Table of Contents
Preface ................................................................................................................... 4
Intended Audience.......................................................................................................................... 4
Guide Organization......................................................................................................................... 4
Typographic Conventions ............................................................................................................... 5
Dashboard ............................................................................................................ 11
Main Dashboard ........................................................................................................................... 11
Traffic Dashboard ..................................................................................................................... 13
Security Dashboard .................................................................................................................. 33
Virus Traffic .............................................................................................................................. 49
Custom Dashboard....................................................................................................................... 51
Username Dashboard .............................................................................................................. 51
Report by User and Internet Usage .............................................................................................. 57
Source Host Dashboard ........................................................................................................... 57
Senders Email Address Dashboard ........................................................................................ 61
Recipients Email Address Dashboard ..................................................................................... 65
Top Domains by User and Category ............................................................................................ 69
Detailed Report by User, Category, URL ..................................................................................... 69
Top Servers and Hosts by User (Upload) and File (Upload) ....................................................... 69
Detailed Report by User (Upload), File, Server, Host .................................................................. 69
Top Servers and Hosts by User (Download) and File .................................................................. 69
Detailed Report by User (Download), File, Server and Host........................................................ 70
Report by User and Virus ............................................................................................................. 70
Top Servers and Users by Host (Upload) and File ...................................................................... 70
Detailed Report by Host (Upload), File, Server and User ............................................................ 70
Top Servers and Users by Hosts (Download) and Files .............................................................. 70
Detailed Report by Host (Download), File, Server and User ....................................................... 71
Report by Senders E-mail Address and Recipient ..................................................................... 71
Cyberoam iView Dashboard ......................................................................................................... 71
User Management ........................................................................................................................ 77
Preface
Welcome to Cyberoam iView Administrators Guide.
Intended Audience
This Guide is intended for the people who want to configure Cyberoam iView. A basic TCP/IP
networking concepts knowledge is required.
Guide Organization
This Guide provides information regarding the administration and customization of Cyberoam iView
and helps you manage and customize Cyberoam iView to meet your organizations various
requirements.
This Guide is organized into three parts:
Part 1 Cyberoam iView Basics
It describes how to start using Cyberoam iView after successful installation.
Part 2 Basic Configuration
It describes minimum configuration settings required to generate reports using Cyberoam iView,
which includes adding and managing devices and administrators, and define their roles for device
management.
Part 3 Advanced Configuration
It describes advanced configuration settings of Cyberoam iView, which includes setting data storage
sizes for archiving logs; configure mail server and email schedule for mailing reports.
Part 4 Reports
It describes how to access and navigate through the drilldown reports. It also provides description of
all the reports generated by Cyberoam iView. Refer to Cyberoam iView Reports Guide.
Typographic Conventions
Material in this guide is presented in text or screen display notations:
Item
Cyberoam
Server
Username
Topic titles
Convention
iView
Subtitles
Navigation link
Bold typeface
Name
of
a
particular
parameter / field /
command
button
text
Cross references
Lowercase
italic type
Example
Hyperlink
in
different color
Bold typeface
between the
black borders
Bold typefaces
between the
black borders
Introduction
Notation conventions
System > Configuration > Users
it means, to open the required page click System, then
Configuration and finally click Users
Enter policy name, replace policy name with the specific name
of a policy
Or
Click Name to select where Name denotes command button
text which is to be clicked
Refer to Customizing User database Clicking on the link will
open the particular topic
Note
Prerequisite
Prerequisite details
CLI Console The administrator can access CLI console of Cyberoam iView appliance using any of
the following default Super Administrator credentials:
Username/Password admin/admin
Username/Password root/admin
The administrator can change default HTTP and HTTPS access ports from System >
Configuration > Port Configuration.
.
Screen Cyberoam iView Web Admin Console
Screen Elements
Description
Username
Password
Specify password.
If you are logging on for the first time after installation, please use
password specified at the time of installation.
Language
Login button
Cyberoam iView displays Main Dashboard as soon as you logon to the Web Admin Console. Main
Dashboard provides a quick and fast overview of the allowed and denied traffic of all the devices
added to Cyberoam iView.
If you are logging for the first time after installation:
You will be logged in with the super administrator privileges.
Dashboard will not show any traffic details as devices are yet to be added to Cyberoam iView.
Description
Product
Category
Selection Dropdown
Navigation Pane
Button Bar
Global
Selection
Checkbox
Individual Selection
Checkbox
Page
Information
Area
Bar appears at the top left hand corner of the Information Area
of every page.
Click to select all items.
Click to select individual item.
Displays page information corresponding to the selected
menu.
Table Basic Screen Elements
Screen Elements
Description
Device Selection
Calendar
Breadcrumb
Navigation
Convert to Excel
Convert to PDF
Page Bookmark
Page Controls
Dashboard
Cyberoam iView displays UTM Main Dashboard as soon as you logon to the Web Admin Console.
To view dashboard for other product category you need to select product category from drop down
provided on top left.
Dashboard provides a summary view of entire network traffic.
It also provides the current resource usage - CPU, Disk, Memory as well total events received by
Cyberoam iView from each device.
By default, Cyberoam iView provides following dashboards:
Main Dashboard: Displays allow and deny traffic statistics for all the monitored devices.
Traffic Dashboard: Displays information regarding total network traffic
Security Dashboard: Displays information regarding denied network activities and traffic
Cyberoam iView Dashboard: Provides overview of all the important parameters like memory
usage, disk usage, CPU usage of Cyberoam iView.
Cyberoam iView also provides following custom dashboards:
Username Dashboard : Provides Internet behavior overview of the selected user.
Source Host Dashboard: Provides overview of traffic generated by the selected source host.
Senders Email Address Dashboard: Provides overview of traffic generated by the specified
senders Email Address.
Recipients Email Address Dashboard: Provides the Internet activities conducted through the
specified recipients Email Address.
To return to the Main Dashboard from any other page of the Web Admin console, click
provided in Admin Tool bar.
Main Dashboard
Main Dashboard provides a quick overview of top allowed and denied traffic of network including
Web, FTP, mail, database and other applications.
It displays graphical and tabular overview of allowed and denied traffic of the top traffic generating
applications for all the added devices in a Widget form.
Widget displays report in graphical as well as tabular format. By default, the report is displayed for the
current date. Report date can be changed through the Calendar available on the topmost row of the
page.
Allowed Traffic Overview widget
Denied Traffic Overview widget
Traffic Dashboard
Cyberoam iView Traffic dashboard is a collection of widgets displaying information regarding total
network traffic.
This dashboard gives complete visibility of network traffic in terms of applications, web categories,
users, hosts, source and destination countries, mail traffic and FTP activities.
Traffic Dashboard consists of following reports in widget form:
Top Applications
Top Application Categories
Top Users
Top Hosts
Top Source Countries
Top Destination Countries
Top Rule ID
Top Web Categories
Top Web Users
Top Domains
Top File Upload
Top Files Uploaded via FTP
Top Files via FTP
Top FTP Servers
Mail Traffic Summary
Top Mail Senders
Top Mail Recipients
Allowed Traffic Summary
Web Traffic Summary
FTP Traffic Summary
Click Application hyperlink in table or pie chart to view Filtered Application Reports.
Click Sender hyperlink in table or pie chart to view Filtered Mail Usage Reports.
Click Recipient hyperlink in table or pie chart to view Filtered Mail Usage Reports.
Security Dashboard
Cyberoam iView Security dashboard is a collection of widgets displaying information regarding denied
network activities and traffic. It also gives overview of malwares and spam along with source and
destination countries.
Traffic Dashboard consists of following reports in widget form:
Top Blocked Hosts
Top Blocked Users
Top Blocked Applications
Top Blocked Destination Countries
Top Blocked Source Countries
Top Blocked Rule ID
Top Blocked Categories
Top Blocked Domains
Top Attacks
Top Viruses
Top Spam Senders
Top Spam Recipients
Blocked Traffic Summary
Virus Summary
Spam Summary
IDP Attacks Summary
Content Filtering Blocked Summary
Virus Traffic
Virus Traffic reports consist of following granular reports in widget format:
Top Applications
Top Viruses
Top Virus Sending Countries
The granular reports page displays multiple reports in the widgets form, which can again be drilled
down to view the filtered report.
Top Applications widget
Report displays a list of applications which has the maximum number of virus counts.
Application/Protocol: Port: Displays name of the application as defined in Cyberoam/CyberoamiView. If application is not defined in Cyberoam/Cyberoam-iView then this field will display
application identifier as combination of protocol and port number.
Custom Dashboard
Cyberoam iView provides option to the user to create custom dashboard based on user, source host
and Email Address.
Custom Dashboard is divided into following sub-dashboards:
Username Dashboard
Source Host Dashboard
Senders Email Address Dashboard
Recipients Email Address Dashboard
Username Dashboard
Cyberoam iView user dashboard provides snapshot of users activities in your network.
To view the User Dashboard:
Go to Dashboards > Custom Dashboard.
Select Username in Criteria drop-down and specify the username.
Click Go to view user based dashboard.
Top Web Categories
Top Files Uploaded via FTP
Top Files Downloaded via FTP
Top Blocked Categories
Top Web Viruses
Internet Usage
Category: Displays name of the category as defined in monitored device. If category is not
defined in the monitored device then this field will display None at place of category name.
Category: Displays name of the category as defined in monitored device. If category is not
defined in the monitored device then this field will display None at place of category name.
Data Transfer: Total amount of data transferred (Upload + Download) by the user.
Category: Displays name of the category as defined in monitored device. If category is not
defined in the monitored device then this field will display None at place of category name.
Category: Displays name of the category as defined in monitored device. If category is not
defined in the monitored device then this field will display None at place of category name.
User: Username of the user as defined in the monitored device. If the User is not defined then
it will display N/A which means the traffic is generated by an undefined user.
information:
User: Username of the user as defined in the monitored device. If the User is not defined then
it will display N/A which means the traffic is generated by an undefined user.
View the report from Dashboard > Custom Dashboard > Source Host > Top Files
Downloaded via FTP widget > File.
To view detailed report for the selected file, user, server and host drill down by clicking the server
hyperlink in the table.
Bar graph displays amount of data transferred through each E-mail while tabular report contains
following information:
Time: Date and Time in YYYY: MM: DD HH:MM:SS format.
Subject: Subject line of the Email.
User: Username of the sender as defined in monitored device. If the User is not defined then it
will display N/A which means the traffic is generated by an undefined user.
Host: IP address of the host.
View report from Dashboards > iView Dashboard. Tabular report contains following
information:
Memory: Status of Cyberoam iView memory as used and free
Usage: Usage of memory
View report from Dashboards > iView Dashboard > Event Frequency widget> Time.
Graph displays number of events based on time slots while tabular report contains following
information:
Time: Time in (YYYY-MM-DD HH:MM:SS) format
Device: Device IP address or name.
Events: Number of events per device.
User Management
Prerequisite
Super Admin or Admin privilege required to access and manage User sub menu of System menu.
This section describes how to:
Add User
Update User
Delete User
Cyberoam iView supports three types of user roles:
Super Admin Default account. No additional account can be created
Admin Only administrator with the Super Admin role can add Admin roles
Viewer Administrator with Super Admin and Admin roles can add Viewer roles
Below given table lists the various access privileges associated with the each user role:
Menu/Role
Mail
Server
Configuration
User
Management
Device
Management
Device Group
Management
Application
Category
Custom View
Report
Notification
Settings
Data
Management
Bookmark
Management
Logs
Port
Configuration
Backup
Management
Disk
Usage
Limit
External
Configuration
Authentication
Super Admin
For all the devices
Admin
Only for assigned devices
Viewer
Only for assigned device
Add
Update
Delete
View
Add
Update
Delete
View
Add
Update
Delete
View
Server
Maintenance
Audit Logs
Load
and
Search
Archive
Unload,
Backup
and
Restore
Archive Files
View Live
Logs
View
and
Search
Reports
Dashboards
Main, Device,
User,
Host,
Email
Address,
iView)
Y
Y
Y
Super Admin
For all the devices
Y
Y
N
N
Y
Admin
Only for assigned devices
N
N
N
Viewer
Only for assigned device
Description
Add Button
Delete Button
Username
Name
Role
Email
Created by
Last Login Time
Add User
Go to System > Configuration > Users and click Add to add a new user.
Description
Name
Username
Password
Confirm
Password
Email
Role
Select Device
Add Button
Cancel Button
Note
Multiple administrators can have rights to manage same device.
In case of simultaneous update operations by multiple administrators, last updation will be saved.
Update User
Go to System > Configuration > Users and click user to be updated from the user list.
Description
Name
Password
Confirm
Password
Email
Role
Select Device
Update Button
Cancel Button
Note
All the fields except Username are editable.
Delete User
Go to System > Configuration > Users to view list of users.
Screen Elements
Description
Global Selection
Individual Selection
Delete Button
Note
Default account- Super Admin cannot be deleted.
Device Integration
Prerequisite
Super Admin privilege required to access and manage Device sub menu of System menu.
Cyberoam iView collects the log information from multiple devices to generate reports from that log
data.
There are two ways to integrate device to the Cyberoam iView:
Auto-discover Device
Add Device (manually)
Auto-Discover Device
Cyberoam iView uses UDP protocol to discover the network device automatically. In order to send
logs to Cyberoam iView, network device has to configure Cyberoam iView as a Syslog server.
On successful login, Super Admin will be prompted with a popup "New Device(s) Found" if a new
device is discovered; else the Main Dashboard is displayed. This prompt will be displayed every time
Super Admin logs in until she takes action on the newly discovered device.
Super Admin can:
ignore this prompt by clicking
accept and activate the device by providing Device Name and Device Type. Cyberoam iView will
accept the logs only after device is activated.
accept and keep device in deactivated state. Cyberoam iView will not accept the logs if device is
in inactive state.
Screen Elements
Description
Device Name
Appliance Key
IP Address
Device Type
Status
Save Button
Device Management
Prerequisite
Super Admin privilege required to access and manage Device sub menu of System menu.
The Cyberoam iView can collect log messages from multiple devices and generate many different
types of reports from that log data.
This section describes how to:
Add Device
Update Device
Activate Device
Deactivate Device
Delete Device
View Real Time Logs
Go to System > Configuration > Device page to view the list of devices with device name, IP
Address, device type and status.
Description
Add Button
Delete Button
Current Status
Device Name
Device ID
IP Address
Device Type
Squid
24Online
Linux Firewall Netfilter/Iptables
Cisco ASA
Cisco ASA_CSC_
Apache
eScan
NetGenie
Status
Save Button
Add Device
Go to System > Configuration > Device and click Add to add a new device in Cyberoam
iView.
Screen Elements
Description
Device ID
Device Name
IP Address
Device Type
Description
Status
Add Button
Cancel Button
Update Device
Go to System > Configuration > Device and click the device to be updated.
Description
Device ID
Device Name
IP Address
Device Type
Description
Status
Ok Button
Cancel Button
Activate Device
To start accepting logs from the added device one needs to activate the device in Cyberoam iView.
Go to System > Configuration > Device and click Active against device name.
Click Save to change status of device.
Note
You can also activate the device from Update Device section. After activation, Cyberoam iView will start
accepting logs from the device.
Deactivate Device
To stop accepting logs from the added device, one needs to deactivate the device in Cyberoam iView.
Go to System > Configuration > Device and click Inactive option against the device name.
Click Save to change the status of device.
Note
You can also deactivate the device from Update Device section. After deactivation, Cyberoam iView will stop
accepting logs from the device.
To access the data of device for forensic investigations do not delete the device from Cyberoam iView, just
deactivate it.
Delete Device
Prerequisite
The Device to be deleted should not be a member of any device group.
The Device to be deleted should not be a part of any Report Notification.
Description
Global Selection
Individual
Selection
Delete Button
Screen Elements
Description
Device Name
Refresh Time
Go Button
Show
Records
Possible options:
3 sec, 5 sec, 10 sec, 20 sec,30 sec, 1 min, 2 min, 5 min
Click to view real-time log for the selected device.
Specify number of rows of the log entries to be displayed per
page.
Last
Start
Update
Button
Stop
Update
Button
Refresh Button
Possible options:
25, 50, 100
Click to start log view.
Click to stop log view.
Click to refresh the logs manually.
Log view is refreshed automatically as per the configured refresh
time. If you wish to refresh the log view in between, use refresh
button.
Table Live Logs Screen Elements
Screen Elements
Description
Add Button
Delete Button
Device Group
Description
Device Name(s)
Screen Elements
Description
Device
Group
Name
Description
Select Category
Select Device
Ok Button
Cancel Button
Description
Device
Group
Name
Description
Select Category
Select Device
Ok Button
Cancel Button
Description
Global Selection
Individual
Selection
Delete Button
Note
A group can be deleted without removing devices from the group. Removing a group will not remove the
devices from Cyberoam iView.
Description
Mail
Port
Server
IP-
Display Name
From
Email
Address
SMTP
Authentication
Username
Password
Save Button
Send Test Mail
Button
Default port - 25
Specify display name of mail sender.
Specify E-mail ID of the sender. Email ID can be any combination
of alphanumeric characters and special characters _, @ and
..
Click checkbox to enable SMTP authentication, if required.
If SMTP authentication is enabled, specify username. Username
can be any combination of alphanumeric characters and special
characters _, @ and ..
Specify password. Password field cannot be blank.
Click to save the configuration information.
Click to send a test email to specified IP Address.
Description
Add
Application
Button
Add
Application
Category Button
Add
Technology
Button
Application
Categories
Description
Delete option
Screen Elements
Description
Application Name
Technology
Browser Based
Client Server
Network Protocol
P2P
N/A
Risk
Application
Category
Done Button
Cancel Button
Screen Elements
Description
Add Application
Identifier
Technology
Risk
Application
Category
Application
Identifiers
Done Button
Cancel Button
Screen Elements
Description
Application
Port Type
From
To
Done Button
Cancel Button
Screen Elements
Description
Application
Identifier
Delete Icon
Note
An application cannot be the member of multiple application categories. To change the group membership,
first remove an application from the current category and then add in the required application category.
Update Application
Go to System > Configuration > Application Categories.
Expand Application Category tree and click application to be modified.
Refer to Add Application for information on each parameter.
Delete Application
Go to System > Configuration > Application Categories and expand application tree to
view list of applications.
Screen Elements
Description
Application
Delete Icon
to delete application.
Screen Elements
Description
Group Name
Description
Unassigned
Applications List
Selected
Applications List
Move Button
Done Button
Cancel Button
Description
Description
Move Button
Done
Cancel
Description
Description
Move Button
Done
Cancel
Note
You can also change application category membership from Update Application Category Membership.
Description
Application
Categories
Description
Delete Icon
Add Technology
Go to System > Configuration > Application Categories and click Add Technology to
add a new technology.
Description
Technology Name
Done
Cancel
Delete Technology
Go to System > Configuration > Application Categories and click Add Technology.
Description
Description
Delete Icon
to delete technology.
Screen Elements
Description
Add Button
Delete Button
Custom
View
Name
Custom
View
Description
Screen Elements
Description
Custom
Name
View
Custom
View
Description
Category
Select Report
Add Button
Delete Button
Product category.
Expand report group and click against the report to be added in
custom view. Maximum 8 reports can be added.
Click to add a new custom view.
Click to delete a custom view.
Table Add Custom View Screen Elements
Note
Added custom views will be displayed under Custom Views Sub menu of navigation pane.
Description
Description
Select Report
Update Button
Cancel Button
Description
Global Selection
Individual
Selection
Delete Button
Description
Add Button
Delete Button
Name
Report
Group/Bookmark
Device Name
Email Frequency
To Email Address
Last Sent Time
Screen Elements
Description
Name
Description
To Email Address
Select Category
Notification Type
Sorting Criteria
Report Group
Bookmarks
Device Selection
Email Frequency
Ok Button
Cancel Button
Description
Description
To Email Address
Notification Type
Report Group
Device Selection
Email Frequency
Ok Button
Cancel Button
Note
All fields except Report Notification name are editable.
Description
Global Selection
Individual
Selection
Delete Button
Data Management
Prerequisite
Super Admin privilege is required to access and manage Data Management sub menu of System
menu.
Retention of data and log archives use enormous amount of disk space. To control and optimize the
disk space usage, configure the data retention period of detailed and summarized table. Depending
on the compliance requirement, configure the log retention period.
This section describes how to configure log retention period for various product categories.
Use System > Configuration > Data Management page to configure retention period of
various data tables.
UTM Data Management
Access Gateway Data Management
EPS Data Management
Web Server Data Management
Smart Wireless Router Data Management
Description
Log Retention
Mail logs can be retained for time interval starting from 1 month to 3
months.
Cyberoam iView has set default storage of 3 months for Mail logs. You can
configure 1 Month, 2 Months or 3 Months to retain Mail logs.
IM and Blocked IM Logs:
IM and blocked IM logs can be retained for time interval starting from 1
month to 3 months.
Cyberoam iView has set default storage of 3 months for IM and Blocked IM
logs. You can configure 1 Month, 2 Months or 3 Months to retain IM and
Blocked IM logs.
FTP Logs:
FTP logs can be retained for time interval starting from 1 month to 3
months.
Cyberoam iView has set default storage of 3 months for FTP logs. You can
configure 1 Month, 2 Months or 3 Months to retain FTP logs.
VPN Logs:
VPN logs can be retained for time interval starting from 1 day to 1 month.
Cyberoam iView has set default storage of 3 months for VPN logs. You
can configure 1 Day, 2 Days, 3 Days, 5 Days, 7 Days or 1 Month to retain
VPN logs.
Internet Usage Logs:
Internet usage logs can be retained for time interval starting from 1 day to
3 months.
Cyberoam iView has set default storage of 3 months for Internet usage
logs, but you can configure 1 day, 2 days, 3 days, 5 days, 7 days, 1 month
or 3 months to retain Internet Usage logs.
Blocked Web Attempts Logs:
Blocked Web Attempts logs can be retained for time interval starting from 1
month to 3 months.
Cyberoam iView has set default storage of 3 months for Blocked Web
Attempts logs, but you can configure 1 month or 2 months to retain
Blocked Web Attempts logs.
IPS (Attacks) Logs:
IPS logs can be retained for time interval starting from 1 month to 3
months.
Cyberoam iView has set default storage of 3 months for IPS logs, but you
can configure 1 month or 2 months to retain IPS logs.
Spam Logs:
Spam logs can be retained for time interval starting from 1 month to 3
months.
Cyberoam iView has set default storage of 3 months for spam logs, but
you can configure 1 month or 2 months to retain spam logs.
Virus Logs:
Virus logs can be retained for time interval starting from 1 month to 3
months.
Cyberoam iView has set default storage of 3 months for virus logs, but you
can configure 1 month or 2 months to retain virus logs.
Appliance Audit Logs:
Appliance audit logs can be retained for time interval starting from 1 day to
1 month.
Cyberoam iView has set default storage of 1 month day for appliance audit
logs, but you can configure 1 day, 2 days, 3 days, 5 days or 7 days to
retain appliance audit logs.
Application Logs:
Application logs can be retained for time interval starting from 1 month to 1
year.
Cyberoam iView has set default storage of 6 months for appliance audit
logs, but you can configure 1 month, 2 months, 3 months, 9 months or 1
year to retain application logs.
Blocked Attempts Logs:
Blocked Attempt logs can be retained for time interval starting from 1
month to 1 year.
Cyberoam iView has set default storage of 6 months for blocked attempt
logs, but you can configure 1 month, 2 months, 3 months, 9 months or 1
year to retain blocked attempts logs.
Report Period
Size
Status
Archive Retention
Export to Excel
Parameters
Customization
Apply Button
WAF Logs:
Blocked Attempt logs can be retained for time interval starting from 1
month to 1 year.
Cyberoam iView has set default storage of 1 month for WAF logs, but you
can configure 1 to 11 months to retain WAF logs.
Displays retention period of the logs.
Displays current size of the logs.
Displays status of last applied change.
Archive Logs:
Archive logs can be retained for time interval starting from 1 day to forever.
Cyberoam iView has set default storage as Forever for archive logs, but
you can configure 1, 2 or 5 days, 1 or 2 weeks, 1, 3 or 6 months, 1, 3, 7
years or you can disable retention of archived logs.
Enable to allow number of records selection while saving reports in MSExcel format.
Click to apply changes in database configuration.
Table Database Configuration Screen Elements
Description
Log Retention
You can retain following logs for Access Gateway Data Management
device(s):
Firewall Logs:
Firewall logs can be retained for time interval starting from 1 month to 1
year.
Cyberoam iView has set default storage of 6 months for firewall logs.
You can configure 1 Month, 2 Months, 3 Months, 6 Months, 9 Months or
1 year to retain firewall logs.
Report Period
Size
Status
Archive Retention
Export
to
Excel
Parameters
Customization
Apply Button
Screen Elements
Description
Log Retention
You can retain following logs for EPS Data Management device(s):
USB Control:
USB Control logs can be retained for time interval starting from 1 month
to 1 year.
Cyberoam iView has set default storage of 6 months for USB Control
logs. You can configure 1 Month, 2 Months, 3 Months, 6 Months, 9
Months or 1 year to retain USB Control logs.
Web Report Logs:
Web Report logs can be retained for time interval starting from 1 month
to 1 year.
Cyberoam iView has set default storage of 6 months for Web Report
logs. You can configure 1 Month, 2 Months, 3 Months, 6 Months, 9
Months or 1 year to retain Web Report logs.
Update Data Logs:
Update Data logs can be retained for time interval starting from 1 month
to 1 year.
Cyberoam iView has set default storage of 6 months for Update Data
logs. You can configure 1 Month, 2 Months, 3 Months, 6 Months, 9
Months or 1 year to retain Update Data logs.
Anti Virus Logs:
Anti Virus logs can be retained for time interval starting from 1 month to
1 year.
Cyberoam iView has set default storage of 6 months for Anti Virus logs.
You can configure 1 Month, 2 Months, 3 Months, 6 Months, 9 Months or
1 year to retain Anti Virus logs.
Application Control Logs:
Application Control logs can be retained for time interval starting from 1
month to 1 year.
Cyberoam iView has set default storage of 6 months for Application
Control logs. You can configure 1 Month, 2 Months, 3 Months, 6
Months, 9 Months or 1 year to retain Application Control logs.
Email Scanning Logs:
Email Scanning logs can be retained for time interval starting from 1
Report Period
Size
Status
Archive Retention
Export
to
Excel
Parameters
Customization
Apply Button
month to 1 year.
Cyberoam iView has set default storage of 6 months for Email Scanning
logs. You can configure 1 Month, 2 Months, 3 Months, 6 Months, 9
Months or 1 year to retain Email Scanning logs.
Displays retention period of the logs.
Displays current size of the logs.
Displays status of last applied change.
Archive Logs:
Archive logs can be retained for time interval starting from 1 day to
forever.
Cyberoam iView has set default storage as Forever for archive logs, but
you can configure 1,2 or 5 days, 1 or2 weeks, 1,3 or 6 months, 1,3,7
years or you can disable retention of archived logs.
Enable to allow number of records selection while saving reports in MSExcel format.
Click to apply changes in database configuration.
Table EPS Data Management Screen Elements
Screen Elements
Description
Log Retention
You can retain following logs for Web Server Data Management
device(s)
Apache Logs:
Apache logs can be retained for time interval starting from 1 month to 1
year.
Cyberoam iView has set default storage of 6 months for Apache logs.
You can configure 1 Month, 2 Months, 3 Months, 6 Months, 9 Months or
1 year to retain Apache logs.
Displays retention period of the logs.
Displays current size of the logs.
Displays status of last applied change.
Archive Logs:
Archive logs can be retained for time interval starting from 1 day to
forever.
Cyberoam iView has set default storage as Forever for archive logs, but
you can configure 1,2 or 5 days, 1 or2 weeks, 1,3 or 6 months, 1,3,7
years or you can disable retention of archived logs.
Enable to allow number of records selection while saving reports in MSExcel format.
Report Period
Size
Status
Archive Retention
Export
to
Parameters
Excel
Customization
Apply Button
Screen Elements
Description
Log Retention
You can retain following logs for Smart Wireless Router device(s)
Application Activity Logs:
Application Activity logs can be retained for time interval starting from 1
month to 1 year.
Cyberoam iView has set default storage of 1 month for Application
Activity logs.
Web Allow Logs:
Web Allow logs can be retained for time interval starting from 1 month
to 1 year.
Cyberoam iView has set default storage of 2 Months for Web Allow
logs.
Web Denied Logs:
Web Denied Logs can be retained for time interval starting from 1
Month to 1 year.
Cyberoam iView has set default storage of 3 Months for Web Denied
logs.
Attack Logs:
Attack Logs can be retained for the time interval starting from 1 Month
to 1 year.
Cyberoam iView has set default storage of 9 Months for Attack logs.
Report Period
Size
Status
Archive Retention
Virus Logs
Virus Logs can be retained for the time interval starting from 1 Month to
1 year.
Cyberoam iView has set default storage of 9 Months for Virus logs.
Displays retention period of the logs.
Displays current size of the logs.
Displays status of last applied change.
Archive Logs:
Export
to
Excel
Parameters
Customization
Apply Button
Archive logs can be retained for time interval starting from 1 day to
forever.
Cyberoam iView has set default storage as Forever for archive logs, but
you can configure 1,2 or 5 days, 1 or2 weeks, 1,3 or 6 months, 1,3,7
years or you can disable retention of archived logs.
Enable to allow number of records selection while saving reports in MSExcel format.
Click to apply changes in database configuration.
Bookmark Management
Prerequisite
Super Admin or Admin privilege required to access and manage Bookmark Management sub menu of
System menu.
Cyberoam iView allows the user to Bookmark report or report groups at any level of drill down. The
user can generate and view reports on multiple criteria and save them as bookmark. The user can
access the bookmarked reports from left navigation menu on next login.
This section describes how to
Add Bookmark Group
Delete Bookmark Group
Use the System > Configuration > Bookmark Management to create and manage
bookmark group.
Screen Elements
Description
Add
Bookmark
Group Button
Bookmark Groups
Description
Bookmark Group
Name
Ok Button
Cancel Button
Description
Bookmarks
or
Bookmarks Group
Delete Icon
Search
Search provides option to search various reports based on multiple search parameters.
The administrator can search reports from following categories:
Web Surfing Reports
Mail Usage
Spam
Virus
FTP
Summary
Detail
Domain
URL
Category
IP Address
User
Group
By default, as soon as you click Web Surfing Reports, the Web Search Result report is displayed
in tabular manner.
Search Reports
1. Go to Search > Web Surfing Reports.
2. Specify Report Type. Possible report types are
o
Summary
Detail
Domain
URL
Category
User
Group
5. Specify username or group name based on Search For value. User Name/ Group Name can
be any combination of alphanumeric characters and special characters _, @ and .. If User
Name/ Group Name is not specified then search result will be displayed for all the
users/groups.
6. Specify Domain/URL/Category Name. If the Domain/URL/Category Name is not specified then
the result will be displayed for all the domains/URLs or categories.
7. Click Search.
Given below is the list of available Web Surfing search reports:
Bar graph displays user group wise number of Hits while tabular report contains following
information:
User Group: Group name of the user group as registered in the monitored device. If group is not
registered in the monitored device then it will be considered as traffic generated by Unknown
group.
Domain: Domain name or IP address of the domain.
Hits: Number of Hits to the domain by the user group.
Bytes: Amount of data transferred.
Web Search Results by URL and User
The report displays number of hits and amount of data transferred for the selected URL and user
with web site name and URL path.
1. To view report go to Search > Web Surfing Reports.
2. Specify search parameters as below:
o
o
o
o
o
Group Name: Group name of the user group as registered in the monitored device. If group is
not registered in the monitored device then it will be considered as traffic generated by Unknown
group.
Domain: Domain of the website visited by the user group.
URL: URL of the website visited by the user group
Category: Category of the website visited by the user group.
IP Address: IP Address through which user group accessed the website.
Web Search Results by Category and User
The report displays number of hits and amount of data transferred for the selected category and
user.
1. To view report go to Search > Web Surfing Reports.
2. Specify search parameters as below:
o
o
o
o
Bar graph displays user wise number of Hits while tabular report contains following information:
User Name: User name of the user as defined in the monitored device. If the user is not defined
in the monitored device then it will be considered as traffic generated by undefined user and the
field will display N/A.
Category Name: Name of the category as defined in the monitored device.
Hits: Number of Hits to the user.
Bytes Amount of data transferred.
Mail Usage
Use the Search > Mail Usage to perform search in mail usage reports.
Screen Components:
SMTP
POP3
IMAP
Any
Recipient
Sender
Any
By default, as soon as you click Mail Usage Reports, the Mail Search Report is displayed in
tabular manner.
Search Reports
1. Go to Search > Mail Usage.
2. Specify protocol. Available options:
o
SMTP
POP3
IMAP
Any
Recipient
Sender
Any
Protocol: SMTP/POP3/IMAP/Any
User Type: Recipient/Sender/Any
Email Address
Subject
Spam
Use the Search > Spam to perform search in spam reports.
Screen Components:
SMTP
POP3
IMAP
Any
Recipient
Sender
Any
By default, as soon as you click Spam Reports, the Spam Search Report is displayed in tabular
manner.
Search Reports
1. Go to Search > Spam.
2. Specify protocol. Available options are:
SMTP
POP3
IMAP
Any
Recipient
Sender
Any
Protocol: SMTP/POP3/IMAP/Any
User Type: Recipient/Sender/Any
Email Address
Subject
Virus
Use the Search > Virus to perform search in Virus reports.
Screen Components:
SMTP
POP3
IMAP
HTTP
HTTPS
FTP
Any
Recipient
Sender
Any
Search Reports
1. Go to Search > Virus.
2. Specify protocol. Available options are:
o
SMTP
POP3
IMAP
HTTP
HTTPS
FTP
Any
Recipient
Sender
Any
Protocol: SMTP/POP3/IMAP/HTTP/HTTP/FTP/Any
User Type: Recipient/Sender/Any
Email Address
Subject
Virus Name
FTP
Use the Search > FTP to perform search in FTP reports.
Screen Components:
Download
Upload
Any
User
File
Search Reports
1. Go to Search > FTP.
2. Specify file transfer type. Available options:
o
Download
Upload
Any
User
File
4. Specify username or file name to be searched. If the user name or file name is not specified
then search result will be displayed for all the files and users.
5. Click Search.
Refer to FTP Search Report to view report.
FTP Search Report
The report displays amount of data transferred for the selected user, file and transfer type.
1. To view report go to Search > FTP.
2. Specify search parameters as below:
o
o
o
Logs
Prerequisite
Super Admin or Admin privilege is required to access and manage Logs page.
To achieve compliance requirement of some geographical regions, Cyberoam iView provides MD5
sum for DHCP and Web Usage log files. It ensures integrity of log data, which means the log files are
intact and log data is not manipulated.
This section describes how to enable and disable Checksum Configuration for DHCP and Web
Usage:
Go to System > Configuration > Logs to enable and disable Checksum Configuration for
DHCP and Web Usage.
Port Configuration
Prerequisite
Super Admin or Admin privilege is required to access and manage Port Configuration sub menu of
System menu.
This page allows administrator to configure access ports (HTTP and HTTPS) and syslog port to
provide flexibility for accessing Cyberoam-iView and receiving syslog data.
Go to System > Configuration > Port to specify HTTP, HTTPS and Syslog port number. By
default Cyberoam-iView is accessed on HTTP port 8000 and HTTPS port 8443 and syslogs are
received on port 514.
Backup Management
Prerequisite
Super Admin or Admin privilege required to access and manage Backup Management page.
Cyberoam iView allows the administrator to take scheduled backup of detailed report data on FTP
server.
Use System > Configuration > Backup Management to configure scheduled backup of detailed
report data on FTP server.
Backup Schedule
Description
Backup
Frequency
FTP Server IP
User Name
Password
Start Time (24
Hour Format)
Save Button
Description
Lower Threshold
(%)
Higher Threshold
(%)
Apply Button
External Configuration
Prerequisite
Super Admin or Admin privilege is required to access and manage External Configuration sub menu
of System menu.
External configuration page allows the administrator to configure necessary parameters required to
integrate Cyberoam iView with third party solutions like Cyberoam Central Control.
Use System > Configuration > External Configuration to set necessary parameters for
third party solution integration.
Screen Elements
Description
Name
URL
HTTP Method
Response
Parameter
Save Button
Authentication Server
Prerequisite
Super Admin or Admin privilege is required to access and manage Authentication Server sub menu of
System menu.
Cyberoam-iView supports user authentication against:
a LDAP server
a RADIUS server
an internal database defined in Appliance
User authentication can be performed using local user database, RADIUS, LDAP or any combination
of these.
Local Authentication:
Cyberoam-iView provides a local database for storing user information. You can configure Cyberoam
iView to use this local database to authenticate users and control their access to the network. Choose
local database authentication over LDAP or RADIUS when the number of users accessing the
network is relatively small. Registering dozens of users takes time, although once the entries are in
place they are not difficult to maintain. For networks with larger numbers of users, user authentication
Description
Add Button
Delete Button
Server Name
Type
IP Address
Port
Version
Screen Elements
Description
Server Type
Server Name
Authentication
Server IP
Port
Version
Base DN
Administrator
Password
Authentication
Attribute
Test Connection
Screen Elements
Description
Server Type
Server Name
Server IP
Authentication
Port
Shared Secret
Test Connection
Screen Elements
Description
Global Selection
Individual
Selection
Delete Button
Maintenance
Prerequisite
Super Admin or Admin privilege is required to access and manage Maintenance sub menu of System
menu.
Backup is the essential part of data protection. Backups are necessary in order to recover data from
the loss due to the disk failure, accidental deletion or file corruption. There are many ways of taking
backup and just as many types of media to use as well.
The Maintenance menu enables you to back up and restore your Cyberoam iView. It is a good idea to
backup the Cyberoam iView configuration on a regular basis to ensure that, if the system fails, you
can quickly get the system back to its original state with minimal effect to the network. It is a good idea
to back up the configuration after making any changes to the configuration of the Cyberoam iView or
settings that affect the managed appliances.
Once the backup is taken, you need to upload the file for restoring the backup. Restoring data older
than the current data will lead to the loss of current data.
Administrator can schedule Cyberoam iView backup or manually take the backup from System >
Configuration > Maintenance.
Screen Maintenance
Screen Elements
Backup Restore
Backup
Configuration
Restore
Configuration
Upload
and
Restore
Backup Schedule
Backup
Frequency
Description
Click Backup Now to take backup manually.
Browse to locate backup available at your machine.
Click to upload and restore browsed backup file.
should be taken.
Monthly Configure day and time at which the backup
should be taken.
Select how and to whom backup files should be sent.
Backup Mode
Available Options:
Manage Backup
Backup Time
Size (KB)
Restore
Download
Audit Logs
Prerequisite
Super Admin or Admin privilege is required to access and manage Audit Logs sub menu of System
menu.
Audit logs are required to ensure accountability, security and problem detection of a system.
Use System > Audit Logs page to view audit logs for Cyberoam iView.
Screen Elements
Description
Action Time
Category
Severity
Message is one line description of event. Refer Category-EventMessage table for detail.
Username of the user associated with the event.
IP Address of the user.
Table Audit Logs Screen Elements
Category-Event-Message Table:
Cyberoam iView displays audit logs for following categories with corresponding events and
messages:
Category
Message
SMTP
server
configuration update
User
User Login
Add Device
Update Device
Delete Device
Application
Update Application
Delete Application
Add Application Group
Update Application Group
Delete Application Group
Reset to Default
Views
Unauthorized access to
web pages
Data
Archived Logs
Detail Table
Summary Table
Report
Table Category-Event-Message
Note
Audit logs can be filtered based on category type and severity.
In addition, you can perform search based on username, IP Address and message.
Archives
Prerequisite
Super Admin or Admin privilege is required to access and manage Archives sub menu of System
menu.
Archive logs are collection of historical records, which are the initial line of forensic investigation.
Cyberoam iView retains archive log data for the configured period. Data Retention period can be
configured from the System > Configuration > Data Management page. For further details, refer to
Data Management section.
This section describes how to:
View Archived Files
Search in Archived Files
Live Logs
Backup Archived Files
Download Backup Files
Restore Archived Files
Unload Archived Files
Description
Date
Total Size
ZipSize
Description
Date
Total Size
Action
Description
Advanced Search
options
Search Criteria
User
Source
Destination
Rule
Protocol
Sent (Bytes)
Received (Bytes)
URL
Sender
Receiver
Add
Button
Remove
Button
Criteria
Criteria
Screen Elements
Description
Time
User
Source
Destination
Rule
Protocol
Sent (Bytes)
Received (Bytes)
URL
Device Name
File Name
Offset
Sender
Receiver
Note
Blank fields in result show unavailability of the data.
Live Logs
Go to System > Archives > Live Logs to view live logs.
Description
Device Name
Refresh Time
Go Button
Show Last
Start/Stop Update
Button
Refresh Button
Description
Date
Total Size
Backup
Button
Now
Description
Date
Device Name
Device ID
Filename
Size
Delete Button
Download
Cancel Button
Screen Elements
Description
Browse
Filename
Add
Delete
Restore Button
Cancel Button