It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Firewall Insights

How to Create Custom Reports

  • Last updated on

With Barracuda Firewall Insights, you can generate custom reports for allowed or blocked traffic as well as for SD-WAN data by common criteria such as protocol, user, source, and risk.

Before You Begin

Create a Custom Report

To configure a custom report, choose a data source and add your custom filtering criteria. 

Step 1. Add a Custom Report
  1. Go to REPORTS.
  2. Click Add Custom Reports. The New Custom Report window opens.
  3. Enter a Name for the report. Only alphanumeric characters are allowed.

  4. Enter a Description.

  5. Select the Data Source

    • Activity – Create a summary of activities (firewall activity log) for a specific user or source IP address.
    • Threat – Use this type to create reports for detected threats (firewall threat log) that have been blocked by common criteria such as protocol, severity, source, and risk.
    • Webfilter – Create reports related to web activity.
    • SD-WAN Tunnels – Create a summary of SD-WAN tunnels and traffic details.
    • Applications and Protocols – Create reports summarizing the usage of specific applications and protocols.

 To generate a preview of the data, use the Log View to access and filter it. For more information, see Log View.

Step 2. Configure Report Data Settings

Choose your selection criteria for the report. After the data source has been selected, at least one field category must be selected. The configurable fields change automatically as soon as you select a different data source. (See filters below for example configurations.)

  1. Under Select fields, click the plus sign (+).
  2. From the column, chose what data you wish to create the custom report for. Fill in the fields without functions first and then the fields with functions.
    For example:

    • Applications / Protocols / Rules – Choose this selection for the usage of specific applications, protocols, or application rules that should apply to the data generated by your report.
    • Contents – Choose content that appears in the data generated by your report.
    • Destination / IP / ... – Choose for destination criteria of traffic generated by connected devices.
    • Firewall Rules – Set a selection for access rules that apply to the traffic the report is generated for.
    You can combine several selections by clicking the plus sign (+) after choosing a selection. 
  3. To configure number columns for a selection, e.g., for received bytes, expand the No function drop-down menu and select one of the possible functions:
    • Count – Counting how many lines.
    • Sum – The numerical value of this field is added up for all entries.
    • take average – Average value, i.e., sum / count.
    • take maximum / minimum – Maximum or minimum value of this field
  4. To configure number values for a selection, e.g., destination port in the activity log, use functions. It is also possible to create filter criteria to narrow down the result, e.g., for a specific user. To add a new filter, click the plus sign (+).
    • For more complex links, you can use parentheses in parentheses for each filter: In the first field, you must insert opening parentheses "(" and in the last field closing parentheses ")".
    • Use is equalnot equalcontainsnot contains for string / text fields, or is equalnot equalgreatersmaller for number fields as the comparison operator. Enter the desired value in the subsequent field.
    • To set filters, combine them using AND / OR operators.

      When saving an entry for a Group by field, a filter gets automatically implemented so that the result is not NULL. If you enter NULL as the filter value and the operation is either = or ! =, then it is checked whether the value of the field is NULL and not whether the string value of the field contains the string “null”. With contains / not contains only the string value is checked.

  5. (optional) Use Select Group by to group entries generated by the report. If not configured, the selected fields are displayed as a table. 
    • From the column, chose which criteria you wish to group the entries by in your custom report. You can combine several selections by clicking the plus sign (+) after choosing a selection.

      When using this setting, you must do this for each selected field, except for those where a function was set. In addition, each field selected in Select Group By must also appear in the Select Fields.

  6. Click OK.

If everything is entered correctly in the form validation, the report is created and appears in the Custom Reports list. You can now edit the report and make changes, e.g., schedule the report, etc. The preview will contain a time span of one day.

custom_reports.png

Example Configurations

The following examples generate custom reports using different filtering criteria.

Example 1. Application Usage

This configuration generates a custom report for user per application usage. The filter is set for applications, user, and overall duration.

app_usage.png

Example 2. SD-WAN App Usage

This configuration generates a custom report for SD-WAN tunnel traffic according to usage of applications and ports. The filter is set for applications, device serial, and traffic load.

sd_wan.png

Example 3. Access Rule Usage

This configuration generates a custom report for access rule usage. The filter is set for rule and time stamp.

fw_rule.png

Further Information

Last updated on