About Untangle Reports
Reports provides users with detailed statistics of the traffic on your network. These reports can be automatically emailed, viewed online, or broken down into CSVs for archival. The email reports are a simple overview of traffic with a breakdown in PDF format, while more granular viewing of the data can be done through a web browser.
Reports are generated on the previous days' traffic, so you'll have to wait at least one day after installing to view them.
This section reviews the different settings and configuration options available for Reports.
On this tab you can click View Reports to open up Reports in a new browser tab or click Generate Today's Reports to partially generate report data up until the point you click the button. As noted, manually generating reports will take up resources on the Untangle box, possibly slowing down your network until it is finished.
- Daily Reports: Daily reports will be generated on the checked days of the week.
- Weekly Reports: Weekly (7-day) reports will be generated on the checked days of the week.
- Monthly Reports: If checked, A report covering the previous month will be created on the 1st of every month.
- Generation Time: This allows you to specific the time Reports are generated.
- Data Retention: This value controls how much time report data is kept on disk, which is used to generate per-host, user and email reports on the fly. Please note that increasing the number increases the amount of disk space that is needed for data storage, and could have negative effects - we recommend leaving this at 7 days. If you'd like to archive full traffic data, please see the Attach Detailed Report Logsfeature mentioned above.
- Please note your Retention Data setting should be at least 7 or 30 days to get full Weekly or Monthly reports.
You can use the Add button to add users who want access to Reports. Email Reports will send them a PDF summary of the reports, whereasOnline Reports will give them access to the online reports.
- Attach Detailed Report Logs: This checkbox enables the sending of CSVs in a zip file attached to the emailed summary reports. Online reports have CSVs (comma separated value spreadsheets) which contains all the data used for generating the tables and graphs in the reports. The CSVs enable admins to perform further analysis on the traffic patterns.
- Attachment size: This field limits the size of the CSVs attached to the email. The CSVs zip file can be large and email servers will not usually accept very large attachments. Set this field to the largest attachment size that your mail server(s) will accept. If the zip file is larger than this setting the zip file will not be attached and a warning will be appended to the email.
Reports supports the sending of all events via syslog messages. To use syslog simply install a syslog receiver on another server, then enable syslog and configure as necessary.. Some syslog products are easier to set up than others. Kiwi, a third-party syslog daemon, is a favorite of many Untanglers using Windows, while those on *nix can use rsyslog.
- Host: The host name or IP address of the Syslog daemon that is authorized to receive syslog messages from the Untangle Server. Donot set the Host to the Untangle box itself - this will result in the hard drive filling up very quickly and most likely crashing the box.
- Port: The UDP port to send syslog messages to the syslog daemon. 514 is the default as this is the default syslog port.
- Protocol: The protocol to use to send syslog messages. The default is UDP.
You can use the Name Map to replace IPs with names in the reports.
Note: Untangle often can automatically determine the hostname for the IP automatically via DHCP or other methods. You can view the current names for currently active hosts in the Host Viewer
However, when Untangle is unable to automatically determine a hostname for an IP the Name Map provides a way to manually name them. You can manually set Hostname > IP mapping in Reports.
If a user is set up to receive email reports, they only need to view or download the PDF attachment to see an overview report. If they need more information or would like to drill down to specific users or machines, they can use the link in the email, which will open Reports on the Untangle if it is accessible from their location. Administrators can use the View Reports button in Reports settings to open the Reports.
To access Reports directly from a browser, you have two options:
- Outside the Untangle's network: Browse to the IP of the Untangle /reports using HTTPs, such as https://192.0.2.1.
- Inside the Untangle's network: Browse to the IP of the Untangle /reports, such as http://192.168.1.1.
Please note that to view Reports from outside the network you'll need to check Enable External Report Viewing at Config > Administration. If you have changed the External HTTPS Port, you'll need to use the proper HTTPS port when connecting from the outside.
As mentioned previously, online reports allow you to analyze reporting data with much more granular detail. Throughout Reports you can click on hyperlinks that will take you to a per-host or per-user breakdown, allowing you to see all traffic from specific users. Another major enhancement shows up near the top of each table. Immediately under the label Key Statistics is an icon. Clicking on the icon causes your Untangle server to collect data used in the report and store it into a CSV file, which you can download and have immediately available to you for analysis. While many of the downloadable data sets appear trivial by themselves, they allow you to study in depth when used in conjunction with corresponding event data.
What is the difference between Event Logs and Reports?
Event Logs provide real-time data for each individual application while Reports puts together data in an easy-to-read format for later perusal. Reports is meant more for non-IT users such as managers and CEOs as well as reviewing older data.
Why is Reports taking up all of my server's resources?
Check your Data Retention setting - if it's too high it will cause a lot of issues. Try setting it to the default of 7 to see if that helps.
Why am I not receiving an email with my Reports?
If Untangle is set to email you and you're not receiving the emails, try the Email Test at Config > Email - if you get the test mail successfully, you should also get the email from Reports. If not, you can check /var/log/exim4/mainlog and look for the error, or contact Untangle Support.
I just upgraded my Untangle box and my reports are missing. Why?
An update may have changed how Reports stores data - the next time scheduled reports are run the report index will be rebuilt, which will allow you to access the older data. Please allow one complete reporting cycle (Daily, Weekly or Monthly) if you only run that type of report.
What is the "others" column when looking at the charts in Reports?
When looking at the Top 10 of a Reports chart, others is made up of everything else not listed. You can see the Top 9 sites visited by users in a day, while others is there to give us a baseline, for example if we saw one or two users with a larger percentage than others, we'd probably want to do some investigating as to why that user is pushing more web traffic than a large portion of the organization (relative to total organization size).
The spam and phishing stats don't seem to add up. Why?
You may notice that Reports contains a certain number of phish or spam email, however the Event Logs/CSVs show a different number. This is because the graphs show the actual number of emails while the Event Logs/CSVs treat each recipient as an individual email so per-user/host reports are correct. An example is a single spam email sent to two users - it will only be counted as one (email) in the Reports, but two (delivered emails) in the Event Logs/CSVs.
Why is the timestamp column not displayed properly in Excel when I open the CSV?
To solve this please change the format of the first column to the Date format.