Professional Documents
Culture Documents
Contents
Preface ................................................................................................................... 3
Intended Audience.......................................................................................................................... 3
Guide Organization......................................................................................................................... 3
Typographic Conventions ............................................................................................................... 4
Part 1: Cyberoam iView Basics ............................................................................... 5
Introduction ............................................................................................................. 5
Accessing Cyberoam iView .................................................................................... 5
Log out procedure ...................................................................................................................... 6
Understanding Interface Web Admin Console ..................................................... 7
Screen components ................................................................................................................... 7
Reports Menu Screen components ........................................................................................... 8
Dashboard .............................................................................................................. 9
Main Dashboard ........................................................................................................................... 10
Traffic Dashboard ..................................................................................................................... 11
Security Dashboard.................................................................................................................. 31
Custom Dashboard....................................................................................................................... 48
User Dashboard ....................................................................................................................... 48
Source Host Dashboard ........................................................................................................... 57
Email Address Dashboard ....................................................................................................... 65
Cyberoam iView Dashboard ......................................................................................................... 76
User Management ........................................................................................................................ 83
Preface
Welcome to Cyberoam iView Administrators Guide.
Intended Audience
This Guide is intended for the people who want to configure Cyberoam iView. A basic TCP/IP
networking concepts knowledge is required.
Guide Organization
This Guide provides information regarding the administration and customization of Cyberoam iView
and helps you manage and customize Cyberoam iView to meet your organizations various
requirements.
Part 4 Reports
It describes how to access and navigate through the drilldown reports. It also provides description of
all the reports generated by Cyberoam iView. Refer to Cyberoam iView Reports Guide.
Cyberoam iView Administrator Guide
Typographic Conventions
Material in this guide is presented in text or screen display notations:
Introduction
typefaces
Name of a Lowercase italic Enter policy name, replace policy name with the specific name of
particular type a policy
parameter / field Or
/ command Click Name to select where Name denotes command button text
button text which is to be clicked
Cross Hyperlink in Refer to Customizing User database Clicking on the link will open
references different color the particular topic
Enabling centralized reporting from multiple devices across geographical locations, Cyberoam iView
offers a single view of the entire network activity. This allows organizations not just to view information
across hundreds of users, applications and protocols; it also helps them correlate the information,
giving them a comprehensive view of network activity.
With Cyberoam iView, organizations receive logs and reports related to intrusions, attacks, spam and
blocked attempts, both internal and external, enabling them to take rapid action throughout their
network anywhere in the world.
Access Web Admin Console, a browser-based Interface to configure and manage Cyberoam iView as
well as view reports.
Browse to http://<IP Address of the machine on which Cyberoam iView is installed i.e. local
machine>:8000 and log on using default username admin and password specified at the time of
installation.
Cyberoam iView Administrator Guide
If you are logging on for the first time after installation, please use
default username admin.
Password Specify password.
If you are logging on for the first time after installation, please use
password specified at the time of installation.
Login button Logs on to Web Admin Console.
Click to login.
Table - Login screen elements
Cyberoam iView displays Main Dashboard as soon as you logon to the Web Admin Console. Main
Dashboard provides a quick and fast overview of the allowed and denied traffic of all the devices
added to Cyberoam iView.
To avoid un-authorized users from accessing Cyberoam iView, log off after you have finished working.
Cyberoam iView Administrator Guide
This will end the session and exit from Cyberoam iView.
Admin Tool Bar A bar includes collection of links provides access to most common
and often used functions like:
Home: Click to return to main dashboard
Help: Click to access context sensitive online help
About Us: Click to know about license information of
Cyberoam iView
Logout: Click to log out from Cyberoam iView
Bar appears on upper rightmost corner of every page.
Button Bar A bar that includes a collection of buttons provides an easy way to
perform tasks like add or delete on clicking them.
Bar appears at the top left hand corner of the Information Area of
every page.
Global Selection Click to select all items.
Checkbox
Individual Click to select individual item.
Selection
Checkbox
Page Information Displays page information corresponding to the selected menu.
Area
Table Basic Screen Elements
Dashboard
Cyberoam iView displays Dashboard as soon as you logon to the Web Admin Console.
To view dashboard for other product category you need to select product category from drop down
provided on top left.
Dashboard provides a summary view of web and mail traffic including what is happening on the
network, such as top attacks or top spammers.
It also provides the current resource usage - CPU, Disk, Memory as well total events received by
Cyberoam iView from each device.
To return to the Main Dashboard from any other page of the Web Admin console, click Home link
provided in Admin Tool bar.
Cyberoam iView Administrator Guide
Main Dashboard
Main Dashboard provides a quick overview of top allowed and denied traffic of network including
Web, FTP, mail, database and other applications.
It displays graphical and tabular overview of allowed and denied traffic of the top traffic generating
applications for all the added devices in a Widget form.
Widget displays report in graphical as well as tabular format. By default, the report is displayed for the
current date. Report date can be changed through the Calendar available on the topmost row of the
page.
Click button to close the widget and button to minimize the widget. You need to refresh the
page to retrieve the closed report widget.
Bar graph displays amount of data transferred by top applications while tabular report contains
following information:
Device: Name of the device as defined in Cyberoam iView
Applications (e.g. Web, SSL, POP3 etc as shown in the below given screen): Amount of data
transfer through each application
Others: Amount of data transfer through other applications
To view the allowed and denied traffic summary of a particular device, drill down by clicking
Application in the graph or the Device hyperlink in the table.
Cyberoam iView Administrator Guide
Bar graph displays amount of denied traffic by IDP attacks, spam, virus, firewall and content filtering
while tabular report contains following information:
Device: Name of the device as defined in Cyberoam iView
Applications (e.g. IPS attacks, spam, virus, firewall denied, content filtering denied) :Number of
denied attempts per application
To view the allowed and denied traffic summary of a particular device, drill down by clicking
Application in the graph or the Device hyperlink in the table.
Traffic Dashboard
Cyberoam iView Traffic dashboard is a collection of widgets displaying information regarding total
network traffic.
Cyberoam iView Administrator Guide
This dashboard gives complete visibility of network traffic in terms of applications, web categories,
users, hosts, source and destination countries, mail traffic and FTP activities.
Report displays list of top applications along application wise distribution of total data transfer and
relative percent distribution among those applications.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays amount of data transferred per application while tabular report contains following
information:
Application/Proto: Port: Displays name of the application as defined in Cyberoam iView. If
application is not defined in Cyberoam iView then this field will display application identifier as
combination of protocol and port number. To define an unidentified application and group an
unassigned application, please refer to Add Custom Application under System.
Bytes: Amount of data transferred
Percent: Amount of data transfer in percentage
Cyberoam iView Administrator Guide
Report displays list of top web categories along with category wise distribution of total data transfer
and relative percent distribution among those categories.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays amount of data transferred per web category while tabular report contains following
information:
Category: Name of the Web category as defined in Cyberoam
Hits: Number of Hits to the Web category
Percent : Amount of data transfer in percentage
Report displays list of top network users along with the amount of traffic generated for various
applications, hosts, destinations, domains and categories.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays number of Hits and amount of data transferred per user while tabular report
contains following information:
User: Username of the user as defined in the monitored device. If User is not defined in the
monitored device then it will be considered as traffic generated by Unknown user.
Bytes: Amount of data transferred
Percent : Amount of data transfer in percentage
Report displays list of top hosts along with host wise distribution of total data transfer and relative
percent distribution among those hosts.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays number of Hits and amount of data transferred per host while tabular report
Cyberoam iView Administrator Guide
Report displays list of top source countries from where Internet traffic is generated along with country
wise distribution of total data transfer and relative percent distribution among those countries.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays list of top source countries while tabular report contains following information:
Country: Name of the top source countries
Bytes: Total data transfer per source country
Percent: Relative percent distribution among the top source country
Cyberoam iView Administrator Guide
Report displays list of top destination countries where web traffic is directed along with country wise
distribution of total data transfer and relative percent distribution among those countries.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays list of top destination countries while tabular report contains following information:
Country: Name of the top destination countries
Bytes: Total data transfer per destination country
Percent: Relative percent distribution among the top destination country
Cyberoam iView Administrator Guide
Widget displays list of rules along with rule wise distribution of total data transfer and relative percent
distribution among those rules.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays various countries through which the application is accessed and number of Hits to
the country while tabular report contains following information:
Rule ID: Displays firewall rule ID
Bytes: Amount of data transferred
Percent: Amount of data transfer in percentage
Cyberoam iView Administrator Guide
Widget displays list of domains along with domain wise distribution of total data transfer and relative
percent distribution among those domains.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays various domains and amount of data transferred while tabular report contains
following information:
Domain: Displays domain name
Bytes: Amount of data transferred
Percent: Amount of data transfer in percentage
Cyberoam iView Administrator Guide
Widget displays list of files along with date, user, domain name, file name, size and source IP.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Widget report displays list of the files uploaded via FTP with file wise distribution of total data transfer
and relative percent distribution among those files.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Widget report displays list of the files downloaded via FTP with file wise distribution of total data
transfer and relative percent distribution among those files.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Report displays type of email traffic along with number of bytes and percentage of the traffic.
Report is displayed as graph as well as in tabular format.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays amount of traffic per traffic type while tabular report contains following information:
Traffic: Type of email traffic. Possible types are :
Clean Mail
Spam
Probable Spam
Virus
Hits: Number of hits per email traffic type
Percent: Type of traffic in percentage
Cyberoam iView Administrator Guide
Report displays list of top email senders along with number of bytes and percentage of the traffic.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Bar graph displays amount of data transferred by each sender while tabular report contains following
information:
Sender: Email ID of the sender
Bytes: Amount of data transferred
Percent: Relative percent distribution among the top Mail Senders
Cyberoam iView Administrator Guide
Report displays list of top email recipients along with number of bytes and percentage of the traffic.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Bar graph displays amount of data received by each recipient while tabular report contains following
information:
Recipient: Email ID of the recipient
Bytes: Amount of data transferred
Percent: Relative percent distribution among the top Mail Recipients
Cyberoam iView Administrator Guide
Report displays list of top email recipients along with number of bytes and percentage of the traffic.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Bar graph displays amount of data received per Web Traffic protocol while tabular report contains
following information:
Allowed Traffic: Allowed traffic protocol
Bytes: Amount of data transferred
Percent: Relative percent distribution among the top Mail Recipients
Cyberoam iView Administrator Guide
Report displays list of top web traffic along with number of bytes and percentage of the traffic.
Report is displayed as graph as well as in tabular format. The bar graph displays amount of data per
Web Traffic type.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Bar graph displays amount of data received per Web Traffic while tabular report contains following
information:
Traffic: Allowed/Denied web traffic
Bytes: Amount of data transferred
Percent: Relative percent distribution among the top web traffic types
Cyberoam iView Administrator Guide
Report displays list of top FTP traffic along with number of bytes and percentage of the traffic.
Report is displayed as graph. The bar graph displays amount of data FTP traffic type.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Bar graph displays amount of data received per FTP traffic type while tabular report contains following
information:
Traffic: Allowed/Denied FTP traffic
Bytes: Amount of data transferred
Percent: Relative percent distribution among the top FTP traffic types
Cyberoam iView Administrator Guide
Security Dashboard
Cyberoam iView Security dashboard is a collection of widgets displaying information regarding denied
network activities and traffic. It also gives overview of malwares and spam along with source and
destination countries.
Report displays a list of top hosts which made the maximum attempts to access the blocked sites.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays top denied hosts while tabular report contains following information:
Host: IP Address of the hosts
Hits: Number of attempts to access the blocked site
Percent: Relative percent distribution among the denied hosts
Report displays a list of users who made the maximum attempts to access the blocked sites.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays top denied users while tabular report contains following information:
User: Name of the top denied user as defined in Cyberoam iView
Hits: Number of attempts by a particular user to access the blocked site
Percent: Relative percent distribution among the denied users
Report displays a list of blocked applications which has the maximum number of access attempts.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays top denied applications while tabular report contains following information:
Application/Proto: Port: Displays name of the application as defined in Cyberoam iView. If
application is not defined in Cyberoam iView then this field will display application identifier as
combination of protocol and port number. To define an unidentified application and group an
unassigned application, please refer to Add Custom Application under System.
Cyberoam iView Administrator Guide
Report displays a list of destination countries with maximum number of blocked attempts.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays top denied destination countries while tabular report contains following information:
Country: Name of the top denied destination country
Hits: Number of denied attempts per destination country
Percent: Relative percent distribution among the denied destination countries.
Report displays a list of source countries from where the maximum number of blocked attempts is
originated.
Cyberoam iView Administrator Guide
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays top denied source countries while tabular report contains following information:
Country: Name of the top denied source country
Hits: Number of denied attempts per source country
Percent: Relative percent distribution among the denied source countries
Report displays the list of the most denied firewall rule IDs.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays top denied rule ID while tabular report contains following information:
ID: ID number of the top denied rules
Hits: Number of denied attempts per firewall rule
Percent: Relative percent distribution among the denied rule IDs
Cyberoam iView Administrator Guide
Report displays list of categories with the maximum number of denied attempts.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays top denied categories while tabular report contains following information:
Category: Name of the denied categories
Hits: Number of blocked attempts to access the category
Percent: Relative percent distribution among the denied categories
Cyberoam iView Administrator Guide
Report displays list of domain name/IP Address with the maximum number of denied attempts.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays denied categories while tabular report contains following information:
Domain: IP Address or domain name of the denied domain
Hits: Number of blocked attempts to access the domain
Percent: Relative percent distribution among the denied domains
Cyberoam iView Administrator Guide
Report displays list of attacks launched at your network along with number hits per attack.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays blocked attacks while tabular report contains following information:
Attack: Name of the top denied attacks
Hits: Number of blocked attempts per attack
Percent: Relative percent distribution among the attacks
Cyberoam iView Administrator Guide
Report displays list of the blocked viruses along with relative percentage distribution among the
viruses.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays top denied attacks while tabular report contains following information:
Virus Name: Name of the virus
Count: Number of virus instances
Percent: Relative percent distribution among the viruses
Cyberoam iView Administrator Guide
Report displays list of spam senders along with number of hits and relative percentage distribution.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays top spam senders while tabular report contains following information:
Sender: Email ID of the spam sender
Hits: Number of hits per Email ID
Percent: Relative percent distribution among the spam senders
Cyberoam iView Administrator Guide
Report displays list of spam recipients along with number of hits and relative percentage distribution.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays spam recipients while tabular report contains following information:
Recipient: Email ID of spam recipient
Hits: Number of hits per recipient
Percent: Relative percent distribution among the spam recipients
Cyberoam iView Administrator Guide
Report displays list of denied traffic types along with number of hits and relative percentage
distribution.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays denied traffic while tabular report contains following information:
Traffic: Denied traffic type
Hits: Number of hits per denied traffic type
Percent: Relative percent distribution among the denied traffic type
Cyberoam iView Administrator Guide
Report displays list of top virus types along with number of hits and relative percentage distribution.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays top viruses while tabular report contains following information:
Application: Application type
Hits: Number of hits per application type
Percent: Relative percent distribution among the application types
Cyberoam iView Administrator Guide
Report displays list of spam protocols along with number of hits and relative percentage distribution.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays spam protocol summary while tabular report contains following information:
Application: Application protocol type
Hits: Number of hits per application protocol
Percent: Relative percent distribution among the application protocol types
Cyberoam iView Administrator Guide
Report displays list of IDP attacks along with number of hits and relative percentage distribution.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays IDP attack types while tabular report contains following information:
Attack Type: Displays type of attacks
Hits: Number of hits per attack type
Percent: Relative percent distribution among the attack types
Cyberoam iView Administrator Guide
Report displays list of applications denied by Content Filtering along with number of hits and relative
percentage distribution.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays applications denied by Content Filtering while tabular report contains following
information:
Recipient: Application protocol denied by Content Filtering
Hits: Number of hits per denied application protocol
Percent: Relative percent distribution among the denied applications types
Cyberoam iView Administrator Guide
Custom Dashboard
Cyberoam iView provides option to the user to create custom dashboard based on user, source host
and Email Address.
User Dashboard
Cyberoam iView user dashboard provides snapshot of users activities in your network.
Bar graph displays amount of data transferred by each application group while tabular report contains
following information:
Application Group: Name of the application group. If application group is not identified by
Cyberoam iView then this field will display application identifier as combination of protocol and
port number. To define the unidentified application or to group unassigned application please
refer to Add Application.
Hits: Number of hits to the application group
Bytes: Amount of data transferred
Bar graph displays amount of data transferred per category while tabular report contains following
information:
Category: Displays name of the category as defined in monitored device. If category is not
defined in the monitored device then this field will display None at place of category name.
Hits: Number of hits to the category
Bytes: Amount of data transferred
Bar graph displays amount of data transferred per file while tabular report contains following
information:
File: Name of the file uploaded
Hits: Number of hits to the file
Bytes: Amount of data uploaded
Cyberoam iView Administrator Guide
Bar graph displays amount of data transferred per file while tabular report contains following
information:
File: Name of the file downloaded
Hits: Number of hits to the file
Bytes: Amount of data downloaded
\
Cyberoam iView Administrator Guide
Bar graph displays amount of data transferred per host while tabular report contains following
information:
Host: IP Address of the host
Hits: Number of connections to the host
Bytes: Amount of data transferred
Bar graph displays number of hits per application group while tabular report contains following
information:
Application Group: Name of the application group. If application group is not identified by
Cyberoam iView then this field will display application identifier as combination of protocol and
Cyberoam iView Administrator Guide
port number. To define the unidentified application or to group unassigned application please
refer to Add Application.
Hits: Number of hits to the application group
Bar graph displays number of hits per category while tabular report contains following information:
Category: Displays name of the category as defined in monitored device.
Hits: Number of hits to the category
Cyberoam iView Administrator Guide
Bar graph displays number of connections per virus while tabular report contains following
information:
Virus: Name of the virus as identified by monitored device
Count: Number of the virus
Cyberoam iView Administrator Guide
Bar graph displays amount of data transferred by each application group while tabular report contains
following information:
Application Group: Name of the application group. If application group is not identified by
Cyberoam iView then this field will display application identifier as combination of protocol and
port number. To define the unidentified application or to group unassigned application please
refer to Add Application.
Hits: Number of hits to the application group
Bytes: Amount of data transferred
Cyberoam iView Administrator Guide
Bar graph displays amount of data transferred per category while tabular report contains following
information:
Category: Displays name of the category as defined in monitored device. If category is not
defined in the monitored device then this field will display None at place of category name.
Hits: Number of hits to the category
Bytes: Amount of data transferred
Cyberoam iView Administrator Guide
Bar graph displays amount of data transferred per file while tabular report contains following
information:
File: Name of the file downloaded
Hits: Number of hits to the file
Bytes: Amount of data downloaded
Cyberoam iView Administrator Guide
\
Screen Top Files Downloaded via FTP
Bar graph displays amount of data transferred by each user while tabular report contains following
information:
User: Username of the user as defined in the monitored device. If username is not defined in
the monitored device then it will be considered as traffic generated by Unknown user.
Hits: Number of hits to the user
Bytes: Amount of data transferred by the user
Cyberoam iView Administrator Guide
Bar graph displays number of hits per category while tabular report contains following information:
Category: Displays name of the category as defined in monitored device.
Hits: Number of hits to the category
Bar graph displays amount of number of hits per attack while tabular report contains following
information:
Attack: Name of the attack as identified by monitored device
Hits: Number of hits to the attack
Bar graph displays number of hits per attack while tabular report contains following information:
Attack: Name of the attack as identified by monitored device
Hits: Number of hits to the attack
Cyberoam iView Administrator Guide
Bar graph displays amount data transferred per recipient, while tabular report contains following
information:
Recipient: Email Address of the recipient
Hits: Number of hits to the recipient
Bytes: Amount of data transferred
Bar graph displays amount data transferred per sender, while tabular report contains following
Cyberoam iView Administrator Guide
information:
Sender: Email Address of the sender
Hits: Number of hits to the sender
Bytes: Amount of data transferred
Bar graph displays amount data transferred per source host, while tabular report contains following
information:
Source Host: IP Address of the host
Hits: Number of hits to the host
Bytes: Amount of data transferred
Cyberoam iView Administrator Guide
Bar graph displays amount data transferred per recipient host, while tabular report contains following
information:
Source Host: IP Address of the host
Hits: Number of hits to the host
Bytes: Amount of data transferred
Cyberoam iView Administrator Guide
Bar graph displays amount data transferred per sender destination, while tabular report contains
following information:
Destination: URL name or IP Address of the destination
Hits: Number of hits to the destination
Bytes: Amount of data transferred
Cyberoam iView Administrator Guide
Bar graph displays amount data transferred per recipient destination, while tabular report contains
following information:
Destination: URL name or IP Address of the destination
Hits: Number of hits to the destination
Bytes: Amount of data transferred
Cyberoam iView Administrator Guide
Bar graph displays amount data transferred per sender user, while tabular report contains following
information:
User: Username of the user as defined in the monitored device. If username is not defined in
the monitored device then it will be considered as traffic generated by Unknown user
Hits: Number of hits to the user
Bytes: Amount of data transferred
Bar graph displays amount data transferred per recipient user, while tabular report contains following
information:
User: Username of the user as defined in the monitored device. If username is not defined in
the monitored device then it will be considered as traffic generated by Unknown user
Cyberoam iView Administrator Guide
Bar graph displays number of hits per spam sender, while tabular report contains following
information:
Sender: Email Address of the spam sender
Hits: Number of hits to the sender
Cyberoam iView Administrator Guide
Bar graph displays number of hits per spam recipient, while tabular report contains following
information:
Recipient: Email Address of the spam recipient
Hits: Number of hits to the recipient
To view CPU usage trend drill down by clicking the CPU hyperlink in the table.
View report from Dashboards iView Dashboard CPU Usage widget CPU.
Tabular report contains following information:
Time: Time in (YYYY-MM-DD HH:MM:SS) format
Usage: CPU usage corresponding to time
Cyberoam iView Administrator Guide
To view memory usage trend drill down by clicking the memory hyperlink in the table.
View report from Dashboards iView Dashboard. Tabular report contains following
information:
Disk: Name and status of disk used to store database and archive logs
Usage: Disk usage
To view disk usage trend drill down by clicking the memory hyperlink in the table.
View report from Dashboards iView Dashboard Disk Usage widget Disk.
To view device wise event frequency drill down by clicking the time hyperlink in the table.
View report from Dashboards iView Dashboard Event Frequency widget Time.
Graph displays number of events based on time slots while tabular report contains following
information:
Time: Time in (YYYY-MM-DD HH:MM:SS) format
Device: Device ID
Events: Number of events per device
Cyberoam iView Administrator Guide
User Management
Pre-requisite
Super Admin or Admin privilege required to access and manage User sub menu of System menu.
Below given table lists the various access privileges associated with the each user role:
View and
Search Y Y Y
Reports
Dashboards
Main, Device,
User, Host,
Y Y Y
Email
Address,
iView)
Table Privilege Matrix
Use the System Configuration Users page to configure and maintain administrators, set
user's administrative access, password maintenance.
Add User
Go to System Configuration Users and click Add to add a new user.
Note
Update User
Go to System Configuration Users and click user to be updated from the user list.
Note
Delete User
Go to System Configuration Users to view list of users.
Note
Device Integration
Pre-requisite
Super Admin privilege required to access and manage Device sub menu of System menu.
Cyberoam iView collects the log information from multiple devices to generate reports from that log
data.
There are two ways to integrate device to the Cyberoam iView:
Auto-discover Device
Add Device (manually)
Auto-Discover Device
Cyberoam iView uses UDP protocol to discover the network device automatically. In order to send
logs to Cyberoam iView, network device has to configure Cyberoam iView as a Syslog server.
On successful login, Super Admin will be prompted with a popup "New Device(s) Found" if a new
device is discovered; else the Main Dashboard is displayed. This prompt will be displayed every time
Super Admin logs in until she takes action on the newly discovered device.
Device Management
Prerequisite
Super Admin privilege required to access and manage Device sub menu of System menu.
The Cyberoam iView can collect log messages from multiple devices and generate many different
types of reports from that log data.
Go to System Configuration Device page to view the list of devices with device name, IP
Address, device type and status.
Possible status:
: Device is added and activated
: Device is added but deactivated
Device Name Name of the device
IP Address IP Address of the device
Cyberoam iView Administrator Guide
Add Device
Go to System Configuration Device and click Add to add a new device in Cyberoam
iView.
Update Device
Possible options:
Active: Device is active and Cyberoam iView is accepting
logs
Deactive: Device is inactive and Cyberoam iView is not
accepting logs from the device
Update Button Click to save changes in the device.
Cancel Button Click to return to Device Management page.
Table Update Device Screen Elements
Activate Device
To start accepting logs from the added device one needs to activate the device in Cyberoam iView.
Go to System Configuration Device and click Active against device name.
Click Save to change status of device.
Cyberoam iView Administrator Guide
Note
You can also activate the device from Update Device section. After activation, Cyberoam iView will start
accepting logs from the device.
Deactivate Device
To stop accepting logs from the added device, one needs to deactivate the device in Cyberoam iView.
Go to System Configuration Device and click Deactivate option against the device
name.
Click Save to change the status of device.
Note
You can also deactivate the device from Update Device section. After deactivation, Cyberoam iView will
stop accepting logs from the device.
To access the data of device for forensic investigations do not delete the device from Cyberoam iView, just
deactivate it.
Delete Device
Prerequisite
The Device to be deleted should not be a member of any device group.
The Device to be deleted should not be a part of any Report Notification.
Live Logs
Go to SystemArchives Live Logs to view real-time logs. Page displays the most recent log
received from the selected device.
Cyberoam iView Administrator Guide
Possible options:
3 sec, 5 sec, 10 sec, 20 sec,30 sec, 1 min, 2 min, 5 min
Go Button Click to view real-time log for the selected device.
Show Last Specify number of rows of the log entries to be displayed per
Records page.
Possible options:
25, 50, 100
Start Update Click to start log view.
Button
Stop Update Click to stop log view.
Button
Refresh Button Click to refresh the logs manually.
Prerequisite
Super Admin privilege required to access and manage Device Group sub menu of System menu.
Device group is logical grouping of devices based on device location, device type (UTM, Firewall etc.),
device model or device administrator. E.g., group all the devices sending Inventory logs of Inventory
of the organization to generate consolidated report of the Inventory department. Group all the devices
deployed at same geographical location to get network visibility of that area.
Go System Configuration Device Group page to view the list of groups with group
name, description and group members.
Possible Options:
UTM
Access Gateway
EPS
Web Server
Smart Wireless Router
Select Device Click drop-down to select the device(s). At least one device has to
Drop-down be selected.
Note
A group can be deleted without removing devices from the group. Removing a group will not remove the
devices from Cyberoam iView.
Cyberoam iView Administrator Guide
Prerequisite
Super Admin privilege required to access and manage Mail Server sub menu of System menu.
To send the report notification through E-mail, you need to configure SMTP server in Cyberoam
iView.
Prerequisite
Super Admin or Admin privilege required to access and manage Application Group sub menu of
System menu.
Cyberoam iView generates reports based on application groups. The application group is a logical
grouping of applications based on their functions, for example, all FTP related applications are part of
FTP application group. Cyberoam iView has grouped the most common applications under 27 pre-
defined application groups.
Each Application has an identifier in the form of protocol and port number through which it is
identified. E.g., Web-Proxy application is identified through protocol TCP and port number 8080. If
application is not defined in Cyberoam iView then instead of application name, protocol and port
number will be displayed in Reports. Cyberoam iView also allows the administrator to add custom
applications and application groups.
Use System Configuration Application Groups page to add and manage applications
in Cyberoam iView.
Cyberoam iView Administrator Guide
Note
An application cannot be the member of multiple application groups. To change the group membership, first
remove an application from the current group and then add in the required application group.
Cyberoam iView Administrator Guide
Update Application
Go to System Configuration Application Groups.
Expand Application Group tree and click application to be modified.
Refer to Add Application for information on each parameter.
Delete Application
Go to System Configuration Application Groups and expand application tree to view
list of applications.
Note
Refer Add Application Group and Update Application Group for details.
Note
You can also change application group membership from Update Application Group Membership.
Cyberoam iView Administrator Guide
Note
When you delete an application group, applications under that group will also be deleted.
Note
Prerequisite
Super Admin or Admin privilege required to access and manage Custom View sub menu of System
menu.
Custom view of reports allows grouping of the most pertinent reports that requires the special
attention for managing the devices. Reports from different report groups can also be grouped in a
single view.
In a View, maximum eight reports can be grouped. Custom view provides a single page view of all the
grouped reports.
Use System Configuration Custom View to create and manage custom views in iView.
Note
Added custom views will be displayed under Custom Views Sub menu of navigation pane.
Note
Cyberoam iView Administrator Guide
Prerequisite
Super Admin or Admin privilege required to access and manage Report Notification menu of System
menu.
Cyberoam iView can mail reports in PDF format to specified Email Addresses as per the configured
frequency.
This section describes how to:
Add Report Notification
Update Report Notification
Delete Report Notification
Use the System Configure Report Notification to create and manage report
notifications.
Note
Data Management
Prerequisite
Super Admin privilege is required to access and manage Data Management sub menu of System
menu.
Retention of data and log archives use enormous amount of disk space. To control and optimize the
disk space usage, configure the data retention period of detailed and summarized table. Depending
on the compliance requirement, configure the log retention period.
This section describes how to configure log retention period for various product categories.
Log Retention You can retain following logs for UTM device(s):
Mail Logs:
Mail logs can be retained for time interval starting from 1 month to 3 months.
Cyberoam iView has set default storage of 3 months for Mail logs. You can
configure 1 Month, 2 Months or 3 Months to retain Mail logs.
FTP Logs:
FTP logs can be retained for time interval starting from 1 month to 3 months.
Cyberoam iView has set default storage of 3 months for FTP logs. You can
configure 1 Month, 2 Months or 3 Months to retain FTP logs.
VPN Logs:
VPN logs can be retained for time interval starting from 1 day to 1 month.
Cyberoam iView has set default storage of 3 months for VPN logs. You can
configure 1 Day, 2 Days, 3 Days, 5 Days, 7 Days or 1 Month to retain VPN
logs.
Spam Logs:
Spam logs can be retained for time interval starting from 1 month to 3
months.
Cyberoam iView has set default storage of 3 months for spam logs, but you
can configure 1 month or 2 months to retain spam logs.
Cyberoam iView Administrator Guide
Virus Logs:
Virus logs can be retained for time interval starting from 1 month to 3
months.
Cyberoam iView has set default storage of 3 months for virus logs, but you
can configure 1 month or 2 months to retain virus logs.
Application Logs:
Application logs can be retained for time interval starting from 1 month to 1
year.
Cyberoam iView has set default storage of 6 months for appliance audit logs,
but you can configure 1 month, 2 months, 3 months, 9 months or 1 year to
retain application logs.
Archive Logs:
Archive logs can be retained for time interval starting from 1 day to forever.
Cyberoam iView has set default storage as Forever for archive logs, but you
can configure 1, 2 or 5 days, 1 or2 weeks, 1, 3 or 6 months, 1, 3, 7 years.
Report Period Displays retention period of the logs.
Size Displays current size of the logs.
Status Displays status of last applied change.
Export Enable to allow number of records selection while saving reports in MS-Excel
Customization format.
Apply Button Click to apply changes in database configuration.
Table Database Configuration Screen Elements
Cyberoam iView Administrator Guide
Firewall Logs:
Firewall logs can be retained for time interval starting from 1 month to 1 year.
Cyberoam iView has set default storage of 6 months for firewall logs. You
can configure 1 Month, 2 Months, 3 Months, 6 Months, 9 Months or 1 year to
retain firewall logs.
Archive Logs:
Archive logs can be retained for time interval starting from 1 day to forever.
Cyberoam iView has set default storage as Forever for archive logs, but you
can configure 1,2 or 5 days, 1 or2 weeks, 1,3 or 6 months, 1,3,7 years
Report Period Displays retention period of the logs.
Size Displays current size of the logs.
Status Displays status of last applied change.
Export Enable to allow number of records selection while saving reports in MS-Excel
Customization format.
Apply Button Click to apply changes in database configuration.
Table Access Gateway Data Management Screen Elements
Cyberoam iView Administrator Guide
Log Retention You can retain following logs for EPS Data Management device(s):
USB Control:
USB Control logs can be retained for time interval starting from 1 month to 1
year.
Cyberoam iView has set default storage of 6 months for USB Control logs.
You can configure 1 Month, 2 Months, 3 Months, 6 Months, 9 Months or 1
year to retain USB Control logs.
Archive Logs:
Archive logs can be retained for time interval starting from 1 day to forever.
Cyberoam iView has set default storage as Forever for archive logs, but
you can configure 1, 2 or 5 days, 1 or2 weeks, 1, 3 or 6 months, 1, 3, 7
years.
Report Period Displays retention period of the logs.
Size Displays current size of the logs.
Status Displays status of last applied change.
Export Enable to allow number of records selection while saving reports in MS-
Customization Excel format.
Apply Button Click to apply changes in database configuration.
Cyberoam iView Administrator Guide
Archive Logs:
Archive logs can be retained for time interval starting from 1 day to forever.
Cyberoam iView has set default storage as Forever for archive logs, but
you can configure 1, 2 or 5 days, 1 or2 weeks, 1, 3 or 6 months, 1, 3, 7
years.
Report Period Displays retention period of the logs.
Size Displays current size of the logs.
Status Displays status of last applied change.
Export Enable to allow number of records selection while saving reports in MS-
Customization Excel format.
Apply Button Click to apply changes in database configuration.
Table Web Server Data Management Screen Elements
Attack Logs:
Attack Logs can be retained for the time interval starting from 1 Month to 1
year.
Cyberoam iView has set default storage of 9 Months for Attack logs.
Virus Logs
Virus Logs can be retained for the time interval starting from 1 Month to 1
year.
Cyberoam iView has set default storage of 9 Months for Virus logs.
Archive Logs:
Archive logs can be retained for time interval starting from 1 day to forever.
Cyberoam iView has set default storage as Forever for archive logs.
Report Period Displays retention period of the logs.
Size Displays current size of the logs.
Status Displays status of last applied change.
Cyberoam iView Administrator Guide
Export Enable to allow number of records selection while saving reports in MS-
Customization Excel format.
Apply Button Click to apply changes in database configuration.
Cyberoam iView Administrator Guide
Bookmark Management
Prerequisite
Super Admin or Admin privilege required to access and manage Bookmark Management sub menu of
System menu.
Cyberoam iView allows the user to Bookmark report or report groups at any level of drill down. The
user can generate and view reports on multiple criteria and save them as bookmark. The user can
access the bookmarked reports from left navigation menu on next login.
This section describes how to
Add Bookmark Group
Delete Bookmark Group
Logs
Prerequisite
Super Admin or Admin privilege is required to access and manage Logs page.
To achieve compliance requirement of some geographical region, Cyberoam iView provides MD5
sum for DHCP and Web Usage log files. It ensures integrity of log data, which means the log files are
intact and log data is not manipulated.
This section describes how to enable and disable Checksum Configuration for DHCP and Web
Usage:
Use System Configuration Logs to enable and disable Checksum Configuration for
DHCP and Web Usage.
Prerequisite
Super Admin or Admin privilege is required to access and manage Syslog Server Port Configuration
To provide flexibility in the port configuration for receiving Syslog data stream, Cyberoam iView allows
configuration of Garner Port.
Use System Configuration Syslog Server Port to configure port number to receive
Syslog stream
.
Cyberoam iView Administrator Guide
Prerequisite
Super Admin or Admin privilege required to access and manage Backup & Restore (Detail Data)
page.
Cyberoam iView allows the administrator to take scheduled backup of detailed report data on FTP
server.
Backup Configuration
Restore Configuration
Audit Logs
Prerequisite
Super Admin or Admin privilege is required to access and manage Data Management sub menu of
System menu.
Audit logs are required to ensure accountability, security and problem detection of a system.
Use System Audit Logs page to view audit logs for iView.
Category-Event-Message Table:
Cyberoam- iView displays audit logs for following categories with corresponding events and
messages:
Note
Archives
Prerequisite
Super Admin or Admin privilege is required to access and manage Archives sub menu of System
menu.
Archive logs are collection of historical records, which are the initial line of forensic investigation.
Cyberoam iView retains archive log data for the configured period. Data Retention period can be
configured from the System Configuration Data Management page. For further
details, refer to Data Management section.
This column displays list of all four file along with the data size.
Prerequisite
Loading of appropriate archived file is required.
Go to System Archives Archive Search and click Search to perform search in loaded
archived file.
User gets one more option under Action section titled Create Index against the dates when:
Cyberoam iView Firmware was upgraded
Backup from another iView was taken on the current iView
Click Create Index to create archived index file manually. Once archived index file is created, user is
able to search the created archived index file.
Cyberoam iView Administrator Guide
Search Criteria Available search criteria for Formatted Logs and Raw Logs:
Protocol
Source
Destination
User
URL
Data Sent (in Bytes)
Data Received (in Bytes)
Rule
Add Criteria Click to add a new search criterion.
Button
Remove Criteria Click to remove the added criterion.
Button
Table Search Criteria Section Elements
Cyberoam iView Administrator Guide
Note
Prerequisite
Unloading of the archived file is required to take backup.
You cannot take back up for current date.
Prerequisite
Loading of appropriate archived file is required.
To manage available storage space, the Super Administrator can unload the archived files once the
search has been performed. Please note that unloading file does not delete the data from Cyberoam
iView.
Go to System Archives Archive Files.
Note
Unload option unloads all the loaded files. User does not have option to unload individual file.
Cyberoam iView Administrator Guide
In no event shall Cyberoam a Sophos Company be liable for any direct, indirect, or incidental damages, including, damage to data arising out of the use or inability to
use this manual.
No part of this work may be reproduced or transmitted in any form or by any means except as expressly permitted by Cyberoam a Sophos Company. This does not
include those documents and software developed under the terms of the open source General Public License.
If you need commercial technical support for this product please visit www.cybreoam-iview.com.
You can visit open source Cyberoam iView forums at https://sourceforge.net/projects/cyberoam-iview/support to get support from the project community.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
A copy of the GNU General Public License is available along with this program; see the COPYING file for the detailed license.
The interactive user interfaces in modified source and object code versions of this program must display Appropriate Legal Notices, as required under Section 5 of the
GNU General Public License version 3.