Chapter 8: the logs and reports menu, 1 dashboard, 1 common elements – NEXCOM IFA 1610 User Manual

Copyright © 2014 NEXCOM International Co., Ltd. All Rights Reserved.

IFA 3610/IFA 2610/IFA 1610 User Manual

Chapter 8: The Logs and Reports Menu

75

Chapter 8: The Logs and Reports Menu

In the logs and reports section of the appliance there are different possibilities to look at and to analyse the log files.

The sub-menu on the left-hand side of the screen contains the following items:

▪ Dashboard - the brand new reporting module.

▪ Traffic monitoring - the ntopng graphic interface gives a real time overview of the network traffic using charts.

▪ Live Logs - get quick, live view of the latest log entries as they are being generated.

▪ Summary - get daily summaries of all logs.

▪ System - system logs (

/var/log/messages) filtered by source and date.

▪ Service - logs from the intrusion detection system (IDS), OpenVPN, and antivirus.

▪ Firewall - logs from iptables rules.

▪ Proxy - logs from the HTTP, SMTP, and content filter proxies.

▪ Settings - customise all the log options.

▪ Trusted Timestamping - securely time stamp the log files to verify they have not been altered.

In a nutshell, there are two modalities to access the log from the GUI: Live and “by-service”: In the live mode the log
files are visualised as soon as they are created, while in the “by-service” mode only the logs produced by one daemon
or service are displayed.

8.1 Dashboard

The reporting GUI is a new module, introduced in version 3.0, whose purpose is to graphically show the occurrence of
various types of event on the system.

In a nutshell, the reporting module shows events happened on the appliance using different widgets and graphs. All
events occurring on the system and the information concerning them recorded by the syslog daemon are parsed and
used to populate a sqlite3 database. From here, data are gathered according to the options and filters applied in the GUI
and are displayed by the widgets.

Note:

This module is loosely coupled with the Event notifications located in Menubar

► System ► Event notifications.

All events recorded there, and for which email or SMS alerts are sent, appear also here, but the vice-versa is not true.

This page is divided into six tabs: Summary, System, Web, Spam, Attacks, and Virus. Except for the first tab, which shows
an overview of all events, each of them is dedicated to a precise service running on the appliance.

8.1.1 Common elements

All the tabs share the same design: Below the tabs, on the left-hand side there are a date selector on the the left-hand
side and a Print button on the right-hand side. Then, a line chart at with an horizontal slider right below, atop one infor-
mative boxes (Summary Grid) and a pie-chart. At the bottom, there are one or more tables, depending on the tab and
the data shown. The table that is always present is the one displaying the syslog messages related to the events shown.

More in detail, here is a description of all the widget present in the reporting module.

Date selector
At the top left-hand side of the GUI there is an hyperlink that shows the interval within which occurred those events that
have been considered for the charts. By clicking on it, a small panel gives access to other choices of intervals. There are
two types of choices, the first one concerns events that took place in the last ... days, namely events from the last day,
week month, quarter, or year; the second one selects all the events occurred in one of the last 12 months. Upon select-
ing a new time span, the other widgets are also updated. There is also the possibility to not change the interval shown,
by clicking on Cancel.

Print
A click on this button shows a print preview of the current page, in which the Back button replaces Print, and open a
pop up window in which to choose the printing device.