It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Firewall Insights

How to Create Custom Reports

  • Last updated on

With Barracuda Firewall Insights, you can generate custom reports for allowed or blocked traffic as well as for SD-WAN data by common criteria such as protocol, user, source, and risk.

Before You Begin

Create a Custom Report

To configure a custom report, choose a data source and add your custom filtering criteria. 

Step 1. Add a Custom Report
  1. Go to REPORTS.
  2. Click Add Custom Reports. The New Custom Report window opens.
  3. Enter a Name for the report. Only alphanumeric characters are allowed.

  4. Enter a Description.

  5. Select the Data Source

    • Activity – Create a summary of activities (firewall activity log) for a specific user or source IP address.
    • Threat – Use this type to create reports for detected threats (firewall threat log) that have been blocked by common criteria such as protocol, severity, source, and risk.
    • Webfilter – Create reports related to web activity.
    • SD-WAN Tunnels – Create a summary of SD-WAN tunnels and traffic details.
    • Applications and Protocols – Create reports summarizing the usage of specific applications and protocols.

 To generate a preview of the data, use the Log View to access and filter it. For more information, see Log View.

Step 2. Configure Report Data Settings

For each selected data source, chose the data fields you wish to include in the report. You must select at least one field category. The configurable fields change automatically as soon as you select a different data source. (See filters below for example configurations.)

  1. Under Select fields, click the plus sign (+).
  2. From the Choose column drop-down list, select the data field you wish to add to the custom report in order to show that data. Fill in the fields without functions first and then the fields with functions.
    For example:

    • Applications / Protocols / Rules – Choose this selection for the usage of specific applications, protocols, or application rules that should apply to the data generated by your report.
    • Contents – Choose content that appears in the data generated by your report.
    • Destination / IP / ... – Choose for destination criteria of traffic generated by connected devices.
    • Firewall Rules – Set a selection for access rules that apply to the traffic the report is generated for.
    To combine multiple data fields on the same custom report, click the plus sign (+) and select other data fields to show more data, such as applications, users, firewall rule, duration, etc.
  3. If a selected data field requires an additional selection entry and shows a No function drop-down menu, then a function must be selected, e.g., for received bytes, etc.
    Expand the No function drop-down menu and select one of the following functions:
    • Count – Counting how many lines.
    • Sum – The numerical value of this field is added up for all entries.
    • take average – Average value, i.e., sum / count.
    • take maximum / minimum – Maximum or minimum value of this field
  4. To configure number values for a selection, e.g., destination port in the activity log, use functions. To set filter criteria for the data to search for, define values to narrow down the search result, e.g., for a specific user. You must add a filter for each data field added in Step 2.2. To add a data field, click the plus sign (+) and select the filter criteria for that data:
    • For more complex links, you can use parentheses in parentheses for each filter: In the first field, you must insert opening parentheses "(" and in the last field closing parentheses ")".
    • Use is equalnot equalcontainsnot contains for string / text fields, or is equalnot equalgreatersmaller for number fields as the comparison operator. Enter the desired value in the subsequent field.
    • To set filters, combine them using AND / OR operators.

      When saving an entry for a Group by field, a filter gets automatically implemented so that the result is not NULL. If you enter NULL as the filter value and the operation is either = or ! =, then it is checked whether the value of the field is NULL and not whether the string value of the field contains the string “null”. With contains / not contains only the string value is checked.

  5. (optional) Use Select Group by to group entries generated by the report. If not configured, the selected fields are displayed as a table. 
    • From the column, chose which criteria you wish to group the entries by in your custom report. You can combine several selections by clicking the plus sign (+) after choosing a selection.

      When using this setting, you must do this for each selected field, except for those where a function was set. In addition, each field selected in Select Group By must also appear in the Select Fields.

  6. Click OK.

If everything is entered correctly in the form validation, the report is created and appears in the Custom Reports list. You can now edit the report and make changes, e.g., schedule the report, etc. The preview will contain a time span of one day.

custom_reports.png

Example Configurations

The following examples generate custom reports using different filtering criteria.

Example 1. Application Usage

This configuration generates a custom report for user per application usage. The filter is set for applications, user, and overall duration.

app_usage.png

Example 2. SD-WAN App Usage

This configuration generates a custom report for SD-WAN tunnel traffic according to usage of applications and ports. The filter is set for applications, device serial, and traffic load.

sd_wan.png

Example 3. Access Rule Usage

This configuration generates a custom report for access rule usage. The filter is set for rule and time stamp.

fw_rule.png

Further Information