Defining what Report Sections to use in a Report
A Report Design consists of one or more Report Sections, which define parameters for all Report Items. You can modify and create Report Sections in a Report Design.
Each Report Section in the Report Design creates a separate chart or table (or both) in the generated report.
Configuration, then browse to . Customize Report Sections and Items
You can add predefined Report Sections to your Report Design and then modify their contents and properties according to your needs.
- Bar chart
- Stacked bar chart
- Curve chart
- Stacked curve chart
- Pie chart
- Geolocation map
- Table
The available types of Report Section summaries are explained in the following table.
| Summary type | Description | Visualization |
|---|---|---|
| Progress | Illustrates how events are spread out within the reporting period. This summary type is useful for finding trends in the
data. Example: A line chart showing the volume of traffic during a 24-hour period. |
A bar chart, stacked bar chart, curve chart, or stacked curve chart. |
| Top Rate | Illustrates events with the highest occurrences. This summary type is useful for highlighting the most common values in the
data. Example: A bar chart showing the number of connections to the five IP addresses that have received the most connections yesterday. The first Report Item in a top rate summary section must have a sorting criteria “by X” (for example, allowed connections by source IP address). The sorting criteria is applied to all items in the section for ranking the top rates. |
A bar chart, a pie chart, or a geolocation map. A bar chart is more suitable for displaying many top rates, whereas a pie chart is better at illustrating the relative proportions. A geolocation map shows the distribution of events according to physical location. |
| Summary Table | A simple table for displaying the exact event counts. This summary type is useful for providing data for further processing, for example, in a spreadsheet application. | A table. |
| System Information | Summarizes current configuration information in the Management Server’s internal database. Example: A listing of all engines with the software versions, names of the currently installed policies, and the latest policy upload times. |
A table. |
A Report Item represents a value that you want counted in log data or statistical monitoring information. (Allowed traffic in bits or the number of allowed connections are examples of values that can be counted.)
- A simple count of how many log entries have a certain value within the reporting period. For example, the Allowed Connections Report Item counts the log entries that have the value Allowed in the Action field. A simple count is how the results for most Report Items are summed.
- A count of how many log entries have a certain value within the reporting period grouped “by X” criteria. For example, Allowed connections by source IP address presents a chart for an adjustable number of IP addresses that have the most allowed connections within the reporting period.
- Sums or averages of traffic volumes in log entries for Report Items of the “traffic” type (for example, Allowed traffic). Access rules that have the accounting option enabled in the Firewall Policy generate the data for “traffic” items. Interface statistics often provide more accurate total volumes, since accounting (and logging in general) is not active for all rules.
- Values stored in the Management Server’s database for System Information items. The statistical data is pre-summarized. It is not as detailed as the monitoring statistics displayed in the Home view and cannot be filtered in detail like the log data.