Professional Documents
Culture Documents
Table of Contents
Preface ................................................................................................................... 3
Intended Audience.................................................................................................. 3
Guide Organization................................................................................................. 3
Typographic Conventions ....................................................................................... 4
Preface
Welcome to Cyberoam iView Administrator’s Guide.
Intended Audience
This Guide is intended for the people who want to configure Cyberoam iView. A basic TCP/IP
networking concepts knowledge is required.
Guide Organization
This Guide provides information regarding the administration and customization of Cyberoam
iView and helps you manage and customize Cyberoam iView to meet your organization’s various
requirements.
Part 4 – Reports
It describes how to access and navigate through the drilldown reports. It also provides description
of all the reports generated by Cyberoam iView. Refer to Cyberoam iView Reports Guide.
Cyberoam iView Administrator Guide
Typographic Conventions
Material in this guide is presented in text or screen display notations.
Enabling centralized reporting from multiple devices across geographical locations, Cyberoam
iView offers a single view of the entire network activity. This allows organizations not just to view
information across hundreds of users, applications and protocols; it also helps them correlate the
information, giving them a comprehensive view of network activity.
With Cyberoam iView, organizations receive logs and reports related to intrusions, attacks, spam
and blocked attempts, both internal and external, enabling them to take rapid action throughout
their network anywhere in the world.
Access Web Admin Console, a browser-based Interface to configure and manage Cyberoam iView
as well as view reports.
Browse to http://<IP address of the machine on which Cyberoam iView is installed i.e. local
machine>:8000 and log on using default username ‘admin’ and password specified at the time of
installation.
Cyberoam iView Administrator Guide
If you are logging on for the first time after installation, please use
default username ‘iview’
Password Specify password
If you are logging on for the first time after installation, please use
password “iview10”
Login button Logs on to Web Admin Console
Click to login
Table - Login screen elements
Cyberoam iView displays Main Dashboard as soon as you logon to the Web Admin Console. Main
Dashboard provides a quick and fast overview of the allowed and denied traffic of all the devices
added to Cyberoam iView.
To avoid un-authorized users from accessing Cyberoam iView, log off after you have finished
working. This will end the session and exit from Cyberoam iView.
Cyberoam iView Administrator Guide
Bar appears at the top left hand corner of the Information Area of
every page.
Global Selection Click to select all items.
Checkbox
Individual Click to select individual item.
Selection
Checkbox
Page Information Displays page information corresponding to the selected menu.
Area
Table – Basic Screen Elements
Cyberoam iView Administrator Guide
Dashboard
Cyberoam iView displays Dashboard as soon as you logon to the Web Admin Console.
Dashboard provides a summary view of web and mail traffic including what is happening on the
network, such as top attacks or top spammers.
It also provides the current resource usage - CPU, Disk, Memory as well total events received by
Cyberoam iView from each device.
To return to the Main Dashboard from any other page of the Web Admin console, click “Home” link
provided in Admin Tool bar.
Main Dashboard
Main Dashboard provides a quick overview of top allowed and denied traffic of network including
Web, FTP, mail, database and other applications.
It displays graphical and tabular overview of allowed and denied traffic of the top traffic generating
applications for all the added devices in a Widget form.
Widget displays report in graphical as well as tabular format. By default, the report is displayed for
the current date. Report date can be changed through the Calendar available on the topmost row
of the page.
Click button to close the widget and button to minimize the widget. You need to refresh the
page to retrieve the closed report widget.
Bar graph displays amount of data transferred by top applications while tabular report contains
following information:
Cyberoam iView Administrator Guide
To view the allowed and denied traffic summary of a particular device, drill down by clicking
Application in the graph or the Device hyperlink in the table.
Bar graph displays amount of denied traffic by IDP attacks, spam, virus, firewall and content
filtering while tabular report contains following information:
• Device: Name of the device as defined in Cyberoam iView
• Applications (e.g. IDP attacks, spam, virus, firewall denied, content filtering denied) :Number
of denied attempts per application
To view the allowed and denied traffic summary of a particular device, drill down by clicking
Application in the graph or the Device hyperlink in the table.
Device Dashboard
Cyberoam iView Device Dashboard provides in depth traffic visibility of the selected device.
To view the dashboard of the particular device, drill down by clicking Application in graph or Device
hyperlink in the Main Dashboard. It provides following reports in the form of Widgets for the
selected device:
• Allowed Traffic Summary
• Denied Traffic Summary
• Web Traffic Summary
• Mail Traffic Summary
• FTP Traffic Summary
• Virus Summary
• Spam Summary
• IDP Attacks Summary
• Firewall Denied Summary
• Content Filtering Denied Summary
View report from Dashboard → Main Dashboard → Allowed Traffic Overview widget → Device.
Pie chart displays percentage of allowed traffic, while tabular report contains following information:
View report from Dashboards → Main Dashboard → Allowed Traffic Overview widget → Device.
Pie chart displays percentage of denied traffic for the selected device, while tabular report contains
following information:
• Traffic: Type of denied traffic. Possible types of traffic:
• Firewall Denied: Traffic denied by Firewall
• Spam: Denied spam traffic
• Content Filtering Denied: Denied Web and Mail traffic
• IDP Attack: Traffic denied considering as IDP attack
• Virus: Denied Virus traffic
• Connection: Number of denied connections
• Percent: Percentage wise distribution of denied traffic
View report from Dashboards → Main Dashboard → Allowed Traffic Overview widget → Device.
Pie chart displays percentage of web traffic for the selected device, while tabular report contains
following information:
• Traffic: Type of web traffic. Possible traffic types:
• CF Allowed: Web traffic allowed by the monitored device.
• CF Denied: Web traffic denied by the monitored device.
• Virus: Virus traffic detected by the monitored device.
• Bytes: Amount of data transferred by traffic type
• Percent: Percentage wise distribution of web traffic by traffic type.
Cyberoam iView Administrator Guide
View report from Dashboards → Main Dashboard → Allowed Traffic Overview widget → Device.
Pie chart displays percentage of mail traffic for the selected device, while tabular report contains
following information:
• Traffic: Type of Mail traffic. Possible traffic types:
• Clean Mail
• Spam
• Probable Spam
• Virus
• Bytes: Amount of data transferred through traffic type
• Percent: Percentage wise distribution of mail traffic by traffic type
View report from Dashboards → Main Dashboard → Allowed Traffic Overview widget → Device.
Pie chart displays percentage of FTP traffic for the selected device, while tabular report contains
following information:
• Traffic: Type of FTP traffic. Possible traffic type:
• Clean FTP
• IDP
• Virus
• Bytes: Amount of data transferred through traffic type.
• Percent: Percentage wise distribution of FTP traffic based on traffic type.
View report from Dashboards → Main Dashboard → Allowed Traffic Overview widget → Device.
Pie chart displays percentage of virus attack by application while tabular report contains following
information:
• Application: Displays name of the application used for virus attack. If application is not defined
in Cyberoam iView then this field will display application identifier as combination of protocol
and port number. To define the unidentified application or to group unassigned application
please refer to Add Application.
• Connection: Number of attacks through the application
• Percent: Percentage wise distribution of attacks by application
Cyberoam iView Administrator Guide
View report from Dashboards → Main Dashboard → Allowed Traffic Overview widget → Device.
Pie chart displays percentage of spam by application, while tabular report contains following
information:
• Application: Name of the application used to generate spam. If application is not defined in
Cyberoam iView then this field will display application identifier as combination of protocol and
port number. To define the unidentified application or to group unassigned application please
refer to Add Application.
• Connection: Number of connections to the application
• Percent: Percentage wise distribution of spam by application
View report from Dashboards → Main Dashboard → Allowed Traffic Overview widget → Device.
Pie chart displays percentage of IDP attacks for the selected device, while tabular report contains
following information:
• Attack Type: Severity of the attack.
• 0: Emergency - System is not usable
• 1: Alert - Action must be taken immediately
• 2: Critical - Critical condition
• 3: Error - Error condition
• 4: Warning - Warning condition
• 5: Notice - Normal but significant condition
• 6: Info - Informational
• 7: Debug - Debug-level messages
• Connection: Number of connections established for the attack
• Percent: Percentage wise distribution of IDP attacks by attack type
View report from Dashboards → Main Dashboard → Allowed Traffic Overview widget → Device.
Pie chart displays percentage of denied traffic through firewall for the selected device, while
tabular report contains following information:
• Application: Displays name of the application as defined in Cyberoam iView. If application is
not defined in Cyberoam iView then this field will display application identifier as combination
of protocol and port number. To define the unidentified application or to group unassigned
application please refer to Add Application.
• Connection: Number of connections to the denied application
Cyberoam iView Administrator Guide
View report from Dashboards → Main Dashboard → Allowed Traffic Overview widget → Device.
Pie chart displays percentage of denied content by application for the selected device, while
tabular report contains following information:
• Application: Displays name of the application as defined in Cyberoam iView. If application is
not defined in Cyberoam iView then this field will display application identifier as combination
of protocol and port number. To define the unidentified application or to group unassigned
application please refer to Add Application.
• Connection: Number of connections to the denied application
• Percent: Percentage wise distribution of denied content by application
Custom Dashboard
Cyberoam iView provides option to generate custom dashboard based on username, source host
and email address.
• User Dashboard : Provides Internet behavior overview of the selected user.
• Source Host Dashboard: Provides overview of traffic generated by the selected source host.
• Email Address Dashboard: Provides the Internet activities conducted through the selected
email address.
User Dashboard
Cyberoam iView user dashboard provides snapshot of user’s activities in your network.
Bar graph displays amount of data transferred by each application group while tabular report
contains following information:
• Application Group: Name of the application group. If application group is not identified by
Cyberoam iView then this field will display application identifier as combination of protocol and
port number. To define the unidentified application or to group unassigned application please
refer to Add Application.
Cyberoam iView Administrator Guide
Bar graph displays amount of data transferred per category while tabular report contains following
information:
• Category: Displays name of the category as defined in monitored device. If category is not
defined in the monitored device then this field will display ‘None’ at place of category name.
• Connections: Number of connections to the category
• Bytes: Amount of data transferred
Cyberoam iView Administrator Guide
Bar graph displays amount of data transferred per file while tabular report contains following
information:
• File: Name of the file uploaded
• Connections: Number of connections to the file
• Bytes: Amount of data uploaded
Bar graph displays amount of data transferred per file while tabular report contains following
information:
• File: Name of the file downloaded
• Connections: Number of connections to the file
• Bytes: Amount of data downloaded
\
Screen – Top Files Downloaded via FTP
Bar graph displays amount of data transferred per host while tabular report contains following
information:
• Host: IP address of the host
• Connections: Number of connections to the host
• Bytes: Amount of data transferred
Cyberoam iView Administrator Guide
Bar graph displays number of connections per application group while tabular report contains
following information:
• Application Group: Name of the application group. If application group is not identified by
Cyberoam iView then this field will display application identifier as combination of protocol and
port number. To define the unidentified application or to group unassigned application please
refer to Add Application.
• Connections: Number of connections
Bar graph displays number of connections per category while tabular report contains following
information:
• Category: Displays name of the category as defined in monitored device.
• Connections: Number of connections to the category
Bar graph displays number of connections per virus while tabular report contains following
information:
• Virus: Name of the virus as identified by monitored device
• Connections: Number of connections to the virus
Cyberoam iView Administrator Guide
Bar graph displays amount of data transferred by each application group while tabular report
contains following information:
• Application Group: Name of the application group. If application group is not identified by
Cyberoam iView then this field will display application identifier as combination of protocol and
port number. To define the unidentified application or to group unassigned application please
refer to Add Application.
• Connections: Number of connections to the application group
• Bytes: Amount of data transferred
Bar graph displays amount of data transferred per category while tabular report contains following
information:
• Category: Displays name of the category as defined in monitored device. If category is not
defined in the monitored device then this field will display ‘None’ at place of category name.
• Connections: Number of connections to the category
• Bytes: Amount of data transferred
Cyberoam iView Administrator Guide
Bar graph displays amount of data transferred per file while tabular report contains following
information:
• File: Name of the file downloaded
• Connections: Number of connections to the file
• Bytes: Amount of data downloaded
\
Screen – Top Files Downloaded via FTP
Bar graph displays amount of data transferred by each user while tabular report contains following
information:
• User: Username of the user as defined in the monitored device. If username is not defined in
the monitored device then it will be considered as traffic generated by ‘Unknown’ user.
• Connections: Number of connections to the user
• Bytes: Amount of data transferred by the user
Cyberoam iView Administrator Guide
Bar graph displays number of connections per category while tabular report contains following
information:
• Category: Displays name of the category as defined in monitored device.
• Connections: Number of connections to the category
Bar graph displays amount of number of connections per attack while tabular report contains
following information:
• Attack: Name of the attack as identified by monitored device
• Connections: Number of connections to the attack
Bar graph displays number of connections per attack while tabular report contains following
information:
• Attack: Name of the attack as identified by monitored device
• Connections: Number of connections to the attack
Cyberoam iView Administrator Guide
Bar graph displays amount data transferred per recipient, while tabular report contains following
information:
• Recipient: Email address of the recipient
• Connections: Number of connections to the recipient
• Bytes: Amount of data transferred
Bar graph displays amount data transferred per sender, while tabular report contains following
information:
• Sender: Email address of the sender
• Connections: Number of connections to the sender
• Bytes: Amount of data transferred
Cyberoam iView Administrator Guide
Bar graph displays amount data transferred per source host, while tabular report contains following
information:
• Source Host: IP address of the host
• Connections: Number of connections to the host
• Bytes: Amount of data transferred
Bar graph displays amount data transferred per recipient host, while tabular report contains
following information:
• Source Host: IP address of the host
• Connections: Number of connections to the host
• Bytes: Amount of data transferred
Bar graph displays amount data transferred per sender destination, while tabular report contains
following information:
• Destination: URL name or IP address of the destination
• Connections: Number of connections to the destination
• Bytes: Amount of data transferred
Cyberoam iView Administrator Guide
Bar graph displays amount data transferred per recipient destination, while tabular report contains
following information:
• Destination: URL name or IP address of the destination
• Connections: Number of connections to the destination
• Bytes: Amount of data transferred
Bar graph displays amount data transferred per sender user, while tabular report contains
following information:
• User: Username of the user as defined in the monitored device. If username is not defined in
the monitored device then it will be considered as traffic generated by ‘Unknown’ user
• Connections: Number of connections to the user
• Bytes: Amount of data transferred
Bar graph displays amount data transferred per recipient user, while tabular report contains
following information:
• User: Username of the user as defined in the monitored device. If username is not defined in
the monitored device then it will be considered as traffic generated by ‘Unknown’ user
• Connections: Number of connections to the user
• Bytes: Amount of data transferred
Cyberoam iView Administrator Guide
Bar graph displays number of connections per spam sender, while tabular report contains following
information:
• Sender: Email address of the spam sender
• Connections: Number of connections to the sender
Bar graph displays number of connections per spam recipient, while tabular report contains
following information:
• Recipient: Email address of the spam recipient
• Connections: Number of connections to the recipient
To view CPU usage trend drill down by clicking the CPU hyperlink in the table.
View report from Dashboards → iView Dashboard → CPU Usage widget→ CPU.
Tabular report contains following information:
• Time: Time in (YYYY-MM-DD HH:MM:SS) format
• Usage: CPU usage corresponding to time
Cyberoam iView Administrator Guide
To view memory usage trend drill down by clicking the memory hyperlink in the table.
Cyberoam iView Administrator Guide
View report from Dashboards → iView Dashboard → Memory Usage widget→ Memory.
View report from Dashboards → iView Dashboard. Tabular report contains following information:
• Disk: Name and status of disk used to store database and archive logs
• Usage: Disk usage
Cyberoam iView Administrator Guide
To view disk usage trend drill down by clicking the memory hyperlink in the table.
View report from Dashboards → iView Dashboard → Disk Usage widget→ Disk.
To view device wise event frequency drill down by clicking the time hyperlink in the table.
View report from Dashboards → iView Dashboard → Event Frequency widget→ Time.
Graph displays number of events based on time slots while tabular report contains following
information:
• Time: Time in (YYYY-MM-DD HH:MM:SS) format
• Device: Device ID
• Events: Number of events per device
Cyberoam iView Administrator Guide
User Management
Pre-requisite
Super Admin or Admin privilege required to access and manage User sub menu of System menu.
Below given table lists the various access privileges associated with the each user role:
Add Update Delete View Add Update Delete View Add Update Delete View
Mail Server Y Y Y Y N N N N N N N N
Configuration
User Management Y Y Y Y Y Y Y Y N N N N
Device Y Y Y Y N N N N N N N N
Management
Device Group Y Y Y Y N N N N N N N N
Management
Application Group Y Y Y Y Y Y Y Y N N N N
Custom View Y Y Y Y Y Y Y Y N N N N
Report Notification Y Y Y Y Y Y Y Y N N N N
Settings
Data Configuration Y Y Y Y N N N N N N N N
Audit Logs - - - Y - - - Y - - - N
Super Admin Admin Viewer
For all the devices Only for assigned devices Only for assigned device
Use the System → Configuration → Users page to configure and maintain administrators, set
user's administrative access, password maintenance.
Add User
Go to System → Configuration → Users and click Add to add a new user.
Note
Multiple administrators can have rights to manage same device.
In case of simultaneous updation by multiple administrators, last updation will be saved.
Update User
Go to System → Configuration → Users and click user to be updated from the user list.
Note
All the fields except Username are editable.
Delete User
Go to System → Configuration → Users to view list of users.
Note
Default account- Super Admin cannot be deleted.
Cyberoam iView Administrator Guide
Device Integration
Pre-requisite
Super Admin privilege required to access and manage Device sub menu of System menu.
Cyberoam iView collects the log information from multiple devices to generate reports from that log
data.
There are two ways to integrate device to the Cyberoam iView:
• Auto-discover Device
• Add Device (manually)
Auto-Discover Device
Cyberoam iView uses UDP protocol to discover the network device automatically. In order to send
logs to Cyberoam iView, network device has to configure Cyberoam iView as a Syslog server.
On successful login, Super Admin will be prompted with a popup "New Device(s) Found" if a new
device is discovered; else the Main Dashboard is displayed. This prompt will be displayed every
time Super Admin logs in until she takes action on the newly discovered device.
Device Management
Prerequisite
Super Admin privilege required to access and manage Device sub menu of System menu.
The Cyberoam iView can collect log messages from multiple devices and generate many different
types of reports from that log data.
Go to System → Configuration → Device page to view the list of devices with device name, IP
address, device type and status.
Possible status:
: Device is added and activated
: Device is added but deactivated
Device Name Name of the device
IP Address IP address of the device
Device Type Type of the device.
Possible actions:
• Active: Click to accept logs from the device.
• Deactive: Click to reject device logs.
Save Button Click to save the information after changing the status.
Table – Device Management Screen Elements
Add Device
Go to System → Configuration → Device and click Add to add a new device in Cyberoam iView.
Status Select status of the device from drop down. To accept logs from
the device one needs to activate the device.
Update Device
Go to System → Configuration → Device and click the device to be updated.
Possible options:
• Active: Device is active and Cyberoam iView is accepting
logs
• Deactive: Device is inactive and Cyberoam iView is not
accepting logs from the device
Update Button Click to save changes in the device.
Cancel Button Click to return to Device Management page.
Table – Update Device Screen Elements
Activate Device
To start accepting logs from the added device one needs to activate the device in Cyberoam
iView.
Note
You can also activate the device from Update Device section. After activation, Cyberoam iView will
start accepting logs from the device.
Deactivate Device
To stop accepting logs from the added device, one needs to deactivate the device in Cyberoam
iView.
Go to System → Configuration → Device and click ‘Deactivate’ option against the device name.
Click Save to change the status of device.
Cyberoam iView Administrator Guide
Note
You can also deactivate the device from Update Device section. After deactivation, Cyberoam iView
will stop accepting logs from the device.
To access the data of device for forensic investigations do not delete the device from Cyberoam
iView, just deactivate it.
Delete Device
Prerequisite
Device should not be a member of any device group.
Possible options:
3 sec, 5 sec, 10 sec, 20 sec,30 sec, 1 min, 2 min, 5 min
Go Button Click to view real-time log for the selected device
Show Last Specify number of rows of the log entries to be displayed per
Records page.
Possible options:
25, 50, 100
Start Update Click to start log view
Button
Stop Update Click to stop log view
Button
Refresh Button Click to refresh the logs manually.
Device group is logical grouping of devices based on device location, device type (UTM, Firewall),
device model or device administrator. E.g., group all the devices sending Inventory logs of
Inventory of the Organization to generate consolidated report of the Inventory department. Group
all the devices deployed at same geographical location to get network visibility of that area.
Go System → Configuration → Device Group page to view the list of groups with group name,
description and group members.
Note
A group can be deleted without removing devices from the group. Removing a group will not remove
the devices from Cyberoam iView.
Cyberoam iView Administrator Guide
To send the report notification through E-mail, you need to configure SMTP server in Cyberoam
iView.
Use System → Configuration → Mail Server Configuration to configure mail server to send report
notifications.
From Email Specify E-mail ID of the sender. Email ID can be any combination
Address of alphanumeric characters and special characters “_”, “@” and
“.”.
SMTP Click checkbox to enable SMTP authentication, if required.
Authentication
Username If SMTP authentication is enabled, specify username. Username
can be any combination of alphanumeric characters and special
characters “_”, “@” and “.”.
Password Specify password. Password field can not be blank.
Save Button Click to save the configuration information.
Send Test Mail Click to send a test email to specified address.
Button
Table – Mail Server Configuration Screen Elements
Cyberoam iView Administrator Guide
Cyberoam iView generates reports based on application groups. The application group is a logical
grouping of applications based on their functions, for example, all FTP related applications are part
of FTP application group. Cyberoam iView has grouped the most common applications under 27
pre-defined application groups.
Each Application has an identifier in the form of protocol and port number through which it is
identified. E.g., Web-Proxy application is identified through protocol TCP and port number 8080. If
application is not defined in Cyberoam iView then instead of application name, protocol and port
number will be displayed in Reports. Cyberoam iView also allows the administrator to add custom
applications and application groups.
Use System → Configuration → Application Groups page to add and manage applications in
Cyberoam iView.
Note
An application cannot be the member of multiple application groups. To change the group
membership, first remove an application from the current group and then add in the required
application group.
Update Application
• Go to System → Configuration → Application Groups.
• Expand Application Group tree and click application to be modified.
• Refer to Add Application for information on each parameter.
Delete Application
Go to System → Configuration → Application Groups and expand application tree to view list of
applications.
Note
All fields are editable except application group name.
Refer Add Application Group and Update Application Group for details.
Note
You can also change application group membership from Update Application.
Note
When you delete an application group, applications under that group will also be deleted.
Note
This option will delete custom applications and application group.
Cyberoam iView Administrator Guide
Custom view of reports allows grouping of the most pertinent reports that requires the special
attention for managing the devices. Reports from different report groups can also be grouped in a
single view.
In a View, maximum eight reports can be grouped. Custom view provides a single page view of all
the grouped reports.
Use System → Configuration → Custom View to create and manage custom views in iView.
Note
Added custom views will be displayed under Custom Views Sub menu of navigation pane.
Note
All fields except Custom View Name are editable.
Cyberoam iView Administrator Guide
Cyberoam iView can mail reports in PDF format to specified email addresses as per the configured
frequency.
This section describes how to:
• Add Report Notification
• Update Report Notification
• Delete Report Notification
Use the System → Configure → Report Notification to create and manage report notifications.
To select multiple devices press Ctrl key and select devices using mouse.
Email Frequency Set E-mail frequency and time. Reports can be mailed daily or weekly at
the configured interval. In case of weekly notification, select day of the
week.
Add Button Click to add a new report notification.
Cancel Button Click to return to report notification management page.
Table – Add Report Notification Screen Elements
Note
All fields except Report Notification name are editable.
Data Management
Prerequisite
Super Admin privilege required to access and manage Data Management sub menu of System menu.
Retention of data and log archives use enormous amount of disk space. To control and optimize
the disk space usage, configure the data retention period of detailed and summarized table.
Depending on the compliance requirement, configure the log retention period.
Use System → Configuration → Data Management page to configure retention period of various
data tables.
Detailed Table:
Detailed table stores the granular data of time interval starting from 5
minutes up to 4 hours for the configured days.
Cyberoam iView has set default storage of 1 day but you can configure 5
days, 1 week, 15 days, 30 days or forever. Configuring more number of
storage days will affect performance because of the time granularity.
For example, to view the reports for the time interval of 30 minutes for last
one month, you need to set this field to 30 days. After 30 days, report will be
displayed with the granularity of more than 4 hours.
Summarized Table:
Summarized table stores the granular data of time interval of more than 4
hours for the configured days.
Cyberoam iView has set default storage of 3 month but you can configure 1
month, 6 months, or forever.
For example, to view reports for time interval greater than four hours for last
one month you need to set this field to 30 days. Data beyond 30 days will be
deleted from the table though you will be able to view granular reports
beyond 30 days
Archived logs:
Archive logs are collection of historical records, which have accumulated
over the course of an organization's lifetime. The Super Administrator can
configure retention period for archive logs as
• Days - 1, 2 or 5
Cyberoam iView Administrator Guide
• Weeks - 1 or 2
• Months – 1, 3, 6
• Year - 1, 3 , 7
• Forever
Value Displays retention period of the table
Size Displays current size of the table
Status Displays status of last applied change
Apply Button Click to apply changes in database configuration
Table – Database Configuration Screen Elements
Note
Based on configured retention period, data from the tables will be deleted on day-by-day basis.
Cyberoam iView Administrator Guide
Audit Logs
Prerequisite
Super Admin or Admin privilege required to access and manage Data Management sub menu of
System menu.
Audit logs are required to ensure accountability, security and problem detection of a system.
Use System → Audit Logs page to view audit logs for iView.
Category-Event-Message Table
Cyberoam- View displays audit logs for following categories with corresponding events and
messages:
Note
Audit logs can be filtered based on category type and severity.
In addition, you can perform search based on username, IP address and message.
Cyberoam iView Administrator Guide
Archives
Prerequisite
Super Admin or Admin privilege required to access and manage Archives sub menu of System menu.
Archive logs are collection of historical records, which are the initial line of forensic investigation.
Cyberoam iView retains archive log data for the configured period. Data Retention period can be
configured from the System → Configuration→ Data Management page. For further details, refer
to Data Management section.
This column displays list of all four file along with the data size.
Prerequisite
Loading of appropriate archived file is required.
Go to System → Archives → Archive Files and click Search to perform search in loaded archived
file.
Cyberoam iView Administrator Guide
Note
Blank fields in result show unavailability of the data.
Cyberoam iView Administrator Guide
Prerequisite
Unloading of the archived file is required to take backup
Go to System → Archives → Archive Files to take backup of archived files on Cyberoam iView
machine.
Prerequisite
Loading of appropriate archived file is required.
To manage available storage space, the Super Administrator can unload the archived files once
the search has been performed. Please note that unloading file does not delete the data from the
Cyberoam iView.
Cyberoam iView Administrator Guide
Note
Unload option will unload all the loaded files. User will not have option to unload individual file.
Cyberoam iView Administrator Guide
In no event shall Elitecore be liable for any direct, indirect, or incidental damages, including, damage
to data arising out of the use or inability to use this manual.
No part of this work may be reproduced or transmitted in any form or by any means except as
expressly permitted by Elitecore Technologies Ltd. This does not include those documents and
software developed under the terms of the open source General Public License.
If you need commercial technical support for this product please visit www.cybreoam-iview.com.
You can visit open source Cyberoam iView forums at https://sourceforge.net/projects/cyberoam-
iview/support to get support from the project community.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
A copy of the GNU General Public License is available along with this program; see the COPYING file
for the detailed license.
The interactive user interfaces in modified source and object code versions of this program must
display Appropriate Legal Notices, as required under Section 5 of the GNU General Public License
version 3.
In accordance with Section 7(b) of the GNU General Public License version 3, these Appropriate
Legal Notices must retain the display of the "Cyberoam Elitecore Technologies Initiative" logo.