Professional Documents
Culture Documents
CR Iview Administrator Guide PDF
CR Iview Administrator Guide PDF
Table of Contents
Preface ................................................................................................................... 4
Intended Audience.......................................................................................................................... 4
Guide Organization......................................................................................................................... 4
Typographic Conventions ............................................................................................................... 5
Part 1: Cyberoam iView Basics ............................................................................... 6
Introduction ............................................................................................................. 6
Accessing Cyberoam iView .................................................................................... 6
Log out procedure ...................................................................................................................... 8
Understanding Interface – Web Admin Console ..................................................... 8
Screen components ................................................................................................................... 8
Reports Menu Screen components ........................................................................................... 9
Dashboard ............................................................................................................ 11
Main Dashboard ........................................................................................................................... 11
Traffic Dashboard ..................................................................................................................... 13
Security Dashboard .................................................................................................................. 33
Virus Traffic .............................................................................................................................. 49
Custom Dashboard....................................................................................................................... 51
Username Dashboard .............................................................................................................. 51
Report by User and Internet Usage .............................................................................................. 57
Source Host Dashboard ........................................................................................................... 57
Sender’s Email Address Dashboard ........................................................................................ 61
Recipient’s Email Address Dashboard ..................................................................................... 65
Top Domains by User and Category ............................................................................................ 69
Detailed Report by User, Category, URL ..................................................................................... 69
Top Servers and Hosts by User (Upload) and File (Upload) ....................................................... 69
Detailed Report by User (Upload), File, Server, Host .................................................................. 69
Top Servers and Hosts by User (Download) and File .................................................................. 69
Detailed Report by User (Download), File, Server and Host........................................................ 70
Report by User and Virus ............................................................................................................. 70
Top Servers and Users by Host (Upload) and File ...................................................................... 70
Detailed Report by Host (Upload), File, Server and User ............................................................ 70
Top Servers and Users by Hosts (Download) and Files .............................................................. 70
Detailed Report by Host (Download), File, Server and User ....................................................... 71
Report by Sender’s E-mail Address and Recipient ..................................................................... 71
Cyberoam iView Dashboard ......................................................................................................... 71
User Management ........................................................................................................................ 77
Part 2: Basic Configuration ................................................................................... 82
Device Integration......................................................................................................................... 82
Auto-Discover Device ............................................................................................................... 82
Device Management..................................................................................................................... 84
Add Device ............................................................................................................................... 85
Update Device .......................................................................................................................... 86
Activate Device ........................................................................................................................ 87
Deactivate Device .................................................................................................................... 88
Delete Device ........................................................................................................................... 89
View Real-time Logs ................................................................................................................ 89
Device Group Management ......................................................................................................... 91
Part 3: Advanced Configuration............................................................................ 95
Mail Server Configuration ............................................................................................................. 95
Application Category Management .............................................................................................. 97
Custom View Management ........................................................................................................ 110
Report Notification Management ................................................................................................ 116
Data Management ...................................................................................................................... 121
Bookmark Management ............................................................................................................. 129
Cyberoam iView Administrator Guide
Preface
Welcome to Cyberoam iView Administrator’s Guide.
Intended Audience
This Guide is intended for the people who want to configure Cyberoam iView. A basic TCP/IP
networking concepts knowledge is required.
Guide Organization
This Guide provides information regarding the administration and customization of Cyberoam iView
and helps you manage and customize Cyberoam iView to meet your organization’s various
requirements.
Part 4 – Reports
It describes how to access and navigate through the drilldown reports. It also provides description of
all the reports generated by Cyberoam iView. Refer to Cyberoam iView Reports Guide.
Cyberoam iView Administrator Guide
Typographic Conventions
Material in this guide is presented in text or screen display notations:
Introduction
typefaces
Enabling centralized reporting for multiple devices across geographical locations, Cyberoam iView
offers a single view of the entire network activity. This allows organizations not just to view information
across hundreds of users, applications and protocols; it also helps them correlate the information,
giving them a comprehensive view of network activity.
With Cyberoam iView, organizations receive logs and reports related to intrusions, attacks, spam and
blocked attempts, both internal and external, enabling them to take rapid action throughout their
network anywhere in the world.
Access Web Admin Console, a browser-based Interface to configure and manage Cyberoam iView as
well as view reports.
Browse to http://<IP address of the machine on which Cyberoam iView is installed i.e. local
machine>:8000 or https://<IP address of the machine on which Cyberoam iView is installed i.e. local
machine>:8443 and log on using default Super Administrator username ‘admin’ and password
specified at the time of installation.
CLI Console – The administrator can access CLI console of Cyberoam iView appliance using any of
the following default Super Administrator credentials:
Username/Password – admin/admin
Username/Password – root/admin
The administrator can change default HTTP and HTTPS access ports from System >
Configuration > Port Configuration.
.
Screen – Cyberoam iView Web Admin Console
If you are logging on for the first time after installation, please use
default username ‘admin’.
If you are logging on for the first time after installation, please use
password specified at the time of installation.
Click to login.
Table - Login screen elements
Cyberoam iView displays Main Dashboard as soon as you logon to the Web Admin Console. Main
Dashboard provides a quick and fast overview of the allowed and denied traffic of all the devices
added to Cyberoam iView.
To avoid un-authorized users from accessing Cyberoam iView, log off after you have finished working.
This will end the session and exit from Cyberoam iView.
Admin Tool Bar A bar includes collection of links provides access to most
common and often used functions like:
: Click to return to main dashboard
: Click to access context sensitive online help
: Click to log out from Cyberoam iView
Bar appears on upper rightmost corner of every page.
Button Bar A bar that includes a collection of buttons provides an easy
way to perform tasks like add or delete on clicking them.
Bar appears at the top left hand corner of the Information Area
of every page.
Global Selection Click to select all items.
Checkbox
Individual Selection Click to select individual item.
Checkbox
Page Information Displays page information corresponding to the selected
Area menu.
Table – Basic Screen Elements
Page Bookmark Click to create bookmark of the displayed report for customized
access.
Page Controls Select number of rows to be displayed on each page.
Dashboard
Cyberoam iView displays UTM Main Dashboard as soon as you logon to the Web Admin Console.
To view dashboard for other product category you need to select product category from drop down
provided on top left.
It also provides the current resource usage - CPU, Disk, Memory as well total events received by
Cyberoam iView from each device.
To return to the Main Dashboard from any other page of the Web Admin console, click
provided in Admin Tool bar.
Main Dashboard
Main Dashboard provides a quick overview of top allowed and denied traffic of network including
Web, FTP, mail, database and other applications.
It displays graphical and tabular overview of allowed and denied traffic of the top traffic generating
applications for all the added devices in a Widget form.
Widget displays report in graphical as well as tabular format. By default, the report is displayed for the
current date. Report date can be changed through the Calendar available on the topmost row of the
page.
Bar graph displays amount of data transferred by top applications while tabular report contains
following information:
Device: Name of the device as defined in Cyberoam iView.
Applications (e.g. Web, SSL, POP3 etc. as shown in the below given screen): Amount of data
transfer through each application.
To view the Traffic Dashboard of a particular device, drill down by clicking Application in the graph or
the Device hyperlink in the table.
Bar graph displays amount of denied traffic by IPS attacks, spam, virus, firewall and content filtering
while tabular report contains following information:
Device: Name of the device as defined in Cyberoam iView.
Applications (e.g. IPS attacks, spam, virus, firewall denied, content filtering denied): Number of
denied attempts per application.
To view the Security Dashboard of a particular device, drill down by clicking Application in the graph
or the Device hyperlink in the table.
Cyberoam iView Administrator Guide
Traffic Dashboard
Cyberoam iView Traffic dashboard is a collection of widgets displaying information regarding total
network traffic.
This dashboard gives complete visibility of network traffic in terms of applications, web categories,
users, hosts, source and destination countries, mail traffic and FTP activities.
Report displays list of top applications along application wise distribution of total data transfer and
relative percent distribution among those applications.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays amount of data transferred and percentage wise distribution of data transfer per
application while tabular report contains following information:
Application/Proto: Port: Displays name of the application as defined in Cyberoam/ Cyberoam
iView. If application is not defined in Cyberoam/Cyberoam iView then this field will display
application identifier as combination of protocol and port number.
Category: Name of application category as defined in Cyberoam/Cyberoam iView.
Risk: Risk level associated with the application. The risk level is a numeric value. Higher value
represents higher risk.
Bytes: Amount of data transferred.
Percent: Amount of data transfer in percentage.
Click Application hyperlink in table or pie chart to view Filtered Application Reports.
Report displays list of top application categories along with category wise distribution of total data
transfer and relative percent distribution among those categories.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays amount of data transferred and percentage wise distribution of data transfer per
application category while tabular report contains following information:
Category: Name of the application category as defined in Cyberoam/Cyberoam iView.
Hits: Number of hits per application category.
Percent: Amount of data transfer in percentage.
Click Category hyperlink in table or pie chart to view Filtered Application Reports.
Report displays list of top network users along with the amount of traffic generated for various
applications, hosts, destinations, domains and categories.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays amount of data transferred and percentage wise distribution of data transfer per
user while tabular report contains following information:
User: Username of the user as defined in Cyberoam. If the User is not defined then it will display
‘N/A’ which means the traffic is generated by an undefined user.
Bytes: Amount of data transferred.
Percent: Amount of data transfer in percentage.
Click User hyperlink in table or pie chart to view Filtered Application Reports.
Report displays list of top hosts along with host wise distribution of total data transfer and relative
percent distribution among those hosts.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays amount of data transferred and percentage wise distribution of data transfer per
Cyberoam iView Administrator Guide
Click Host hyperlink in table or pie chart to view Filtered Application Reports.
Report displays list of top source countries from where Internet traffic is generated along with country
wise distribution of total data transfer and relative percent distribution among those countries.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays amount of data transferred and percentage wise distribution of data transfer per
country while tabular report contains following information:
Country: Name of the top source countries.
Bytes: Total data transfer per source country.
Percent: Relative percent distribution among the top source country.
Cyberoam iView Administrator Guide
Report displays list of top destination countries where web traffic is directed along with country wise
distribution of total data transfer and relative percent distribution among those countries.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays amount of data transferred and percentage wise distribution of data transfer while
tabular report contains following information:
Country: Name of the top destination countries.
Bytes: Total data transfer per destination country.
Percent: Relative percent distribution among the top destination country.
Cyberoam iView Administrator Guide
Click Country hyperlink in table or pie chart to view Filtered Application Reports.
Widget displays list of rules along with rule wise distribution of total data transfer and relative percent
distribution among those rules.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays amount of data transferred and percentage wise distribution of data transfer per
firewall rule while tabular report contains following information:
Rule ID: Displays firewall rule ID.
Bytes: Amount of data transferred.
Percent: Amount of data transfer in percentage.
Cyberoam iView Administrator Guide
Click Rule ID hyperlink in table or pie chart to view Filtered Application Reports.
Report displays list of top web categories along with category wise distribution of total data transfer
and relative percent distribution among those categories.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays amount of data transferred and percentage wise distribution of data transfer per
web category while tabular report contains following information:
Category: Name of the Web category as defined in Cyberoam/Cyberoam iView.
Hits: Number of hits per Web category.
Percent: Amount of data transfer in percentage.
Cyberoam iView Administrator Guide
Report displays list of top Web users along with the amount of traffic generated for various web
applications, hosts, destinations, domains and categories.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays amount of data transferred and percentage wise distribution of data transfer per
user while tabular report contains following information:
User: Username of the user as defined in Cyberoam. If the User is not defined then it will display
‘N/A’ which means the traffic is generated by an undefined user.
Bytes: Amount of data transferred.
Percent: Amount of data transfer in percentage.
Cyberoam iView Administrator Guide
Click Web User hyperlink in table or pie chart to view Filtered Web Usage Reports.
Widget displays list of domains along with domain wise distribution of total data transfer and relative
percent distribution among those domains.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays various domains and percentage wise amount of data transferred while tabular
report contains following information:
Domain: Displays domain name.
Bytes: Amount of data transferred.
Percent: Amount of data transfer in percentage.
Cyberoam iView Administrator Guide
Click Domain hyperlink in table or pie chart to view Filtered Web Usage Reports.
Widget displays list of files along with date, user, domain name, file name, size and source IP.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Widget report displays list of the files uploaded via FTP with file wise distribution of total data transfer
and relative percent distribution among those files.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays amount of data transferred and percentage wise distribution of data transfer per file
while tabular report contains following information:
Click File hyperlink in table or pie chart to view Filtered FTP Usage Reports.
Widget report displays list of the files downloaded via FTP with file wise distribution of total data
transfer and relative percent distribution among those files.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays amount of data transferred and percentage wise distribution of data transfer per file
while tabular report contains following information:
Click File hyperlink in table or pie chart to view Filtered FTP Usage Reports.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays amount of data transferred and percentage wise distribution of data transfer per
server while tabular report contains following information:
Cyberoam iView Administrator Guide
Click server hyperlink in table or pie chart to view Filtered FTP Usage Reports.
Report displays type of Email traffic along with number of bytes and percentage of the traffic.
Report is displayed as graph as well as in tabular format.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays amount of traffic per traffic type while tabular report contains following information:
Traffic: Type of email traffic. Possible types:
Clean Mail
Spam
Probable Spam
Virus
Hits: Number of hits per email traffic type.
Percent: Type of traffic in percentage.
Cyberoam iView Administrator Guide
Report displays list of top email senders along with number of bytes and percentage of the traffic.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays amount of data transferred and percentage wise distribution of data transfer by
each sender while tabular report contains following information:
Sender: Email ID of the sender.
Bytes: Amount of data transferred.
Percent: Relative percent distribution among the top Mail Senders.
Cyberoam iView Administrator Guide
Report displays list of top email recipients along with number of bytes and percentage of the traffic.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays amount of data transferred and percentage wise distribution of data transfer by
each recipient while tabular report contains following information:
Recipient: Email ID of the recipient.
Bytes: Amount of data transferred.
Percent: Relative percent distribution among the top Mail Recipients.
Cyberoam iView Administrator Guide
Report displays list of top Web protocols along with number of bytes and percentage of the traffic.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Bar graph displays amount of data transferred and percentage wise distribution of data transfer per
Web Traffic protocol while tabular report contains following information:
Allowed Traffic: Allowed traffic protocol.
Bytes: Amount of data transferred.
Percent: Relative percent distribution among allowed protocols.
Cyberoam iView Administrator Guide
Report displays list of top web traffic along with number of bytes and percentage of the traffic.
Report is displayed as graph as well as in tabular format. The bar graph displays amount of data per
Web Traffic type.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Bar graph displays amount of data transferred and percentage wise distribution of data transfer per
Web Traffic type while tabular report contains following information:
Traffic: Type of Web Traffic. Possible Types:
CF Allowed
CF Denied
Virus
Bytes: Amount of data transferred.
Percent: Relative percent distribution among the top web traffic types.
Cyberoam iView Administrator Guide
Report displays list of top FTP traffic along with number of bytes and percentage of the traffic.
Report is displayed as graph. The bar graph displays amount of data FTP traffic type.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Bar graph displays amount of data transferred and percentage wise distribution of data transfer per
FTP traffic type while tabular report contains following information:
Traffic: Type of FTP traffic. Possible Types:
Clean FTP
Virus
Bytes: Amount of data transferred.
Percent: Relative percent distribution among the top FTP traffic types.
Cyberoam iView Administrator Guide
Security Dashboard
Cyberoam iView Security dashboard is a collection of widgets displaying information regarding denied
network activities and traffic. It also gives overview of malwares and spam along with source and
destination countries.
Report displays a list of top hosts which made the maximum attempts to access the blocked sites.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per denied host while tabular
report contains following information:
Host: IP Address of the hosts.
Hits: Number of attempts to access the blocked host.
Percent: Relative percent distribution among the blocked hosts.
Report displays a list of users who made the maximum attempts to access the blocked sites.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per blocked user while
Cyberoam iView Administrator Guide
Report displays a list of blocked applications which has the maximum number of access attempts.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per denied application while
tabular report contains following information:
Application/Proto: Port: Displays name of the application as defined in Cyberoam/Cyberoam
iView. If application is not defined in Cyberoam/Cyberoam iView then this field will display
application identifier as combination of protocol and port number.
Category: Name of application category as defined in Cyberoam/Cyberoam iView.
Risk: Risk level associated with the application. The risk level is a numeric value. Higher value
represents higher risk.
Hits: Number of attempts to access the application.
Percent: Relative percent distribution among the blocked applications.
Cyberoam iView Administrator Guide
Report displays a list of destination countries with maximum number of blocked attempts.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per denied destination
country while tabular report contains following information:
Country: Name of the top denied destination country.
Hits: Number of denied attempts per destination country.
Percent: Relative percent distribution among the denied destination countries.
Cyberoam iView Administrator Guide
Report displays a list of source countries from where the maximum number of blocked attempts is
originated.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per denied source country
while tabular report contains following information:
Country: Name of the top denied source country.
Hits: Number of denied attempts per source country.
Percent: Relative percent distribution among the denied source countries.
Cyberoam iView Administrator Guide
Report displays the list of the most denied firewall rule IDs.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per denied rule ID while
tabular report contains following information:
Rule ID: ID number of the top denied rule.
Hits: Number of denied attempts per firewall rule.
Percent: Relative percent distribution among the denied rule IDs.
Cyberoam iView Administrator Guide
Report displays list of categories with the maximum number of denied attempts.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per denied categories while
tabular report contains following information:
Category: Name of the denied categories.
Hits: Number of blocked attempts to access the category.
Percent: Relative percent distribution among the denied categories.
Cyberoam iView Administrator Guide
Report displays list of domain name/IP Address with the maximum number of denied attempts.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per denied domain while
tabular report contains following information:
Domain: IP Address or domain name of the denied domain.
Hits: Number of blocked attempts to access the domain.
Percent: Relative percent distribution among the denied domains.
Cyberoam iView Administrator Guide
Report displays list of attacks launched at your network along with number hits per attack.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per blocked attack while
tabular report contains following information:
Attack: Name of the top blocked attacks.
Hits: Number of blocked attempts per attack.
Percent: Relative percent distribution among the attacks.
Cyberoam iView Administrator Guide
Report displays list of the blocked viruses along with relative percentage distribution among the
viruses.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per blocked virus while
tabular report contains following information:
Virus Name: Name of the virus.
Count: Number of virus instances.
Percent: Relative percent distribution among the viruses.
Cyberoam iView Administrator Guide
Click Virus hyperlink in table or pie chart to view Detailed Virus Reports.
Report displays list of spam senders along with number of hits and relative percentage distribution.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per spam sender while
tabular report contains following information:
Sender: Email ID of the spam sender.
Hits: Number of hits per Email ID.
Percent: Relative percent distribution among the spam senders.
Cyberoam iView Administrator Guide
Report displays list of spam recipients along with number of hits and relative percentage distribution.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per spam recipient while
tabular report contains following information:
Recipient: Email ID of spam recipient.
Hits: Number of hits per recipient.
Percent: Relative percent distribution among the spam recipients.
Cyberoam iView Administrator Guide
Report displays list of denied traffic types along with number of hits and relative percentage
distribution.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per denied traffic type while
tabular report contains following information:
Traffic: Blocked traffic type.
Hits: Number of hits per blocked traffic type.
Percent: Relative percent distribution among the blocked traffic type.
Cyberoam iView Administrator Guide
Report displays list of top virus types along with number of hits and relative percentage distribution.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per application carrying
viruses while tabular report contains following information:
Application: Name of the application.
Hits: Number of hits per application.
Percent: Relative percent distribution among the applications.
Cyberoam iView Administrator Guide
Report displays list of spam protocols along with number of hits and relative percentage distribution.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per spam protocol while
tabular report contains following information:
Application: Name of the protocol.
Hits: Number of hits per protocol.
Percent: Relative percent distribution among the application protocol.
Cyberoam iView Administrator Guide
Report displays list of IDP attacks along with number of hits and relative percentage distribution.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per IDP attack type while
tabular report contains following information:
Attack Type: Displays type of attacks.
Hits: Number of hits per attack type.
Percent: Relative percent distribution among the attack types.
Report displays list of applications denied by Content Filtering along with number of hits and relative
percentage distribution.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per protocol denied by
Content Filtering module while tabular report contains following information:
Recipient: Protocol denied by Content Filtering module.
Hits: Number of hits per denied protocol.
Percent: Relative percent distribution among the denied protocols.
Virus Traffic
Virus Traffic reports consist of following granular reports in widget format:
Top Applications
Top Viruses
Top Virus Sending Countries
The granular reports page displays multiple reports in the widgets form, which can again be drilled
down to view the filtered report.
Report displays a list of applications which has the maximum number of virus counts.
Cyberoam iView Administrator Guide
By default, the report is displayed for the current date. Report date can be changed from the top
most row of the page.
Bar chart displays top applications while tabular report contains following information:
Application/Protocol: Port: Displays name of the application as defined in Cyberoam/Cyberoam-
iView. If application is not defined in Cyberoam/Cyberoam-iView then this field will display
application identifier as combination of protocol and port number.
Count: Number of virus counts.
Report displays a list of viruses which has the maximum number of counts.
By default, the report is displayed for the current date. Report date can be changed from the top
most row of the page.
Bar chart displays top viruses while tabular report contains following information:
Virus Name: Displays name of the virus.
Count: Number of virus counts.
Report displays a list of countries from where maximum virus traffic is originated along with number
of counts per country.
By default, the report is displayed for the current date. Report date can be changed from the top
most row of the page.
Bar chart displays top countries while tabular report contains following information:
Country: Displays name of the virus sending countries.
Count: Number of hits for the virus sending countries.
Cyberoam iView Administrator Guide
Custom Dashboard
Cyberoam iView provides option to the user to create custom dashboard based on user, source host
and Email Address.
Username Dashboard
Cyberoam iView user dashboard provides snapshot of user’s activities in your network.
Widget report displays number of Hits and amount of data transferred per category for the selected
user.
Bar graph displays amount of data transferred per category while tabular report contains following
information:
Category: Displays name of the category as defined in monitored device. If category is not
defined in the monitored device then this field will display ‘None’ at place of category name.
Hits: Number of hits to the category.
Bytes: Amount of data transferred.
Cyberoam iView Administrator Guide
Widget report displays number of Hits and amount of data transferred per file for the selected user.
Bar graph displays amount of data transferred per file while tabular report contains following
information:
File: Name of the file.
Hits: Number of hits to the file.
Bytes: Amount of data uploaded.
Cyberoam iView Administrator Guide
Please refer to Reports by User and FTP Files Upload for details.
Widget report displays number of Hits and amount of data transferred per file for the selected user.
View report from Dashboards > Custom Dashboard > Username.
Report is displayed as graph as well as in tabular format.
By default, the report is displayed for the current date. Report date can be changed from the top
most row of the page.
Bar graph displays amount of data transferred per file while tabular report contains following
information:
File: Name of the file.
Hits: Number of hits to the file.
Bytes: Amount of data downloaded.
Cyberoam iView Administrator Guide
Please refer to Reports by User and FTP Files Download for details.
Widget report displays number of Hits per category for the selected user.
Bar graph displays number of Hits per category while tabular report contains following information:
Category: Displays name of the category as defined in monitored device. If category is not
defined in the monitored device then this field will display ‘None’ at place of category name.
Hits: Number of hits to the category.
Cyberoam iView Administrator Guide
Widget report displays number of Hits per virus for the selected user.
Bar graph displays number of hits per virus while tabular report contains following information:
Virus: Name of the virus as identified by monitored device.
Counts: Number of virus occurrence.
Cyberoam iView Administrator Guide
Widget report displays total amount of data transfer and surfing time for the selected user.
Bar graph displays total amount of data transfer per user while tabular report contains following
information:
User Name: Name of the user as defined in monitored device.
Data Transfer: Total amount of data transfer.
Used Time: Total surfing time.
To view the following detailed reports of a particular host, go to Dashboards > Custom
Dashboard > Source Host IP Address.
Top Web Categories
Top Files Uploaded via FTP
Top Files Downloaded via FTP
Top Blocked Categories
Widget report displays number of Hits and amount of data transferred per category for the selected
user.
View report from Dashboards > Custom Dashboard > Source Host IP Address.
Bar graph displays amount of data transferred per category while tabular report contains following
information:
Category: Displays name of the category as defined in monitored device. If category is not
defined in the monitored device then this field will display ‘None’ at place of category name.
Hits: Number of hits to the category.
Bytes: Amount of data transferred.
Cyberoam iView Administrator Guide
Widget report displays number of Hits and amount of data transferred per file for the selected user.
View report from Dashboards > Custom Dashboard > Source Host IP Address.
By default, the report is displayed for the current date. Report date can be changed from the top
most row of the page.
Bar graph displays amount of data transferred per file while tabular report contains following
information:
File: Name of the file.
Hits: Number of Hits to the file.
Bytes: Amount of data uploaded.
Cyberoam iView Administrator Guide
Widget report displays number of Hits and amount of data transferred per file for the selected user.
View report from Dashboards >Custom Dashboard > Source Host IP Address.
Bar graph displays amount of data transferred per file while tabular report contains following
information:
File: Name of the file.
Hits: Number of hits to the file.
Bytes: Amount of data downloaded.
Cyberoam iView Administrator Guide
Widget report displays number of Hits per category for the selected user.
View report from Dashboards > Custom Dashboard > Username.
Bar graph displays number of Hits per category while tabular report contains following information:
Category: Displays name of the category as defined in monitored device. If category is not
defined in the monitored device then this field will display ‘None’ at place of category name.
Hits: Number of hits to the category.
Cyberoam iView Administrator Guide
To view the following detailed reports of a particular email address, go to Dashboards > Custom
Dashboard > Sender’s Email Address of the user
Top Mails Sent to
Top Sender Hosts
Top Sender Destinations
Top Sender Users
Top Spam Sent
Widget report displays list of top recipients along with the number of Hits and amount of data
transferred.
View report from Dashboards > Custom Dashboard > Sender’s Email Address.
Bar graph displays amount data transferred per recipient, while tabular report contains following
information:
Recipient: Email address of the recipient.
Hits: Number of Hits to the recipient.
Bytes: Amount of data transferred.
Cyberoam iView Administrator Guide
Widget report displays list of top sender hosts along with the number of Hits and amount of data
transferred.
View report from Dashboards > Custom Dashboard > Sender’s Email Address.
Bar graph displays amount data transferred per source host, while tabular report contains following
information:
Source Host: IP address of the host.
Hits: Number of Hits to the host.
Bytes: Amount of data transferred.
Cyberoam iView Administrator Guide
Widget report displays list of top sender destinations along with the number of Hits and amount of
data transferred.
View report from Dashboards > Custom Dashboard > Sender’s Email Address.
Bar graph displays amount data transferred per sender destination, while tabular report contains
following information:
Destination: URL name or IP address of the destination.
Hits: Number of hits to the destination.
Bytes: Amount of data transferred.
Widget report displays list of top sender users along with the number of Hits and amount of data
transferred.
View report from Dashboards > Custom Dashboard > Sender’s Email Address.
Bar graph displays amount data transferred per sender user, while tabular report contains following
information:
User: Username of the user as defined in the monitored device. If the User is not defined then
it will display ‘N/A’ which means the traffic is generated by an undefined user.
Hits: Number of Hits for the user.
Bytes: Amount of data transferred.
Widget report displays list of top spam recipient along with the number of Hits.
View report from Dashboards > Custom Dashboard > Sender’s Email Address.
Bar graph displays number of hits per spam recipient, while tabular report contains following
Cyberoam iView Administrator Guide
information:
Recipient: Email address of the spam recipient.
Hits: Number of Hits for the recipient.
To view the following detailed reports of a particular email address, go to Dashboards > Custom
Dashboard > Recipient’s Email Address of the user
Top Mails Received From
Top Recipients Hosts
Top Recipient Destinations
Top Recipient Users
Top Spam Received
Widget report displays list of top senders along with the number of Hits and amount of data
transferred.
View report from Dashboards > Custom Dashboard > Recipient’s Email Address.
Bar graph displays amount data transferred per sender, while tabular report contains following
information:
Sender: Email address of the sender.
Hits: Number of Hits for the sender.
Cyberoam iView Administrator Guide
Widget report displays list of top recipient hosts along with the number of Hits and amount of data
transferred.
View report from Dashboards > Custom Dashboard > Recipient’s Email Address.
Bar graph displays amount data transferred per recipient host, while tabular report contains following
information:
Recipient Host: IP address of the host.
Hits: Number of hits to the host.
Bytes: Amount of data transferred.
Widget report displays list of top recipient destinations along with the number of Hits and amount of
data transferred.
View report from Dashboards > Custom Dashboard > Recipient’s Email Address.
Bar graph displays amount data transferred per recipient destination, while tabular report contains
following information:
Destination: URL name or IP address of the destination.
Hits: Number of hits to the destination.
Bytes: Amount of data transferred.
Widget report displays list of recipient users along with the number of Hits and amount of data
transferred.
View report from Dashboards > Custom Dashboard > Recipient’s Email Address.
Bar graph displays amount data transferred per recipient user, while tabular report contains following
information:
User: Username of the user as defined in the monitored device. If the User is not defined then
it will display ‘N/A’ which means the traffic is generated by an undefined user.
Hits: Number of hits to the user.
Cyberoam iView Administrator Guide
Widget report displays list of top spam senders along with the number of Hits.
View report from Dashboards > Custom Dashboard > Recipient’s Email Address.
Bar graph displays number of Hits per spam sender, while tabular report contains following
information:
Sender: Email address of the spam sender.
Hits: Number of hits to the sender.
Report displays a list of domains, the number of connections to each domain and the amount of data
transferred through the selected category and by the user.
View the report from Dashboard > Custom Dashboard > Username> Top Web
Categories widget > Category.
To view detailed report for the selected domain, category and user, drill down by clicking the domain
name hyperlink in the table.
View the report from Dashboard > Custom Dashboard > Username> Top Web
Categories widget > Category > Top Domains > Domain.
View the report from Dashboard > Custom Dashboard > Username> Top Files
Uploaded via FTP widget > File.
To view detailed report for the selected file, user, server and host drill down by clicking server
hyperlink in the table.
View the report from Dashboard > Custom Dashboard > Username> Top Files
Uploaded via FTP widget> File > Top Servers and Hosts > Server.
View the report from Dashboard > Custom Dashboard > Username > Top Files
Downloaded via FTP widget > File.
To view detailed report for the selected file, user, server and host drill down by clicking server
Cyberoam iView Administrator Guide
View the report from Dashboard > Custom Dashboard > Username> Top Files
Downloaded via FTP widget > File > Top Servers and Hosts > Server.
View report from Dashboard > Custom Dashboard > Username> Top Web Viruses
widget> Virus.
Bar graph displays number of connections per URL while tabular report contains following
information:
Time: Date and Time in YYYY: MM: DD HH:MM:SS format.
URL: URL name or IP address of URL.
Host: IP address of the host.
Connections: Number of connections to the URL.
View the report from Dashboard > Custom Dashboard > Source Host > Top Files
Uploaded via FTP widget > File.
To view detailed report for the selected file, user, server and host drill down by clicking server
hyperlink in the table.
View the report from Dashboard > Custom Dashboard > Source Host > Top Files
Uploaded via FTP widget > File > Top Servers and Users > Server.
View the report from Dashboard > Custom Dashboard > Source Host > Top Files
Downloaded via FTP widget > File.
To view detailed report for the selected file, user, server and host drill down by clicking the server
hyperlink in the table.
View the report from Dashboard > Custom Dashboard > Source Host > Top Files
Downloaded via FTP widget > File > Top Servers and Users > Server.
View the report from Dashboard > Custom Dashboard > Sender’s Email Address
>Top Mails Sent to widget >Recipient.
Bar graph displays amount of data transferred through each E-mail while tabular report contains
following information:
Time: Date and Time in YYYY: MM: DD HH:MM:SS format.
Subject: Subject line of the Email.
User: Username of the sender as defined in monitored device. If the User is not defined then it
will display ‘N/A’ which means the traffic is generated by an undefined user.
Host: IP address of the host.
Cyberoam iView Dashboard gives overview of main components of Cyberoam iView. This page
displays following information:
CPU Usage
Memory Usage
Disk Usage
Event Frequency
To view CPU usage Details drill down by clicking the CPU hyperlink in the table.
View report from Dashboards > iView Dashboard > CPU Usage widget> CPU.
Tabular report contains following information:
Time: Time in (YYYY-MM-DD HH:MM:SS) format
Usage: CPU usage corresponding to time
View report from Dashboards > iView Dashboard. Tabular report contains following
information:
Memory: Status of Cyberoam iView memory as used and free
Usage: Usage of memory
To view memory usage details drill down by clicking the memory hyperlink in the table.
View report from Dashboards > iView Dashboard > Memory Usage widget >
Memory.
View report from Dashboards > iView Dashboard. Tabular report contains following
information:
Disk: Name and status of disk used to store database and archive logs
Usage: Disk usage
To view disk usage details drill down by clicking the memory hyperlink in the table.
View report from Dashboards > iView Dashboard > Disk Usage widget > Disk.
To view device wise event frequency drill down by clicking the time hyperlink in the table.
View report from Dashboards > iView Dashboard > Event Frequency widget> Time.
Graph displays number of events based on time slots while tabular report contains following
information:
Time: Time in (YYYY-MM-DD HH:MM:SS) format
Device: Device IP address or name.
Events: Number of events per device.
User Management
Prerequisite
Super Admin or Admin privilege required to access and manage User sub menu of System menu.
Below given table lists the various access privileges associated with the each user role:
Authentication Y Y Y Y - N - N - N - N
Cyberoam iView Administrator Guide
Server
Maintenance Y Y Y Y - N - N - N - N
Audit Logs - - - Y - - - Y - - - N
Super Admin Admin Viewer
For all the devices Only for assigned devices Only for assigned device
Load and
Search Y Y N
Archive
Unload,
Backup and
Y Y N
Restore
Archive Files
View Live
Y Y N
Logs
View and
Search Y Y Y
Reports
Dashboards
Main, Device,
User, Host,
Y Y Y
Email
Address,
iView)
Table – Privilege Matrix
Use the System > Configuration > Users page to configure and maintain administrators, set
user's administrative access, password maintenance.
Add User
Go to System > Configuration > Users and click Add to add a new user.
Update User
Go to System > Configuration > Users and click user to be updated from the user list.
Note
All the fields except Username are editable.
Delete User
Go to System > Configuration > Users to view list of users.
Note
Default account- Super Admin cannot be deleted.
Cyberoam iView Administrator Guide
Device Integration
Prerequisite
Super Admin privilege required to access and manage Device sub menu of System menu.
Cyberoam iView collects the log information from multiple devices to generate reports from that log
data.
There are two ways to integrate device to the Cyberoam iView:
Auto-discover Device
Add Device (manually)
Auto-Discover Device
Cyberoam iView uses UDP protocol to discover the network device automatically. In order to send
logs to Cyberoam iView, network device has to configure Cyberoam iView as a Syslog server.
On successful login, Super Admin will be prompted with a popup "New Device(s) Found" if a new
device is discovered; else the Main Dashboard is displayed. This prompt will be displayed every time
Super Admin logs in until she takes action on the newly discovered device.
Device Management
Prerequisite
Super Admin privilege required to access and manage Device sub menu of System menu.
The Cyberoam iView can collect log messages from multiple devices and generate many different
types of reports from that log data.
Go to System > Configuration > Device page to view the list of devices with device name, IP
Address, device type and status.
Possible status:
: Device is added and activated
: Device is added but deactivated
Device Name Name of the device
Device ID Appliance key of the monitored device
IP Address IP Address of the device
Device Type Type of the device.
Squid
24Online
Linux Firewall Netfilter/Iptables
Cisco ASA
Cisco ASA_CSC_
Apache
eScan
NetGenie
Status Action that can be performed on the device.
Possible actions:
Active: Click to accept logs from the device.
Inactive: Click to reject device logs.
Save Button Click to save the information after changing the status.
Table – Device Management Screen Elements
Add Device
Go to System > Configuration > Device and click Add to add a new device in Cyberoam
iView.
Update Device
Go to System > Configuration > Device and click the device to be updated.
Possible options:
Active: Device is active and Cyberoam iView is accepting
logs
Inactive: Device is inactive and Cyberoam iView is not
accepting logs from the device
Ok Button Click to save changes in the device.
Cancel Button Click to return to Device Management page.
Table – Update Device Screen Elements
Activate Device
To start accepting logs from the added device one needs to activate the device in Cyberoam iView.
Go to System > Configuration > Device and click Active against device name.
Click Save to change status of device.
Cyberoam iView Administrator Guide
Note
You can also activate the device from Update Device section. After activation, Cyberoam iView will start
accepting logs from the device.
Deactivate Device
To stop accepting logs from the added device, one needs to deactivate the device in Cyberoam iView.
Go to System > Configuration > Device and click ‘Inactive’ option against the device name.
Click Save to change the status of device.
Note
You can also deactivate the device from Update Device section. After deactivation, Cyberoam iView will stop
accepting logs from the device.
To access the data of device for forensic investigations do not delete the device from Cyberoam iView, just
deactivate it.
Delete Device
Prerequisite
The Device to be deleted should not be a member of any device group.
The Device to be deleted should not be a part of any Report Notification.
Live Logs
Go to System > Archives >Live Logs to view real-time logs. Page displays the most recent log
received from the selected device.
Cyberoam iView Administrator Guide
Possible options:
3 sec, 5 sec, 10 sec, 20 sec,30 sec, 1 min, 2 min, 5 min
Go Button Click to view real-time log for the selected device.
Show Last Specify number of rows of the log entries to be displayed per
Records page.
Possible options:
25, 50, 100
Start Update Click to start log view.
Button
Stop Update Click to stop log view.
Button
Refresh Button Click to refresh the logs manually.
Prerequisite
Super Admin privilege required to access and manage Device Group sub menu of System menu.
Device group is logical grouping of devices based on device location, device type (UTM, Firewall etc.),
device model or device administrator. E.g., group all the devices sending Inventory logs of Inventory
of the organization to generate consolidated report of the Inventory department. Group all the devices
deployed at same geographical location to get network visibility of that area.
Go System > Configuration > Device Group page to view the list of groups with group
name, description and group members.
Possible Options:
UTM
Access Gateway
EPS
Web Server
Smart Wireless Router
Select Device Click drop-down to select the device(s). At least one device has
to be selected.
Note
A group can be deleted without removing devices from the group. Removing a group will not remove the
devices from Cyberoam iView.
Cyberoam iView Administrator Guide
Prerequisite
Super Admin privilege required to access and manage Mail Server sub menu of System menu.
To send the report notification through E-mail, you need to configure SMTP server in Cyberoam
iView.
Go to System > Configuration > Mail Server Configuration to configure mail server to
send report notifications.
Cyberoam iView Administrator Guide
Default port - 25
Display Name Specify display name of mail sender.
From Email Specify E-mail ID of the sender. Email ID can be any combination
Address of alphanumeric characters and special characters “_”, “@” and
“.”.
SMTP Click checkbox to enable SMTP authentication, if required.
Authentication
Username If SMTP authentication is enabled, specify username. Username
can be any combination of alphanumeric characters and special
characters “_”, “@” and “.”.
Password Specify password. Password field cannot be blank.
Save Button Click to save the configuration information.
Send Test Mail Click to send a test email to specified IP Address.
Button
Table – Mail Server Configuration Screen Elements
Cyberoam iView Administrator Guide
Prerequisite
Super Admin or Admin privilege required to access and manage Application Category sub menu of
System menu.
Cyberoam iView generates reports based on application groups. The application group is a logical
grouping of applications based on their functions, for example, all FTP related applications are part of
FTP application group. Cyberoam iView has categorized the most common applications under 28 pre-
defined application categories.
Each Application has an identifier in the form of protocol and port number through which it is
identified. E.g., Web-Proxy application is identified through protocol TCP and port number 8080. If
application is not defined in Cyberoam iView then instead of application name, protocol and port
number will be displayed in Reports. Cyberoam iView also allows the administrator to add custom
applications and application categories.
Note
Cyberoam iView uses application categorization of Cyberoam to generate reports for Cyberoam
security appliances. Custom or default categorization done through System > Configuration >
Application Categories will not be applicable in this case.
Use System > Configuration > Application Categories page to add and manage
applications in Cyberoam iView.
Cyberoam iView Administrator Guide
Add Application
Go to System > Configuration > Application Categories and click Add Application to
add a new application.
Note
An application cannot be the member of multiple application categories. To change the group membership,
first remove an application from the current category and then add in the required application category.
Cyberoam iView Administrator Guide
Update Application
Go to System > Configuration > Application Categories.
Expand Application Category tree and click application to be modified.
Refer to Add Application for information on each parameter.
Delete Application
Go to System > Configuration > Application Categories and expand application tree to
view list of applications.
Note
All fields are editable except application category name.
Cyberoam iView Administrator Guide
Refer Add Application Category and Update Application Category for details.
Note
You can also change application category membership from Update Application Category Membership.
Cyberoam iView Administrator Guide
Note
When you delete an application category, applications under that category will also be deleted.
Add Technology
Go to System > Configuration > Application Categories and click Add Technology to
add a new technology.
Cyberoam iView Administrator Guide
Delete Technology
Go to System > Configuration > Application Categories and click Add Technology.
Cyberoam iView Administrator Guide
Prerequisite
Super Admin or Admin privilege required to access and manage Custom View sub menu of System
menu.
Custom view of reports allows grouping of the most pertinent reports that requires the special
attention for managing the devices. Reports from different report groups can also be grouped in a
single view. In a View, maximum eight reports can be grouped. Custom view provides a single page
view of all the grouped reports.
Use System > Configuration > Custom View to create and manage custom views in
Cyberoam iView.
Note
Added custom views will be displayed under Custom Views Sub menu of navigation pane.
Note
All fields except Custom View Name are editable.
Prerequisite
Super Admin or Admin privilege required to access and manage Report Notification menu of System
menu.
Cyberoam iView can mail reports in PDF format to specified Email Addresses as per the configured
frequency.
This section describes how to:
Add Report Notification
Update Report Notification
Delete Report Notification
Use the System > Configure > Report Notification to create and manage report notifications.
Go to System > Configuration > Report Notification and click Add to create a new report
notification.
Note
All fields except Report Notification name are editable.
Data Management
Prerequisite
Super Admin privilege is required to access and manage Data Management sub menu of System
menu.
Retention of data and log archives use enormous amount of disk space. To control and optimize the
disk space usage, configure the data retention period of detailed and summarized table. Depending
on the compliance requirement, configure the log retention period.
This section describes how to configure log retention period for various product categories.
Use System > Configuration > Data Management page to configure retention period of
various data tables.
UTM Data Management
Access Gateway Data Management
EPS Data Management
Web Server Data Management
Smart Wireless Router Data Management
Mail Logs:
Cyberoam iView Administrator Guide
Mail logs can be retained for time interval starting from 1 month to 3
months.
Cyberoam iView has set default storage of 3 months for Mail logs. You can
configure 1 Month, 2 Months or 3 Months to retain Mail logs.
FTP Logs:
FTP logs can be retained for time interval starting from 1 month to 3
months.
Cyberoam iView has set default storage of 3 months for FTP logs. You can
configure 1 Month, 2 Months or 3 Months to retain FTP logs.
VPN Logs:
VPN logs can be retained for time interval starting from 1 day to 1 month.
Cyberoam iView has set default storage of 3 months for VPN logs. You
can configure 1 Day, 2 Days, 3 Days, 5 Days, 7 Days or 1 Month to retain
VPN logs.
Spam Logs:
Spam logs can be retained for time interval starting from 1 month to 3
months.
Cyberoam iView has set default storage of 3 months for spam logs, but
you can configure 1 month or 2 months to retain spam logs.
Virus Logs:
Virus logs can be retained for time interval starting from 1 month to 3
months.
Cyberoam iView has set default storage of 3 months for virus logs, but you
can configure 1 month or 2 months to retain virus logs.
Appliance audit logs can be retained for time interval starting from 1 day to
1 month.
Cyberoam iView has set default storage of 1 month day for appliance audit
logs, but you can configure 1 day, 2 days, 3 days, 5 days or 7 days to
retain appliance audit logs.
Application Logs:
Application logs can be retained for time interval starting from 1 month to 1
year.
Cyberoam iView has set default storage of 6 months for appliance audit
logs, but you can configure 1 month, 2 months, 3 months, 9 months or 1
year to retain application logs.
WAF Logs:
Blocked Attempt logs can be retained for time interval starting from 1
month to 1 year.
Cyberoam iView has set default storage of 1 month for WAF logs, but you
can configure 1 to 11 months to retain WAF logs.
Report Period Displays retention period of the logs.
Size Displays current size of the logs.
Status Displays status of last applied change.
Archive Retention Archive Logs:
Archive logs can be retained for time interval starting from 1 day to forever.
Cyberoam iView has set default storage as ‘Forever’ for archive logs, but
you can configure 1, 2 or 5 days, 1 or 2 weeks, 1, 3 or 6 months, 1, 3, 7
years or you can disable retention of archived logs.
Export to Excel Enable to allow number of records selection while saving reports in MS-
Parameters Excel format.
Customization
Apply Button Click to apply changes in database configuration.
Table – Database Configuration Screen Elements
Cyberoam iView Administrator Guide
Firewall Logs:
Firewall logs can be retained for time interval starting from 1 month to 1
year.
Cyberoam iView has set default storage of 6 months for firewall logs.
You can configure 1 Month, 2 Months, 3 Months, 6 Months, 9 Months or
1 year to retain firewall logs.
USB Control:
USB Control logs can be retained for time interval starting from 1 month
to 1 year.
Cyberoam iView has set default storage of 6 months for USB Control
logs. You can configure 1 Month, 2 Months, 3 Months, 6 Months, 9
Months or 1 year to retain USB Control logs.
month to 1 year.
Cyberoam iView has set default storage of 6 months for Email Scanning
logs. You can configure 1 Month, 2 Months, 3 Months, 6 Months, 9
Months or 1 year to retain Email Scanning logs.
Report Period Displays retention period of the logs.
Size Displays current size of the logs.
Status Displays status of last applied change.
Archive Retention Archive Logs:
Archive logs can be retained for time interval starting from 1 day to
forever.
Cyberoam iView has set default storage as ‘Forever’ for archive logs, but
you can configure 1,2 or 5 days, 1 or2 weeks, 1,3 or 6 months, 1,3,7
years or you can disable retention of archived logs.
Export to Excel Enable to allow number of records selection while saving reports in MS-
Parameters Excel format.
Customization
Apply Button Click to apply changes in database configuration.
Table – EPS Data Management Screen Elements
Customization
Apply Button Click to apply changes in database configuration.
Table – Web Server Data Management Screen Elements
Attack Logs:
Attack Logs can be retained for the time interval starting from 1 Month
to 1 year.
Cyberoam iView has set default storage of 9 Months for Attack logs.
Virus Logs
Virus Logs can be retained for the time interval starting from 1 Month to
1 year.
Cyberoam iView has set default storage of 9 Months for Virus logs.
Report Period Displays retention period of the logs.
Size Displays current size of the logs.
Status Displays status of last applied change.
Archive Retention Archive Logs:
Cyberoam iView Administrator Guide
Archive logs can be retained for time interval starting from 1 day to
forever.
Cyberoam iView has set default storage as ‘Forever’ for archive logs, but
you can configure 1,2 or 5 days, 1 or2 weeks, 1,3 or 6 months, 1,3,7
years or you can disable retention of archived logs.
Export to Excel Enable to allow number of records selection while saving reports in MS-
Parameters Excel format.
Customization
Apply Button Click to apply changes in database configuration.
Bookmark Management
Prerequisite
Super Admin or Admin privilege required to access and manage Bookmark Management sub menu of
System menu.
Cyberoam iView allows the user to Bookmark report or report groups at any level of drill down. The
user can generate and view reports on multiple criteria and save them as bookmark. The user can
access the bookmarked reports from left navigation menu on next login.
This section describes how to
Add Bookmark Group
Delete Bookmark Group
Use the System > Configuration > Bookmark Management to create and manage
bookmark group.
Search
Search provides option to search various reports based on multiple search parameters.
The administrator can search reports from following categories:
Web Surfing Reports
Mail Usage
Spam
Virus
FTP
Use the Search > Web Surfing Reports to perform search in web surfing reports.
Screen Components:
Report Type: Type of report to be searched.
o Summary
o Detail
Search Type: Type of the search. Possible search types are
o Domain
o URL
o Category
o IP Address
Search For: Possible searches for
o User
o Group
User Name: User name to be searched.
Domain: Domain name or URL name to be searched or ‘Category Name’ in case of
Search type ‘Category’.
By default, as soon as you click Web Surfing Reports, the Web Search Result report is displayed
in tabular manner.
Search Reports
1. Go to Search > Web Surfing Reports.
2. Specify Report Type. Possible report types are
o Summary
o Detail
3. Specify Search Type. Possible search types are:
o Domain
o URL
o Category
Cyberoam iView Administrator Guide
Bar graph displays user group wise number of Hits while tabular report contains following
information:
User Group: Group name of the user group as registered in the monitored device. If group is not
registered in the monitored device then it will be considered as traffic generated by ‘Unknown’
group.
Domain: Domain name or IP address of the domain.
Hits: Number of Hits to the domain by the user group.
Bytes: Amount of data transferred.
The report displays number of hits and amount of data transferred for the selected URL and group
along with web site name and URL path.
1. To view report go to Search > Web Surfing Reports.
2. Specify search parameters as below:
o Report Type: Detail
o Search Type: URL
o Search For: Group
o Group Name
o Domain/URL
Group Name: Group name of the user group as registered in the monitored device. If group is
not registered in the monitored device then it will be considered as traffic generated by ‘Unknown’
group.
Domain: Domain of the website visited by the user group.
URL: URL of the website visited by the user group
Category: Category of the website visited by the user group.
IP Address: IP Address through which user group accessed the website.
Bar graph displays user wise number of Hits while tabular report contains following information:
User Name: User name of the user as defined in the monitored device. If the user is not defined
in the monitored device then it will be considered as traffic generated by undefined user and the
field will display ‘N/A’.
Category Name: Name of the category as defined in the monitored device.
Hits: Number of Hits to the user.
Bytes Amount of data transferred.
Mail Usage
Use the Search > Mail Usage to perform search in mail usage reports.
Screen Components:
Protocol: Search option is available on following protocols:
o SMTP
o POP3
o IMAP
o Any
User Type: Possible user types
o Recipient
o Sender
o Any
User Email Address: Specify Email address of the user to be searched.
Subject: Specify subject line of the Email to be searched.
Search button: Click to perform search.
By default, as soon as you click Mail Usage Reports, the Mail Search Report is displayed in
tabular manner.
Search Reports
Spam
Screen Components:
Protocol: Search option is available on following protocols:
o SMTP
o POP3
o IMAP
o Any
User Type: Possible user types:
o Recipient
o Sender
o Any
User Email Address: Specify Email address of the user to be searched.
Subject: Specify subject line of the Email to be searched.
Search button: Click to perform search.
By default, as soon as you click Spam Reports, the Spam Search Report is displayed in tabular
manner.
Search Reports
1. Go to Search > Spam.
2. Specify protocol. Available options are:
Cyberoam iView Administrator Guide
o SMTP
o POP3
o IMAP
o Any
3. Specify user type: Possible user types are:
o Recipient
o Sender
o Any
4. Specify Email address to be searched. Email address can be any combination of
alphanumeric characters and special characters “_”, “@” and “.”. If the Email address is not
specified then search result will be displayed for all the Email addresses.
5. Specify subject line to be searched. If the subject line is not specified then the search result
will be displayed for all the subjects.
6. Click Search.
Refer to Spam Search Report to view report.
Virus
o HTTP
o HTTPS
o FTP
o Any
User Type: Possible user types
o Recipient
o Sender
o Any
User Email Address: Specify Email address of the user to be searched.
Subject: Specify subject line of the Email to be searched.
Virus Name: Specify name of the virus to be searched.
Search button: Click to perform search.
Search Reports
1. Go to Search > Virus.
2. Specify protocol. Available options are:
o SMTP
o POP3
o IMAP
o HTTP
o HTTPS
o FTP
o Any
3. Specify user type: Possible user types are:
o Recipient
o Sender
o Any
4. Specify Email address to be searched. Email address can be any combination of
alphanumeric characters and special characters “_”, “@” and “.”. If the Email address is not
specified then search result will be displayed for all the Email addresses.
5. Specify subject line to be searched. If the subject line is not specified then the search result
will be displayed for all the subjects.
6. Specify virus name to be searched. If the virus name is not specified then the search result will
be displayed for all the viruses.
7. Click Search.
Refer to Virus Search Report to view report.
The report displays amount of data transferred for the selected protocol, user type, Email address
and subject line.
Cyberoam iView Administrator Guide
FTP
Screen Components:
Transfer Type: Possible types:
o Download
o Upload
o Any
Search For: Possible search criteria
o User
o File
User Name/File Name: User name or File name to be searched.
Search Reports
1. Go to Search > FTP.
2. Specify file transfer type. Available options:
o Download
o Upload
o Any
3. Specify search criteria: Available options:
o User
Cyberoam iView Administrator Guide
o File
4. Specify username or file name to be searched. If the user name or file name is not specified
then search result will be displayed for all the files and users.
5. Click Search.
Refer to FTP Search Report to view report.
Logs
Prerequisite
Super Admin or Admin privilege is required to access and manage Logs page.
To achieve compliance requirement of some geographical regions, Cyberoam iView provides MD5
sum for DHCP and Web Usage log files. It ensures integrity of log data, which means the log files are
intact and log data is not manipulated.
This section describes how to enable and disable Checksum Configuration for DHCP and Web
Usage:
Go to System > Configuration > Logs to enable and disable Checksum Configuration for
DHCP and Web Usage.
Cyberoam iView Administrator Guide
Port Configuration
Prerequisite
Super Admin or Admin privilege is required to access and manage Port Configuration sub menu of
System menu.
This page allows administrator to configure access ports (HTTP and HTTPS) and syslog port to
provide flexibility for accessing Cyberoam-iView and receiving syslog data.
Go to System > Configuration > Port to specify HTTP, HTTPS and Syslog port number. By
default Cyberoam-iView is accessed on HTTP port 8000 and HTTPS port 8443 and syslogs are
received on port 514.
Backup Management
Prerequisite
Super Admin or Admin privilege required to access and manage Backup Management page.
Cyberoam iView allows the administrator to take scheduled backup of detailed report data on FTP
server.
Use System > Configuration > Backup Management to configure scheduled backup of detailed
report data on FTP server.
Backup Schedule
Cyberoam iView Administrator Guide
Prerequisite
Super Admin or Admin privilege required to access and manage Disk Usage Limit page.
Cyberoam iView allows the administrator to configure threshold limit for disk usage.
When the specified Lower Threshold limit is reached, Cyberoam - iView sends an Email alert
notification informing the administrator to manage disk space and when the specified Upper Threshold
limit is reached, Cyberoam iView sends an Email alert notification informing that no new data will be
accepted till the disk space is restored to either Lower Threshold or below.
Use System > Configuration > Disk Usage Limit to configure lower and upper threshold
limit for disk usage.
External Configuration
Prerequisite
Super Admin or Admin privilege is required to access and manage External Configuration sub menu
of System menu.
External configuration page allows the administrator to configure necessary parameters required to
integrate Cyberoam iView with third party solutions like Cyberoam Central Control.
Use System > Configuration > External Configuration to set necessary parameters for
third party solution integration.
Cyberoam iView Administrator Guide
Authentication Server
Prerequisite
Super Admin or Admin privilege is required to access and manage Authentication Server sub menu of
System menu.
User authentication can be performed using local user database, RADIUS, LDAP or any combination
of these.
Local Authentication:
Cyberoam-iView provides a local database for storing user information. You can configure Cyberoam
iView to use this local database to authenticate users and control their access to the network. Choose
local database authentication over LDAP or RADIUS when the number of users accessing the
network is relatively small. Registering dozens of users takes time, although once the entries are in
place they are not difficult to maintain. For networks with larger numbers of users, user authentication
Cyberoam iView Administrator Guide
Combination of external and local authentication is useful in large networks where it is required to
provide guest user accounts for temporary access while a different authentication mechanism like
RADIUS for VPN and SSL VPN users provides better security as password is not exchanged over the
wire.
External Authentication:
External Authentication Servers can be integrated with the Cyberoam iView for providing secure
access to the users of those servers.
Use System > Configuration > Authentication to add and manage Authentication Servers
in Cyberoam iView.
The top level of the LDAP directory tree is the base, referred to
as the "Base DN". A base DN usually takes one of the three
forms: Organization name, Company’s Internet Domain name or
DNS domain name. For example dc=google, dc=com
Administrator Specify Username for the user with Administrative privileges for
LDAP server.
Cyberoam iView Administrator Guide
Password Specify Password for the user with Administrative privileges for
LDAP server.
Authentication Set authentication attribute. It is the attribute used to perform user
Attribute search.
Maintenance
Prerequisite
Super Admin or Admin privilege is required to access and manage Maintenance sub menu of System
menu.
Backup is the essential part of data protection. Backups are necessary in order to recover data from
the loss due to the disk failure, accidental deletion or file corruption. There are many ways of taking
backup and just as many types of media to use as well.
The Maintenance menu enables you to back up and restore your Cyberoam iView. It is a good idea to
backup the Cyberoam iView configuration on a regular basis to ensure that, if the system fails, you
can quickly get the system back to its original state with minimal effect to the network. It is a good idea
to back up the configuration after making any changes to the configuration of the Cyberoam iView or
settings that affect the managed appliances.
Once the backup is taken, you need to upload the file for restoring the backup. Restoring data older
than the current data will lead to the loss of current data.
Administrator can schedule Cyberoam iView backup or manually take the backup from System >
Configuration > Maintenance.
Cyberoam iView Administrator Guide
Screen – Maintenance
Available options:
should be taken.
Monthly – Configure day and time at which the backup
should be taken.
Backup Mode Select how and to whom backup files should be sent.
Available Options:
Audit Logs
Prerequisite
Super Admin or Admin privilege is required to access and manage Audit Logs sub menu of System
menu.
Audit logs are required to ensure accountability, security and problem detection of a system.
Use System > Audit Logs page to view audit logs for Cyberoam iView.
Category-Event-Message Table:
Cyberoam iView displays audit logs for following categories with corresponding events and
messages:
Note
Audit logs can be filtered based on category type and severity.
In addition, you can perform search based on username, IP Address and message.
Cyberoam iView Administrator Guide
Archives
Prerequisite
Super Admin or Admin privilege is required to access and manage Archives sub menu of System
menu.
Archive logs are collection of historical records, which are the initial line of forensic investigation.
Cyberoam iView retains archive log data for the configured period. Data Retention period can be
configured from the System > Configuration > Data Management page. For further details, refer to
Data Management section.
User
Source
Destination
Rule
Protocol
Sent (Bytes)
Received (Bytes)
URL
Sender
Receiver
Add Criteria Click to add a new search criterion.
Button
Remove Criteria Click to remove the added criterion.
Button
Table – Search Criteria Section Elements
Note
Live Logs
Go to System > Archives > Live Logs to view live logs.
Cyberoam iView Administrator Guide
Prerequisite
Unloading of the archived file is required to take backup.
You cannot take back up for current date.
Go to System > Archives > Backup Management to take backup of archived files on
Cyberoam iView machine.
In no event shall Cyberoam – a Sophos Company be liable for any direct, indirect, or incidental
damages, including, damage to data arising out of the use or inability to use this manual.
No part of this work may be reproduced or transmitted in any form or by any means except as
expressly permitted by Cyberoam – a Sophos Company. This does not include those documents and
software developed under the terms of the open source General Public License.
If you need commercial technical support for this product please visit www.cybreoam-iview.com.
You can visit open source Cyberoam iView forums at https://sourceforge.net/projects/cyberoam-
iview/support to get support from the project community.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
A copy of the GNU General Public License is available along with this program; see the COPYING file
for the detailed license.
The interactive user interfaces in modified source and object code versions of this program must
display Appropriate Legal Notices, as required under Section 5 of the GNU General Public License
version 3.