of devices based on device location, device type (UTM, Firewall etc.),
device model or device administrator. E.g., group all the devices sending Inventory logs of Inventory
of the organization to generate consolidated report of the Inventory department. Group all the devices
deployed at same geographical location to get network visibility of that area.

Add Device Group
Update Device Group
Delete Device Group
Go System Configuration Device Group page to view the list of groups with group
name, description and group members.
Screen Device Group Management

Add Button Click to add a new device group.
Delete Button Click to delete device group(s).
Device Group Name of the device group
Description Description of device group
Device Name(s) Name of device group members
Table Device Group Management Screen Elements
Add Device Group

Go to System Configuration Device Group and click Add to add a new device group.
Screen Add Device Group

Device Group Specify name of the device group.
Name
Description Specify device group description, if required.
Select Category Specify device category from the drop-down.
Possible Options:
UTM
Access Gateway
EPS
Web Server
Smart Wireless Router
Select Device Click drop-down to select the device(s). At least one device has to
Drop-down be selected.
Selected devices will be member of the group. Single device can

be a member of multiple groups.
Add Button Click to add a device group.
Cancel Button Click to return to Device Group Management page.
Table Add Device Group Screen Elements
Update Device Group

Go to System Configuration Device Group and click device group to be updated.
Screen Update Device Group

Device Group Displays name of the device group, modify if required.
Name
Description Displays description of the device, modify if required.
Select Category Displays the Device Category of the device to be updated.
Select Device Displays device group members, modify if required.
Drop down
Update Button Click to save changes in the device group.
Cancel Button Click to return to device group management page.
Table Update Device Group Screen Elements
Delete Device Group

Go to System Configuration Device Group to view list of device groups.

Global Selection Click to select all device groups.
Individual Click to select individual device group.
Selection
Delete Button Click to delete selected device groups.
Table Delete Device Group Screen Elements
Note
A group can be deleted without removing devices from the group. Removing a group will not remove the
devices from Cyberoam iView.
Part 3: Advanced Configuration

Cyberoam iView provides number of configuration options for customization as per your network
requirement. You can create and manage applications and application groups, configure mail server
to send report notifications, perform search in archives, create custom views, view audit logs for
investigation purpose and many more.
This chapter covers following sections:

Mail Server Configuration
Application Group Management
Custom View Management
Report Notification Management
Data Management
Audit Logs
Archives
Mail Server Configuration
Prerequisite
Super Admin privilege required to access and manage Mail Server sub menu of System menu.
To send the report notification through E-mail, you need to configure SMTP server in Cyberoam
iView.
Use System Configuration Mail Server Configuration to configure mail server to

send report notifications.
Screen Mail Server Configuration


Mail Server IP- Specify IP Address and port number of the SMTP server, a port
Port number must be a numeric value in between 1 to 65535.
Display Name Specify display name of mail sender.
From Email Specify E-mail ID of the sender. Email ID can be any combination
Address of alphanumeric characters and special characters _, @ and
..
SMTP Click checkbox to enable SMTP authentication, if required.
Authentication
Username If SMTP authentication is enabled, specify username. Username
can be any combination of alphanumeric characters and special
characters _, @ and ..
Password Specify password. Password field cannot be blank.
Save Button Click to save the configuration information.
Send Test Mail Click to send a test email to specified IP Address.
Button
Table Mail Server Configuration Screen Elements
Application Group Management
Prerequisite
Super Admin or Admin privilege required to access and manage Application Group sub menu of
System menu.
Cyberoam iView generates reports based on application groups. The application group is a logical
grouping of applications based on their functions, for example, all FTP related applications are part of
FTP application group. Cyberoam iView has grouped the most common applications under 27 pre-
defined application groups.
Each Application has an identifier in the form of protocol and port number through which it is
identified. E.g., Web-Proxy application is identified through protocol TCP and port number 8080. If
application is not defined in Cyberoam iView then instead of application name, protocol and port
number will be displayed in Reports. Cyberoam iView also allows the administrator to add custom
applications and application groups.

Add Custom Application
Update Application
Delete Application
Add Application Group
Update Application Group
Update Application Group Membership
Delete Application Group
Reset to Default Applications
Use System Configuration Application Groups page to add and manage applications
in Cyberoam iView.
Screen Application Groups Management

Add Application Click to add a new application.
Button
Add Application Click to add a new application group.
Group Button
Reset to Default Click to restore all applications, application groups and application
Button identifiers to the default state.
Application Group Displays name of the application group.
Description Description of the application group
Delete option Click to delete application group.
Table Application Group Screen Elements
Add Custom Application

There are two steps to add a custom application in the Cyberoam iView.
Add Application
Go to System Configuration Application Groups and click Add Application to add a

new application.
Screen Application Groups Management
Screen Add Application


Application Name Specify name of the application, application name can be any
combination of alphanumeric characters and special characters
_, @ and ..
Application Group Select application group from the drop down. If the Application
Group is not selected, by default, new Application is added to the
Unassigned group.
Done Button Click to add new application.
Cancel Button Click to return to application group management page.
Table Add Application Screen Elements
Add Application Identifier

Go to System Configuration Application Groups, expand application group tree, and
click the newly added application.
Screen View Application

Screen Edit Application

Add Application Click to add application identifier to the created custom
Identifier application.
Application Group Displays name of the application group.
Application Displays Identifiers associated with the selected application.
Identifiers
Done Button Click to add new application.
Table Edit Application Screen Elements
Click Add Application Identifier to assign an identifier to the application.
Screen Add Application Identifier


Application Select application type as TCP or UDP.
Port Type Select port type as port or port range.
From If port range is selected as port type then specify From value for
port range.
To If port range is selected as port type then specify To value for port
range. To port value must be greater than from port value.
Done Button Click to add application identifier.
Table Add Application Identifier Screen Elements
Screen Application Identifier added

Application Displays application identifier as combination of application and
Identifier port number.
Click to delete application identifier.
Table Application Identifier Screen Elements
Note
An application cannot be the member of multiple application groups. To change the group membership, first
remove an application from the current group and then add in the required application group.
Update Application
Go to System Configuration Application Groups.
Expand Application Group tree and click application to be modified.
Refer to Add Application for information on each parameter.
Delete Application
Go to System Configuration Application Groups and expand application tree to view
list of applications.
Screen Delete Application

Application Displays application name.
Click to delete application.
Table Delete Application Screen Elements

Add Application Group

Go to System Configuration Application Groups and click Add Application Group to
add a new application group.
Screen Application Group Management

Screen Add Application Group

Group Name Specify name of application group, application group name can be
any combination of alphanumeric characters and special
Description Specify description, if required.
Unassigned Displays list of all available unassigned applications.
Applications List
Selected Displays list of selected applications.
Applications List
Move Button Click to move applications from Unassigned Applications list to
the 'Selected Applications' list. At least one Application is to be
added. Selected application(s) will be the member of the newly
added Application Group.
Done Button Click to add application group.
Table Add Application Group Screen Elements
Update Application Group

Go to System ConfigurationApplication Groups and click the application group that has
to be updated.
Screen Update Application Group

Description Displays description of application group, modify if required.
Move Button Click to move application from Selected Applications list to
Unassigned Applications list or vice versa.
Done Click to save the changes in application group.
Cancel Click to return to application group management page.
Table Update Application Group Screen Elements
Note
All fields are editable except application group name.

Update Application Group Membership

Go to System Configuration Application Groups and click current application group of
the application.
Screen Update Application Group Membership

Description Displays description of application group, modify if required.
Move Button Click to move application from Selected Applications list to
Unassigned Applications list.
Done Click to save the changes.
Cancel Click to return to application group management page.
Table Update Application Group Screen Elements
Refer Add Application Group and Update Application Group for details.
Note
You can also change application group membership from Update Application Group Membership.
Delete Application Group

Go to System Configuration Application Groups to view list of application groups.
Screen Delete Application Group

Application Group Displays application group name.
Description Displays description of application group.
Click to delete application group.
Table Delete Application Group Screen Elements
Note
When you delete an application group, applications under that group will also be deleted.
Reset to Default Applications

Go to System ConfigurationApplication Groups and click Reset to Default to restore
all applications, application groups and application identifiers to the default state.
Note
This option will delete custom applications and application group.

Custom View Management
Prerequisite
Super Admin or Admin privilege required to access and manage Custom View sub menu of System
menu.
Custom view of reports allows grouping of the most pertinent reports that requires the special
attention for managing the devices. Reports from different report groups can also be grouped in a
single view.
In a View, maximum eight reports can be grouped. Custom view provides a single page view of all the
grouped reports.

Add Custom View
Update Custom View
Delete Custom View
Use System Configuration Custom View to create and manage custom views in iView.
Screen Custom View Management

Add Button Click to add a new custom view.
Delete Button Click to delete a custom view.
Custom View Displays custom view name.
Name
Custom View Displays description of custom view.
Description
Table Custom View Management Screen Elements
Add Custom View

Go to System Configuration Custom View and click Add to create new Custom View.
Screen Custom View Management
Screen Add Custom View


Custom View Specify Custom View Name, custom view name can be any
Name combination of alphanumeric characters and special characters
_, @ and ..
Custom View Specify description of the Custom View, if required.
Description
Select Report Expand report group and click against the report to be added in
custom view. Maximum 8 reports can be added.
Add Button Click to add a new custom view.
Delete Button Click to delete a custom view.
Table Add Custom View Screen Elements
Screen Custom View display in Navigation Pane
Note
Added custom views will be displayed under Custom Views Sub menu of navigation pane.
Update Custom View

Go to System Configuration Custom View and click custom view name to be updated.
Screen Update Custom View

Description Displays description of custom view, modify if required.
Select Report Expand report group tree to view current reports of custom view.
You can add or remove reports by clicking checkbox against
them. Number of selected reports from each report group will be
displayed against group name. Maximum 8 reports can be added
to a single custom view.
Update Button Click to save changes in custom View.
Cancel Button Click to return to custom view management page.
Table Update Custom View Screen Elements
Note
All fields except Custom View Name are editable.
Delete Custom View

Go to System Configuration Custom View to view list of custom views.
Screen Delete Custom View

Global Selection Click to select all custom views.
Individual Click to select individual custom view.
Selection
Delete Button Click to delete selected custom View.
Table Delete Custom View Screen Elements
Report Notification Management
Prerequisite
Super Admin or Admin privilege required to access and manage Report Notification menu of System
menu.
Cyberoam iView can mail reports in PDF format to specified Email Addresses as per the configured
frequency.
Add Report Notification
Update Report Notification
Delete Report Notification
Use the System Configure Report Notification to create and manage report
notifications.
Screen Report Notification Management

Add Button Click to add a new report notification.
Delete Button Click to delete a report notification.
Name Name of the report notification
Report Category of the reports or Bookmark
Group/Bookmark
Device Name Name of reported device(s)
Email Frequency Report notification frequency- Daily, Weekly, Monthly or Only
Once.
To Email Address Email ID of recipient(s);
Last Sent Time Last time when the report notification was sent
Table Report Notification Management Screen Elements
Add Report Notification

Go to System Configuration Report Notification and click Add to create a new report
notification.
Screen Report Notification Management
Screen Add Report Notification


Name Specify Report Name. Report name can be any
combination of alphanumeric characters and special
Description Specify description of the report notification, if required.
To Email Address Specify Email Address of the recipient in To Email
Address field. Use comma to separate multiple E-mail IDs.
Select Category Specify Category for the Report Notification. The possible
options are UTM, Access Gateway, EPS and Web Server
Report Specify either Report Group or Bookmarks for adding
Group/Bookmarks Report Notification.
Selection
Report Group Select report category from the Report Group drop down
list. Reports from selected category will be sent to the
recipients.
Bookmarks Select available Bookmark(s) from the drop-down.
Device Selection Click the device(s) whose reports are to be mailed from
the Available Devices list and click to move the selected
devices to the 'Selected Devices' list. To select multiple
devices press Ctrl key and select devices using mouse.
Email Frequency Set E-mail frequency and time. Reports can be mailed
Daily, Weekly, Monthly or Only Once at the configured
interval. In case of weekly notification, select day of the
week.
Add Button Click to add a new report notification.
Cancel Button Click to return to report notification management page.
Table Add Report Notification Screen Elements
Update Report Notification

Go to System Configuration Report Notification and select report notification to be
updated.
Screen Update Report Notification

Description Displays description of the report notification, modify if required.
To Email Address Displays Email Address of the recipient in To Email Address
field, modify if required.
Report Displays selected Report Group or Bookmarks, change if
Group/Bookmarks required.
Selection
Report Group Displays report category to send report notification, change if
required.
Device Selection Displays list of available devices and selected devices whose
reports are to be mailed. Move devices from the Available
Devices list to the 'Selected Devices' list or vice versa.
Email Frequency Displays e-mail frequency and time. Reports can be mailed daily
or weekly at the configured interval. In case of weekly notification,
select day of the week.
Update Button Click to save the changes in report notification.
Cancel Button Click to return to report notification management page.

Table Update Report Notification Screen Elements
Note
All fields except Report Notification name are editable.
Delete Report Notification

Go to System Configuration Report Notification to view list of report notifications.
Screen Delete Report Notification

Global Selection Click to select all report notifications.
Individual Click to select individual report notification.
Selection
Delete Button Click to delete selected report notifications.
Table Delete Report Notification Screen Elements
Data Management
Prerequisite
Super Admin privilege is required to access and manage Data Management sub menu of System
menu.
Retention of data and log archives use enormous amount of disk space. To control and optimize the
disk space usage, configure the data retention period of detailed and summarized table. Depending
on the compliance requirement, configure the log retention period.
This section describes how to configure log retention period for various product categories.
Use System Configuration Data Management page to configure retention period of

various data tables.
UTM Data Management
Access Gateway Data Management
EPS Data Management
Web Server Data Management
Smart Wireless Router Data Management
UTM Data Management

Screen Database Configuration

Log Retention You can retain following logs for UTM device(s):
Web Surfing Logs:

Web Surfing logs can be retained for time interval starting from 1 month to 1
year.
Cyberoam iView has set default storage of 6 months for Web Surfing logs.
You can configure 1 Month, 2 Months, 3 Months, 6 Months, 9 Months or 1
year to retain Web Surfing logs.
Mail Logs:
Mail logs can be retained for time interval starting from 1 month to 3 months.
Cyberoam iView has set default storage of 3 months for Mail logs. You can
configure 1 Month, 2 Months or 3 Months to retain Mail logs.
IM and Blocked IM Logs:

IM and blocked IM logs can be retained for time interval starting from 1
month to 3 months.
Cyberoam iView has set default storage of 3 months for IM and Blocked IM
logs. You can configure 1 Month, 2 Months or 3 Months to retain IM and
Blocked IM logs.
FTP Logs:
FTP logs can be retained for time interval starting from 1 month to 3 months.
Cyberoam iView has set default storage of 3 months for FTP logs. You can
configure 1 Month, 2 Months or 3 Months to retain FTP logs.
VPN Logs:
VPN logs can be retained for time interval starting from 1 day to 1 month.
Cyberoam iView has set default storage of 3 months for VPN logs. You can
configure 1 Day, 2 Days, 3 Days, 5 Days, 7 Days or 1 Month to retain VPN
logs.
Internet Usage Logs:

Internet usage logs can be retained for time interval starting from 1 day to 3
months.
Cyberoam iView has set default storage of 3 months for Internet usage logs,
but you can configure 1 day, 2 days, 3 days, 5 days, 7 days, 1 month or 3
months to retain Internet Usage logs.
Blocked Web Attempts Logs:

Blocked Web Attempts logs can be retained for time interval starting from 1
month to 3 months.
Cyberoam iView has set default storage of 3 months for Blocked Web
Attempts logs, but you can configure 1 month or 2 months to retain Blocked
Web Attempts logs.
IPS (Attacks) Logs:

IPS logs can be retained for time interval starting from 1 month to 3 months.
Cyberoam iView has set default storage of 3 months for IPS logs, but you
can configure 1 month or 2 months to retain IPS logs.
Spam Logs:
Spam logs can be retained for time interval starting from 1 month to 3
months.
Cyberoam iView has set default storage of 3 months for spam logs, but you
can configure 1 month or 2 months to retain spam logs.
Virus Logs:
Virus logs can be retained for time interval starting from 1 month to 3
months.
Cyberoam iView has set default storage of 3 months for virus logs, but you
can configure 1 month or 2 months to retain virus logs.
Appliance Audit Logs:

Appliance audit logs can be retained for time interval starting from 1 day to 1
month.
Cyberoam iView has set default storage of 1 month day for appliance audit
logs, but you can configure 1 day, 2 days, 3 days, 5 days or 7 days to retain
appliance audit logs.
Application Logs:
Application logs can be retained for time interval starting from 1 month to 1
year.
Cyberoam iView has set default storage of 6 months for appliance audit logs,
but you can configure 1 month, 2 months, 3 months, 9 months or 1 year to
retain application logs.
Blocked Attempts Logs:

Blocked Attempt logs can be retained for time interval starting from 1 month
to 1 year.
Cyberoam iView has set default storage of 6 months for blocked attempt
logs, but you can configure 1 month, 2 months, 3 months, 9 months or 1 year
to retain blocked attempts logs.
Archive Logs:
Archive logs can be retained for time interval starting from 1 day to forever.
Cyberoam iView has set default storage as Forever for archive logs, but you
can configure 1, 2 or 5 days, 1 or2 weeks, 1, 3 or 6 months, 1, 3, 7 years.
Report Period Displays retention period of the logs.
Size Displays current size of the logs.
Status Displays status of last applied change.
Export Enable to allow number of records selection while saving reports in MS-Excel
Customization format.
Apply Button Click to apply changes in database configuration.
Table Database Configuration Screen Elements
Access Gateway Data Management
Screen - Access Gateway Data Management

Log Retention You can retain following logs for Access Gateway Data Management
device(s):
Firewall Logs:
Firewall logs can be retained for time interval starting from 1 month to 1 year.
Cyberoam iView has set default storage of 6 months for firewall logs. You
can configure 1 Month, 2 Months, 3 Months, 6 Months, 9 Months or 1 year to
retain firewall logs.
Web Usage Logs:

Web Usage logs can be retained for time interval starting from 1 month to 1
year.
Cyberoam iView has set default storage of 6 months for Web Usage logs.
year to retain Web Usage logs.
Archive Logs:
Cyberoam iView has set default storage as Forever for archive logs, but you
can configure 1,2 or 5 days, 1 or2 weeks, 1,3 or 6 months, 1,3,7 years
Export Enable to allow number of records selection while saving reports in MS-Excel
Customization format.
Table Access Gateway Data Management Screen Elements
EPS Data Management
Screen EPS Data Management

Log Retention You can retain following logs for EPS Data Management device(s):
USB Control:
USB Control logs can be retained for time interval starting from 1 month to 1
year.
Cyberoam iView has set default storage of 6 months for USB Control logs.
year to retain USB Control logs.
Web Report Logs:

Web Report logs can be retained for time interval starting from 1 month to 1
year.
Cyberoam iView has set default storage of 6 months for Web Report logs.
year to retain Web Report logs.
Update Data Logs:

Update Data logs can be retained for time interval starting from 1 month to 1
year.
Cyberoam iView has set default storage of 6 months for Update Data logs.
year to retain Update Data logs.
Anti Virus Logs:

Anti Virus logs can be retained for time interval starting from 1 month to 1
year.
Cyberoam iView has set default storage of 6 months for Anti Virus logs. You
can configure 1 Month, 2 Months, 3 Months, 6 Months, 9 Months or 1 year
to retain Anti Virus logs.
Application Control Logs:

Application Control logs can be retained for time interval starting from 1
month to 1 year.
Cyberoam iView has set default storage of 6 months for Application Control
logs. You can configure 1 Month, 2 Months, 3 Months, 6 Months, 9 Months
or 1 year to retain Application Control logs.
Email Scanning Logs:

Email Scanning logs can be retained for time interval starting from 1 month
to 1 year.
Cyberoam iView has set default storage of 6 months for Email Scanning
logs. You can configure 1 Month, 2 Months, 3 Months, 6 Months, 9 Months
or 1 year to retain Email Scanning logs.
Archive Logs:
Cyberoam iView has set default storage as Forever for archive logs, but
you can configure 1, 2 or 5 days, 1 or2 weeks, 1, 3 or 6 months, 1, 3, 7
years.
Export Enable to allow number of records selection while saving reports in MS-
Customization Excel format.
Table EPS Data Management Screen Elements
Web Server Data Management
Screen Web Server Data Management

Log Retention You can retain following logs for Web Server Data Management device(s)
Apache Logs:
Apache logs can be retained for time interval starting from 1 month to 1
year.
Cyberoam iView has set default storage of 6 months for Apache logs. You
can configure 1 Month, 2 Months, 3 Months, 6 Months, 9 Months or 1 year
to retain Apache logs.
Archive Logs:
Cyberoam iView has set default storage as Forever for archive logs, but
you can configure 1, 2 or 5 days, 1 or2 weeks, 1, 3 or 6 months, 1, 3, 7
years.
Table Web Server Data Management Screen Elements
Smart Wireless Router Data Management

Screen - Smart Wireless Router Data Management

Log Retention You can retain following logs for Smart Wireless Router device(s)
Application Activity Logs:
Application Activity logs can be retained for time interval starting from 1
month to 1 year.
Cyberoam iView has set default storage of 1 month for Application Activity
logs.
Web Allow Logs:

Web Allow logs can be retained for time interval starting from 1 month to 1
year.
Cyberoam iView has set default storage of 2 Months for Web Allow logs.
Web Denied Logs:

Web Denied Logs can be retained for time interval starting from 1 Month to
1 year.
Cyberoam iView has set default storage of 3 Months for Web Denied logs.
Attack Logs:
Attack Logs can be retained for the time interval starting from 1 Month to 1
year.
Cyberoam iView has set default storage of 9 Months for Attack logs.
Virus Logs
Virus Logs can be retained for the time interval starting from 1 Month to 1
year.
Cyberoam iView has set default storage of 9 Months for Virus logs.
Archive Logs:
Cyberoam iView has set default storage as Forever for archive logs.
Bookmark Management
Prerequisite
Super Admin or Admin privilege required to access and manage Bookmark Management sub menu of
System menu.
Cyberoam iView allows the user to Bookmark report or report groups at any level of drill down. The
user can generate and view reports on multiple criteria and save them as bookmark. The user can
access the bookmarked reports from left navigation menu on next login.
This section describes how to
Add Bookmark Group
Delete Bookmark Group
Use the System Configuration Bookmark Management to create and manage

bookmark group.
Screen Bookmark Management

Add Bookmark Click to add a new bookmark group.
Group Button
Bookmark Groups Name of the bookmark group. Expand the bookmark group to
view member bookmarks.
Table Bookmark Management Screen Elements
Add Bookmark Group

Go to System Configuration Bookmark Management and click Add Bookmark
Group to create a new bookmark group. The user can also add a bookmark group while creating
bookmark of a report page.
Screen Add Bookmark Group Name

Bookmark Group Specify name of the bookmark group, bookmark group can be any
Name combination of alphanumeric characters and special characters
_, @ and ..
Add Button Click to add the bookmark group.
Close Button Click to return on bookmark management page.

Table Add Bookmark Management Screen Elements
Bookmark Management Group Screen
Delete Bookmark Group

Go to System Configuration Bookmark Management to view list of available
bookmarks.
Screen Delete Bookmark Group

Bookmarks or Displays name of the bookmark or bookmark group.
Bookmarks Group
Click to delete bookmark or bookmark group.
Table Delete Bookmark Group Screen Elements

Logs
Prerequisite
Super Admin or Admin privilege is required to access and manage Logs page.
To achieve compliance requirement of some geographical region, Cyberoam iView provides MD5
sum for DHCP and Web Usage log files. It ensures integrity of log data, which means the log files are
intact and log data is not manipulated.
This section describes how to enable and disable Checksum Configuration for DHCP and Web
Usage:
Use System Configuration Logs to enable and disable Checksum Configuration for
DHCP and Web Usage.
Screen Checksum Configuration

Click Save to save Changes.
Syslog Server Port
Prerequisite
Super Admin or Admin privilege is required to access and manage Syslog Server Port Configuration
To provide flexibility in the port configuration for receiving Syslog data stream, Cyberoam iView allows
configuration of Garner Port.
Use System Configuration Syslog Server Port to configure port number to receive
Syslog stream
.
Screen Syslog Server Port Configuration

Click Save to save changes
Backup & Restore (Detail Data)
Prerequisite
Super Admin or Admin privilege required to access and manage Backup & Restore (Detail Data)
page.
Cyberoam iView allows the administrator to take scheduled backup of detailed report data on FTP
server.
Use System Configuration Backup & Restore to configure scheduled backup of

detailed report data which includes time stamp of any event, on FTP server.
This section describes how to
Backup Configuration
Restore Configuration
Backup Configuration
Screen Backup Configuration

Backup Frequency of taking backup. You can choose to take backup on
Frequency daily basis or never.
FTP Server IP IP Address of the FTP server.
User Name Username of FTP server.
Password Password of FTP server.
Save Button Click Save to save changes.
Table Backup Configuration Screen Elements
Restore Configuration
Screen Restore Configuration

Start Date Frequency of taking backup. You can choose to take backup on
daily basis or never.
End Date IP Address of the FTP server.
Restore Button Click Restore to restore the backup.
Restore Configuration Screen Elements
Audit Logs
Prerequisite
Super Admin or Admin privilege is required to access and manage Data Management sub menu of
System menu.
Audit logs are required to ensure accountability, security and problem detection of a system.
Use System Audit Logs page to view audit logs for iView.
Screen Audit Logs

Action Time Action time represents time of the event.
Category Category of the event. Refer Category-Event-Message table for
details.
Severity Displays predefined severity levels in iView:
Emergency : System is not usable
Alert: Action must be taken immediately
Critical: Critical condition
Error: Error condition
Warning: Warning condition
Notice: Normal but significant condition
Info: Informational
Debug: Debug-level messages
Message Message is one line description of event. Refer Category-Event-
Message table for detail.
Username Username of the user associated with the event.
IP Address IP Address of the user.
Table Audit Logs Screen Elements
Category-Event-Message Table:
Cyberoam- iView displays audit logs for following categories with corresponding events and
messages:
Category Event Logs for Message

Mail SMTP server SMTP server IP: Port <IP Address>:<Port> has
configuration update been set
SMTP server IP: Port <IP Address>:<Port> with
username <username> has been set
SMTP server IP: Port <IP Address>:<Port>
setting failed
SMTP server IP: Port <IP Address>:<Port> with
username <username> setting failed
Add Report Notification Report notification < report notification name>
added successfully
Update Report Report notification < report notification name>
Notification updated successfully
Delete Report Notification Report notification < report notification name>
deleted successfully
Sent report notification Mail with subject <subject> sent to <recipients
Email ID>
Mail sending failed :<error message>
User User Login User <username> login successful
User <username> login failed
Not authenticated due to database connection
error
User Log out User log out successful
Add User User <username> added successfully
Add failed due to duplicate user name
Update User User <username> updated successfully
User <username>update failed
Delete User User <username> deleted successfully
User <username> delete failed
Device Add Device <device status> device <device name> is added
Update Device Device < device name> is updated
Device status for < comma separated device
name> updated
Delete Device Device < comma separated device name> are
deleted
Device < comma separated device name> are
not deleted
Add Device Group Device group <device group name> is added
Device group <device group name> add failed
due to duplicate device group name
Update Device Group Device group <device group name> is updated
Delete Device Group Device group <device group name> is deleted
Application Add Application Identifier Application identifier is added to application
<application name>
Delete Application Application identifier is deleted from application
Identifier <application name>
Add Application Application <application name> is added to

application group <application group name>
Update Application Application <application name> is updated in
application group <application group name>
Delete Application Application <application name> is deleted
Add Application Group Application group <application group name> is
added
Update Application Application group <application group name> is
Group updated
Delete Application Group Application group <application group name> is
deleted
Reset to Default Application groups, applications and application
identifiers are reset to default
Views Unauthorized access to Unknown user has tried to access unauthorized
web pages page name <page name>
User has tried to access unauthorized page
name <<page name>>
Data Archived Logs Archived (cold) log file will be deleted till
date(dd-mm-yyyy) <<configured removal date>>
Archived Log configuration updated to
<<archived limit>> days
Detail Table Detail Table configuration updated to <<detail
table limit >> days
Summary Table Summary Table configuration updated to
<<summary table limit>> days
Report Add Custom View Custom view < custom view name> added
successfully
Custom view < custom view name> addition
failed
Update Custom View Custom view < custom view name> updated
successfully
Custom view < custom view name> update
failed
Delete Custom View Custom view < custom view name> deleted
successfully
Custom view < custom view name> deletion
failed due to <error message>
<number of custom view> custom view(s)
deleted successfully
Table Category-Event-Message
Note
Audit logs can be filtered based on category type and severity.

In addition, you can perform search based on username, IP Address and message.
Archives
Prerequisite
Super Admin or Admin privilege is required to access and manage Archives sub menu of System
menu.
Archive logs are collection of historical records, which are the initial line of forensic investigation.
Cyberoam iView retains archive log data for the configured period. Data Retention period can be
configured from the System Configuration Data Management page. For further
details, refer to Data Management section.

Load Archived Files
Search in Archived Files
Backup Archived Files
Download Backup Files
Restore Archived Files
Unload Archived Files
Go to System Archives Archive Files to view archived log files.
Screen Archived Files

Date Date of archive logs.
File Details Cyberoam iView stores archived data for a specified day in four
files and each file contains data for 6 hours.
This column displays list of all four file along with the data size.
Cyberoam iView can display archive files for maximum of 15 days

per page.
Total Size Total size of archive data for the specified day.
Action Action that can be performed on archived data:
Load: Load archived file from your local drive to the iView
database.
Raw Log: Click to view Raw Logs
Unload: Unload archived file from Cyberoam iView
database.
Table Archived Files Screen Elements
Load Archived Files

Super Administrator needs to load the files in Cyberoam iView database to:
Search archived files
Unload archived files
Go to System Archives Archive Files.
Screen Load Archived Files

Date Displays date of archive log files.
File Details Displays list of all log files.
Click the checkbox against file to be loaded in Cyberoam iView

database.
Load Click to load selected file in Cyberoam iView database.
The checkbox is disabled once the file is loaded.

Table Load Archived Files Screen Elements
Screen Partially Loaded Archived Files
Screen Fully Loaded Archived Files

Search in Archive Files
Prerequisite
Loading of appropriate archived file is required.
Go to System Archives Archive Search and click Search to perform search in loaded
archived file.
Screen - Archived Index Files

Date Displays date of archive index files.
Total Size Displays size of the archive index files.
Action Action that can be performed on archived index files:
Search: Click to search the archive index files.
Load: Load archived file from your local drive to the iView
database.
Unload: Unload the archive index files.
Table - Archived Index Files Screen Elements
User gets one more option under Action section titled Create Index against the dates when:
Cyberoam iView Firmware was upgraded
Backup from another iView was taken on the current iView
Screen - Create Index
Click Create Index to create archived index file manually. Once archived index file is created, user is
able to search the created archived index file.
User comes across the following screen after clicking Search:
Screen Search in Archived Files

Advanced Search Logs search criteria can be based on either of the following:
options
is - Click to get search results exactly matching the
mentioned criteria.
isnt - Click to get search results exactly opposite of the
mentioned criteria.
contains - Click to get search results containing the
mentioned criteria.
starts with - Click to get search results beginning with the
mentioned criteria.
Search Criteria Available search criteria for Formatted Logs and Raw Logs:
Protocol
Source
Destination
User
URL
Data Sent (in Bytes)
Data Received (in Bytes)
Rule
Add Criteria Click to add a new search criterion.
Button
Remove Criteria Click to remove the added criterion.
Button
Table Search Criteria Section Elements

Time Displays date and time for the log.
Device Name Displays device name.
User Displays name of the user as defined in the device.
URL Displays IP Address or URL name accessed by the user.
Source Displays source IP Address.
Destination Displays destination IP Address.
Rule Displays rule ID.
File Name Displays name of the file.
Offset Displays file offset.
Protocol Displays protocol number.
Sent Bytes Displays number of bytes sent.
Received Bytes Displays number of bytes received.
Table Search Result Screen Elements
Note
Blank fields in result show unavailability of the data.
Backup Archived Files
Prerequisite
Unloading of the archived file is required to take backup.
You cannot take back up for current date.
Go to System Archives Backup Management to take backup of archived files on

Cyberoam iView machine.
Screen Backup Archived Files

Date Displays date of archive log files.
File Details Displays list of all the log files.
Select checkbox against the file to take backup on the Cyberoam

iView machine.
Total Size Displays size of the backup file.
Backup Now Click to take backup of the selected files.

Button
If the archived file is partially loaded, then the backup of only
unloaded data will be taken.
Once the backup file is created, Administrator can download the

backup file on any machine including Cyberoam iView machine
itself.
Table Backup Archived Files Screen Elements
Screen Successful Backup of Archived Files
Backup file naming convention

To help identity the backup of each device, Backup file is named as <Device ID_
YYYYMMDDStartHourEndHour>
Where:
Device ID - As configured in Cyberoam iView
YYYYMMDD - Date as displayed on Archive Files page under Date column
Start Hour End Hour Time as displayed on Archive Files page under File Details column
Download Backup file

Go to System Archives Backup Management and click Download Backup Files. Click
Download button to against the filename to download the backup on local machine from where
Cyberoam iView Web Admin Consoles accessed.
Screen Download Archived Files

Filename Displays list of all the zipped backup files.
Delete Button Click to delete backup file.
Download Click to download backup files on the local machine.
Cancel Button Click to return to the Backup Management page.

Table Download Archived Files Screen Elements
Restore Archived file

Go to System Archives Backup Management and click Restore Files button. Browse
the file to be restored and click Restore.
Screen Restore Files

Filename Displays path of the file to be restored.
Add Click to add another file.
Delete Click to delete the selected file.
Restore Button Click to restore the selected file(s).
Cancel Button Click to return to Backup Management page.
Table Restore Files Screen Elements
Unload Archived Files
Prerequisite
Loading of appropriate archived file is required.
To manage available storage space, the Super Administrator can unload the archived files once the
search has been performed. Please note that unloading file does not delete the data from Cyberoam
iView.
Go to System Archives Archive Files.
Screen Unload Archived Files

Date Displays date of archive logs.
File Details Displays list of archived log files generated by Cyberoam iView.
Unload Click to unload loaded file(s) from Cyberoam iView database.
Table Unload Archived Files Screen Elements
Note
Unload option unloads all the loaded files. User does not have option to unload individual file.
Cyberoam iView Documentation Copyright

2014 Cyberoam a Sophos Company. All rights reserved worldwide.
Cyberoam a Sophos Company has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind,
expressed or implied. Cyberoam a Sophos Company assumes no responsibility for any errors that may appear in this document. Information is subject to change
without notice.
In no event shall Cyberoam a Sophos Company be liable for any direct, indirect, or incidental damages, including, damage to data arising out of the use or inability to
use this manual.
No part of this work may be reproduced or transmitted in any form or by any means except as expressly permitted by Cyberoam a Sophos Company. This does not
include those documents and software developed under the terms of the open source General Public License.
Cyberoam iView is the trademark of Cyberoam a Sophos Company.
If you need commercial technical support for this product please visit www.cybreoam-iview.com.
You can visit open source Cyberoam iView forums at https://sourceforge.net/projects/cyberoam-iview/support to get support from the project community.
Cyberoam iView License Policy

Cyberoam iView is free software, if you are using and/or enhancing / developing open source applications: you can redistribute it and/or modify it under the terms of the
GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
A copy of the GNU General Public License is available along with this program; see the COPYING file for the detailed license.
The interactive user interfaces in modified source and object code versions of this program must display Appropriate Legal Notices, as required under Section 5 of the
GNU General Public License version 3.

Cyberoam-iView Administrators - Guide PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyberoam-iView Administrators - Guide PDF

Uploaded by

Copyright:

Available Formats

Administrator Guide

Document Version 1.2- 0.1.2.4

Part 2: Basic Configuration ................................................................................... 88

Part 3: Advanced Configuration.......................................................................... 103

This Guide is organized into three parts:

Part 2 Basic Configuration

Part 3 Advanced Configuration

Item Convention Example

Subtitles Bold & Black

Navigation link Bold typeface System Configuration Users

Notes & points Bold typeface

Prerequisites Bold typefaces

Part 1: Cyberoam iView Basics

Accessing Cyberoam iView

Web Browser should meet the following requirements:

ScreenCyberoam iView Web Admin Console

Screen Elements Description

If you are logging for the first time after installation:

Log out procedure

Understanding Interface Web Admin Console

Screen Basic Screen Components

Screen Elements Description

Click the menu item to access the next level menu.

Reports Menu Screen components

Screen Report Screen Components

Screen Elements Description

Device Selection Click to select device(s) or device group(s).

Reports will be generated and displayed for all the selected

Reports will be generated and displayed for the selected time.

Use page controls to navigate to a specific page of the report.

By default, Cyberoam iView provides following dashboards:

Allowed Traffic Overview widget

Allowed Traffic Overview widget

Widget report is displayed as graph as well as in tabular format.

Screen Allowed Traffic Overview

Denied Traffic Overview widget

Widget report is displayed as graph as well as in tabular format.

Screen Denied Traffic Overview

Cyberoam Main dashboard can be drilled down for following dashboards:

Traffic Dashboard consists of following reports in widget form:

Top Applications widget

View the report from Main Dashboard Traffic Dashboard.

Report is displayed as pie chart as well as in tabular format.

Screen - Top Applications

Top Categories widget

View the report from Main Dashboard Traffic Dashboard.

Report is displayed as pie chart as well as in tabular format.

Screen - Top Categories

Top Users widget

View the report from Main Dashboard Traffic Dashboard.

Report is displayed as pie chart as well as in tabular format.

Screen - Top Users

Top Hosts widget

View the report from Main Dashboard Traffic Dashboard.

Report is displayed as pie chart as well as in tabular format.

contains following information:

Screen - Top Hosts

Top Source Countries widget

View the report from Main Dashboard Traffic Dashboard.

Report is displayed as pie chart as well as in tabular format.

Screen - Top Source Countries

Top Destination Countries widget

View the report from Main Dashboard Traffic Dashboard.