CR Iview Administrator Guide PDF

Administrator Guide
Document Version 1.3- 0.1.2.7

Cyberoam iView Administrator Guide
Table of Contents
Preface ................................................................................................................... 4
Intended Audience.......................................................................................................................... 4
Guide Organization......................................................................................................................... 4
Typographic Conventions ............................................................................................................... 5
Part 1: Cyberoam iView Basics ............................................................................... 6
Introduction ............................................................................................................. 6
Accessing Cyberoam iView .................................................................................... 6
Log out procedure ...................................................................................................................... 8
Understanding Interface – Web Admin Console ..................................................... 8
Screen components ................................................................................................................... 8
Reports Menu Screen components ........................................................................................... 9
Dashboard ............................................................................................................ 11
Main Dashboard ........................................................................................................................... 11
Traffic Dashboard ..................................................................................................................... 13
Security Dashboard .................................................................................................................. 33
Virus Traffic .............................................................................................................................. 49
Custom Dashboard....................................................................................................................... 51
Username Dashboard .............................................................................................................. 51
Report by User and Internet Usage .............................................................................................. 57
Source Host Dashboard ........................................................................................................... 57
Sender’s Email Address Dashboard ........................................................................................ 61
Recipient’s Email Address Dashboard ..................................................................................... 65
Top Domains by User and Category ............................................................................................ 69
Detailed Report by User, Category, URL ..................................................................................... 69
Top Servers and Hosts by User (Upload) and File (Upload) ....................................................... 69
Detailed Report by User (Upload), File, Server, Host .................................................................. 69
Top Servers and Hosts by User (Download) and File .................................................................. 69
Detailed Report by User (Download), File, Server and Host........................................................ 70
Report by User and Virus ............................................................................................................. 70
Top Servers and Users by Host (Upload) and File ...................................................................... 70
Detailed Report by Host (Upload), File, Server and User ............................................................ 70
Top Servers and Users by Hosts (Download) and Files .............................................................. 70
Detailed Report by Host (Download), File, Server and User ....................................................... 71
Report by Sender’s E-mail Address and Recipient ..................................................................... 71
Cyberoam iView Dashboard ......................................................................................................... 71
User Management ........................................................................................................................ 77
Part 2: Basic Configuration ................................................................................... 82
Device Integration......................................................................................................................... 82
Auto-Discover Device ............................................................................................................... 82
Device Management..................................................................................................................... 84
Add Device ............................................................................................................................... 85
Update Device .......................................................................................................................... 86
Activate Device ........................................................................................................................ 87
Deactivate Device .................................................................................................................... 88
Delete Device ........................................................................................................................... 89
View Real-time Logs ................................................................................................................ 89
Device Group Management ......................................................................................................... 91
Part 3: Advanced Configuration............................................................................ 95
Mail Server Configuration ............................................................................................................. 95
Application Category Management .............................................................................................. 97
Custom View Management ........................................................................................................ 110
Report Notification Management ................................................................................................ 116
Data Management ...................................................................................................................... 121
Bookmark Management ............................................................................................................. 129
Search ........................................................................................................................................ 131

Web Surfing Reports .............................................................................................................. 131
Mail Usage ............................................................................................................................. 135
Spam ...................................................................................................................................... 136
Virus ....................................................................................................................................... 137
FTP......................................................................................................................................... 139
Logs ............................................................................................................................................ 140
Port Configuration....................................................................................................................... 141
Backup Management ................................................................................................................. 141
Disk Usage Limit......................................................................................................................... 143
External Configuration ................................................................................................................ 143
Authentication Server ................................................................................................................. 144
Maintenance ............................................................................................................................... 148
Audit Logs .............................................................................................................................. 150
Archives ...................................................................................................................................... 154
Preface
Welcome to Cyberoam iView Administrator’s Guide.
Intended Audience
This Guide is intended for the people who want to configure Cyberoam iView. A basic TCP/IP
networking concepts knowledge is required.
Guide Organization
This Guide provides information regarding the administration and customization of Cyberoam iView
and helps you manage and customize Cyberoam iView to meet your organization’s various
requirements.
This Guide is organized into three parts:

Part 1 – Cyberoam iView Basics
It describes how to start using Cyberoam iView after successful installation.
Part 2 – Basic Configuration

It describes minimum configuration settings required to generate reports using Cyberoam iView,
which includes adding and managing devices and administrators, and define their roles for device
management.
Part 3 – Advanced Configuration

It describes advanced configuration settings of Cyberoam iView, which includes setting data storage
sizes for archiving logs; configure mail server and email schedule for mailing reports.
Part 4 – Reports
It describes how to access and navigate through the drilldown reports. It also provides description of
all the reports generated by Cyberoam iView. Refer to Cyberoam iView Reports Guide.
Typographic Conventions
Material in this guide is presented in text or screen display notations:
Item Convention Example

Cyberoam iView Machine where Cyberoam iView is installed or Cyberoam
Server iView appliance.
Username Username uniquely identifies the user of the system.
Topic titles Shaded font
Introduction
typefaces
Subtitles Bold & Black

typefaces Notation conventions
Navigation link Bold typeface System > Configuration > Users

it means, to open the required page click System, then
Configuration and finally click Users
Name of a Lowercase Enter policy name, replace policy name with the specific name
particular italic type of a policy
parameter / field / Or
command button Click Name to select where Name denotes command button
text text which is to be clicked
Cross references Hyperlink in Refer to Customizing User database Clicking on the link will
different color open the particular topic
Notes & points to Bold typeface
remember between the Note
black borders
Prerequisites Bold typefaces

between the
black borders Prerequisite
Prerequisite details
Part 1: Cyberoam iView Basics

Introduction
Cyberoam iView is an open source logging and reporting solution that provides organizations with
visibility into their networks across multiple devices for high levels of security and data confidentiality
while meeting the requirements of regulatory compliance.
Enabling centralized reporting for multiple devices across geographical locations, Cyberoam iView
offers a single view of the entire network activity. This allows organizations not just to view information
across hundreds of users, applications and protocols; it also helps them correlate the information,
giving them a comprehensive view of network activity.
With Cyberoam iView, organizations receive logs and reports related to intrusions, attacks, spam and
blocked attempts, both internal and external, enabling them to take rapid action throughout their
network anywhere in the world.
Accessing Cyberoam iView

After successful installation, Cyberoam iView needs to be configured to collect the logs in order to
generate the reports.
Access Web Admin Console, a browser-based Interface to configure and manage Cyberoam iView as
well as view reports.
Web Browser should meet the following requirements:

 Microsoft Internet Explorer 8+
 Mozilla Firefox 3.0
 Google Chrome
 Safari 5.1.2(7534.52.7)+
 Opera 15.0.1147.141+
Cyberoam-iView can be accessed over HTTP and HTTPS protocol.
For Cyberoam iView Software:
Browse to http://<IP address of the machine on which Cyberoam iView is installed i.e. local
machine>:8000 or https://<IP address of the machine on which Cyberoam iView is installed i.e. local
machine>:8443 and log on using default Super Administrator username ‘admin’ and password
specified at the time of installation.
For Cyberoam iView Hardware Appliance:
Web Admin Console – Browse to http://<IP address of Cyberoam-iView Appliance>:8000 or

https://<IP address of Cyberoam iView Appliance >:8443 and log on using default Super Administrator
username ‘admin’ and password ‘cyberoam’.
CLI Console – The administrator can access CLI console of Cyberoam iView appliance using any of
the following default Super Administrator credentials:
 Username/Password – admin/admin
 Username/Password – root/admin
The administrator can change default HTTP and HTTPS access ports from System >
Configuration > Port Configuration.
.
Screen – Cyberoam iView Web Admin Console
Screen Elements Description

Username Specify user login name.
If you are logging on for the first time after installation, please use
default username ‘admin’.
Password Specify password.
If you are logging on for the first time after installation, please use
password specified at the time of installation.
Language Web Admin Console language.
Login button Logs on to Web Admin Console.
Click to login.
Table - Login screen elements
Cyberoam iView displays Main Dashboard as soon as you logon to the Web Admin Console. Main
Dashboard provides a quick and fast overview of the allowed and denied traffic of all the devices
added to Cyberoam iView.
If you are logging for the first time after installation:

 You will be logged in with the super administrator privileges.
 Dashboard will not show any traffic details as devices are yet to be added to Cyberoam iView.
Log out procedure
To avoid un-authorized users from accessing Cyberoam iView, log off after you have finished working.
This will end the session and exit from Cyberoam iView.
Understanding Interface – Web Admin Console

Screen components
Screen – Basic Screen Components

Product Category A drop down on the leftmost top provides product category to
Selection Dropdown generate reports. Available product categories are:
 UTM
 Access Gateway
 EPS
 Web Server
 Smart Wireless Router
Select the product category to generate and view reports.

Entire GUI of Cyberoam iView changes according to the
product category selection.
Navigation Pane Navigation Pane on the leftmost side consists of multi-level
drop-down Main menu. Main menu has following items:
 Dashboards
 Search
 Reports
 Trend Reports
 Compliance Reports
 Custom View (if created)
 Bookmarks (if created)
 System
Click the menu item to access the next level menu.

Admin Tool Bar A bar includes collection of links provides access to most
common and often used functions like:
 : Click to return to main dashboard
 : Click to access context sensitive online help
 : Click to log out from Cyberoam iView
Bar appears on upper rightmost corner of every page.
Button Bar A bar that includes a collection of buttons provides an easy
way to perform tasks like add or delete on clicking them.
Bar appears at the top left hand corner of the Information Area
of every page.
Global Selection Click to select all items.
Checkbox
Individual Selection Click to select individual item.
Checkbox
Page Information Displays page information corresponding to the selected
Area menu.
Table – Basic Screen Elements
Reports Menu Screen components
Screen – Report Screen Components

Device Selection Click to select device(s) or device group(s).
Reports will be generated and displayed for all the selected

devices
Calendar Click to select date and time range.
Reports will be generated and displayed for the selected time.

Breadcrumb Displays the path that the user has taken to arrive at the current
Navigation page.
Convert to Excel Converts displayed report in MS-Excel format.
Convert to PDF Converts displayed report into PDF format.
Page Bookmark Click to create bookmark of the displayed report for customized
access.
Page Controls Select number of rows to be displayed on each page.
Use page controls to navigate to a specific page of the report.

Table – Report Screen Elements
Dashboard
Cyberoam iView displays UTM Main Dashboard as soon as you logon to the Web Admin Console.
To view dashboard for other product category you need to select product category from drop down
provided on top left.
Dashboard provides a summary view of entire network traffic.
It also provides the current resource usage - CPU, Disk, Memory as well total events received by
Cyberoam iView from each device.
By default, Cyberoam iView provides following dashboards:

 Main Dashboard: Displays allow and deny traffic statistics for all the monitored devices.
 Traffic Dashboard: Displays information regarding total network traffic
 Security Dashboard: Displays information regarding denied network activities and traffic
 Cyberoam iView Dashboard: Provides overview of all the important parameters like memory
usage, disk usage, CPU usage of Cyberoam iView.
Cyberoam iView also provides following custom dashboards:
 Username Dashboard : Provides Internet behavior overview of the selected user.
 Source Host Dashboard: Provides overview of traffic generated by the selected source host.
 Sender’s Email Address Dashboard: Provides overview of traffic generated by the specified
sender’s Email Address.
 Recipient’s Email Address Dashboard: Provides the Internet activities conducted through the
specified recipient’s Email Address.
To return to the Main Dashboard from any other page of the Web Admin console, click
provided in Admin Tool bar.
Main Dashboard
Main Dashboard provides a quick overview of top allowed and denied traffic of network including
Web, FTP, mail, database and other applications.
It displays graphical and tabular overview of allowed and denied traffic of the top traffic generating
applications for all the added devices in a Widget form.
Widget displays report in graphical as well as tabular format. By default, the report is displayed for the
current date. Report date can be changed through the Calendar available on the topmost row of the
page.
 Allowed Traffic Overview widget

 Denied Traffic Overview widget
Allowed Traffic Overview widget

Allowed Traffic Overview widget displays amount of data transferred by the top six traffic-generating
applications for each device.
Widget report is displayed as graph as well as in tabular format.

By default, the report is displayed for the current date and all the devices. Report date or devices can
be changed using Calendar and Device Selection button from the top-most row of the page.
Bar graph displays amount of data transferred by top applications while tabular report contains
following information:
 Device: Name of the device as defined in Cyberoam iView.
 Applications (e.g. Web, SSL, POP3 etc. as shown in the below given screen): Amount of data
transfer through each application.
To view the Traffic Dashboard of a particular device, drill down by clicking Application in the graph or
the Device hyperlink in the table.
Screen – Allowed Traffic Overview
Denied Traffic Overview widget

Denied Traffic Overview widget displays denied connection for the top five applications for each
device.
Widget report is displayed as graph as well as in tabular format.
Bar graph displays amount of denied traffic by IPS attacks, spam, virus, firewall and content filtering
while tabular report contains following information:
 Device: Name of the device as defined in Cyberoam iView.
 Applications (e.g. IPS attacks, spam, virus, firewall denied, content filtering denied): Number of
denied attempts per application.
To view the Security Dashboard of a particular device, drill down by clicking Application in the graph
or the Device hyperlink in the table.
Screen – Denied Traffic Overview
Cyberoam Main dashboard can be drilled down for following dashboards:

 Traffic Dashboard
 Security Dashboard
Traffic Dashboard
Cyberoam iView Traffic dashboard is a collection of widgets displaying information regarding total
network traffic.
This dashboard gives complete visibility of network traffic in terms of applications, web categories,
users, hosts, source and destination countries, mail traffic and FTP activities.
Traffic Dashboard consists of following reports in widget form:

 Top Applications
 Top Application Categories
 Top Users
 Top Hosts
 Top Source Countries
 Top Destination Countries
 Top Rule ID
 Top Web Categories
 Top Web Users
 Top Domains
 Top File Upload
 Top Files Uploaded via FTP
 Top Files via FTP
 Top FTP Servers
 Mail Traffic Summary
 Top Mail Senders
 Top Mail Recipients
 Allowed Traffic Summary
 Web Traffic Summary
 FTP Traffic Summary
Top Applications widget
Report displays list of top applications along application wise distribution of total data transfer and
relative percent distribution among those applications.
View the report from Main Dashboard > Traffic Dashboard.
Report is displayed as pie chart as well as in tabular format.
By default, the report is displayed for the current date. Report date can be changed from the top most
row of the page.
Pie chart displays amount of data transferred and percentage wise distribution of data transfer per
application while tabular report contains following information:
 Application/Proto: Port: Displays name of the application as defined in Cyberoam/ Cyberoam
iView. If application is not defined in Cyberoam/Cyberoam iView then this field will display
application identifier as combination of protocol and port number.
 Category: Name of application category as defined in Cyberoam/Cyberoam iView.
 Risk: Risk level associated with the application. The risk level is a numeric value. Higher value
represents higher risk.
 Bytes: Amount of data transferred.
 Percent: Amount of data transfer in percentage.
Screen - Top Applications

Click Application hyperlink in table or pie chart to view Filtered Application Reports.
Top Application Categories widget
Report displays list of top application categories along with category wise distribution of total data
transfer and relative percent distribution among those categories.
row of the page.
application category while tabular report contains following information:
 Category: Name of the application category as defined in Cyberoam/Cyberoam iView.
 Hits: Number of hits per application category.
Screen - Top Application Categories
Click Category hyperlink in table or pie chart to view Filtered Application Reports.
Top Users widget
Report displays list of top network users along with the amount of traffic generated for various
applications, hosts, destinations, domains and categories.

row of the page.
user while tabular report contains following information:
 User: Username of the user as defined in Cyberoam. If the User is not defined then it will display
‘N/A’ which means the traffic is generated by an undefined user.
Screen - Top Users
Click User hyperlink in table or pie chart to view Filtered Application Reports.
Top Hosts widget
Report displays list of top hosts along with host wise distribution of total data transfer and relative
percent distribution among those hosts.
row of the page.
host while tabular report contains following information:

 Host: IP Address of the host.
Screen - Top Hosts
Click Host hyperlink in table or pie chart to view Filtered Application Reports.
Top Source Countries widget
Report displays list of top source countries from where Internet traffic is generated along with country
wise distribution of total data transfer and relative percent distribution among those countries.
row of the page.
country while tabular report contains following information:
 Country: Name of the top source countries.
 Bytes: Total data transfer per source country.
 Percent: Relative percent distribution among the top source country.
Screen - Top Source Countries

Click Country hyperlink in table or pie chart to view Filtered Application Reports.
Top Destination Countries widget
Report displays list of top destination countries where web traffic is directed along with country wise
distribution of total data transfer and relative percent distribution among those countries.
row of the page.
Pie chart displays amount of data transferred and percentage wise distribution of data transfer while
tabular report contains following information:
 Country: Name of the top destination countries.
 Bytes: Total data transfer per destination country.
 Percent: Relative percent distribution among the top destination country.
Screen - Top Destination Countries
Click Country hyperlink in table or pie chart to view Filtered Application Reports.
Top Rule ID widget
Widget displays list of rules along with rule wise distribution of total data transfer and relative percent
distribution among those rules.
row of the page.
firewall rule while tabular report contains following information:
 Rule ID: Displays firewall rule ID.
Screen - Top Rule ID
Click Rule ID hyperlink in table or pie chart to view Filtered Application Reports.
Top Web Categories widget
Report displays list of top web categories along with category wise distribution of total data transfer
and relative percent distribution among those categories.
row of the page.
web category while tabular report contains following information:
 Category: Name of the Web category as defined in Cyberoam/Cyberoam iView.
 Hits: Number of hits per Web category.
Screen - Top Web Categories

Click Category hyperlink in table or pie chart to view Filtered Web Usage Reports.
Top Web Users widget
Report displays list of top Web users along with the amount of traffic generated for various web
applications, hosts, destinations, domains and categories.
row of the page.
user while tabular report contains following information:
 User: Username of the user as defined in Cyberoam. If the User is not defined then it will display
‘N/A’ which means the traffic is generated by an undefined user.
Screen - Top Web Users
Click Web User hyperlink in table or pie chart to view Filtered Web Usage Reports.
Top Domains widget
Widget displays list of domains along with domain wise distribution of total data transfer and relative
percent distribution among those domains.
row of the page.
Pie chart displays various domains and percentage wise amount of data transferred while tabular
report contains following information:
 Domain: Displays domain name.
Screen - Top Domains
Click Domain hyperlink in table or pie chart to view Filtered Web Usage Reports.
Top File Upload widget
Widget displays list of files along with date, user, domain name, file name, size and source IP.
row of the page.
Tabular report contains following information:

 Date: Time and date when the file is uploaded in YYYY-MM-DD HH:MM::SS format
 User: Name of the user who uploaded the file
 Source IP: Source IP Address from where the file is uploaded
 Domain Name: Name of the domain where the file is uploaded.
 File Name: Name of the file.
 Size: Size of the file.

Screen - Top File Upload

Top Files Uploaded via FTP widget
Widget report displays list of the files uploaded via FTP with file wise distribution of total data transfer
and relative percent distribution among those files.
Report is displayed as graph as well as in tabular format.
row of the page.
Pie chart displays amount of data transferred and percentage wise distribution of data transfer per file

 File: Name of the top file uploaded using FTP.
 Bytes: Size of the top uploaded files.
 Percent: Relative percent distribution among the top files uploaded via FTP.
Screen - Top File Uploaded via FTP
Click File hyperlink in table or pie chart to view Filtered FTP Usage Reports.
Top Files via FTP widget
Widget report displays list of the files downloaded via FTP with file wise distribution of total data
transfer and relative percent distribution among those files.

row of the page.
Pie chart displays amount of data transferred and percentage wise distribution of data transfer per file

 File: Name of the top file downloaded using FTP.
 Bytes: Size of the top downloaded files.
 Percent: Relative percent distribution among the top files downloaded via FTP.
Screen - Top Files Downloaded via FTP
Click File hyperlink in table or pie chart to view Filtered FTP Usage Reports.
Top FTP Servers widget
Report displays list of top FTP servers.
row of the page.
server while tabular report contains following information:

 Server: Name of the FTP server.
 Bytes: Total data transfer through the FTP server.
 Percent: Relative percent distribution among the top FTP servers.
Screen - Top FTP Servers
Click server hyperlink in table or pie chart to view Filtered FTP Usage Reports.
Mail Traffic Summary widget
Report displays type of Email traffic along with number of bytes and percentage of the traffic.
row of the page.
Pie chart displays amount of traffic per traffic type while tabular report contains following information:
 Traffic: Type of email traffic. Possible types:
 Clean Mail
 Spam
 Probable Spam
 Virus
 Hits: Number of hits per email traffic type.
 Percent: Type of traffic in percentage.
Screen - Mail Traffic Summary
Top Mail Senders widget
Report displays list of top email senders along with number of bytes and percentage of the traffic.
row of the page.
Pie chart displays amount of data transferred and percentage wise distribution of data transfer by
each sender while tabular report contains following information:
 Sender: Email ID of the sender.
 Percent: Relative percent distribution among the top Mail Senders.
Screen - Top Mail Senders


 Click Sender hyperlink in table or pie chart to view Filtered Mail Usage Reports.
Top Mail Recipients widget
Report displays list of top email recipients along with number of bytes and percentage of the traffic.
row of the page.
Pie chart displays amount of data transferred and percentage wise distribution of data transfer by
each recipient while tabular report contains following information:
 Recipient: Email ID of the recipient.
 Percent: Relative percent distribution among the top Mail Recipients.
Screen - Top Mail Recipients


 Click Recipient hyperlink in table or pie chart to view Filtered Mail Usage Reports.
Allowed Traffic Summary widget
Report displays list of top Web protocols along with number of bytes and percentage of the traffic.
row of the page.
Bar graph displays amount of data transferred and percentage wise distribution of data transfer per
Web Traffic protocol while tabular report contains following information:
 Allowed Traffic: Allowed traffic protocol.
 Percent: Relative percent distribution among allowed protocols.
Screen - Allowed Traffic Summary
Web Traffic Summary widget
Report displays list of top web traffic along with number of bytes and percentage of the traffic.
Report is displayed as graph as well as in tabular format. The bar graph displays amount of data per
Web Traffic type.
row of the page.
Web Traffic type while tabular report contains following information:
 Traffic: Type of Web Traffic. Possible Types:
 CF Allowed
 CF Denied
 Virus
 Percent: Relative percent distribution among the top web traffic types.
Screen - Web Traffic Summary
FTP Traffic Summary widget
Report displays list of top FTP traffic along with number of bytes and percentage of the traffic.
Report is displayed as graph. The bar graph displays amount of data FTP traffic type.
row of the page.
FTP traffic type while tabular report contains following information:
 Traffic: Type of FTP traffic. Possible Types:
 Clean FTP
 Virus
 Percent: Relative percent distribution among the top FTP traffic types.
Screen - FTP Traffic Summary

Security Dashboard
Cyberoam iView Security dashboard is a collection of widgets displaying information regarding denied
network activities and traffic. It also gives overview of malwares and spam along with source and
destination countries.
Traffic Dashboard consists of following reports in widget form:

 Top Blocked Hosts
 Top Blocked Users
 Top Blocked Applications
 Top Blocked Destination Countries
 Top Blocked Source Countries
 Top Blocked Rule ID
 Top Blocked Categories
 Top Blocked Domains
 Top Attacks
 Top Viruses
 Top Spam Senders
 Top Spam Recipients
 Blocked Traffic Summary
 Virus Summary
 Spam Summary
 IDP Attacks Summary
 Content Filtering Blocked Summary
Top Blocked Hosts widget
Report displays a list of top hosts which made the maximum attempts to access the blocked sites.
View report from Main Dashboard > Security Dashboard.
Report is displayed using a pie chart as well as in tabular format.
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per denied host while tabular
report contains following information:
 Host: IP Address of the hosts.
 Hits: Number of attempts to access the blocked host.
 Percent: Relative percent distribution among the blocked hosts.
Screen - Top Blocked Hosts
Top Blocked Users widget
Report displays a list of users who made the maximum attempts to access the blocked sites.
View report from Main Main Dashboard > Security Dashboard.
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per blocked user while

 User: Name of the top blocked user as defined in Cyberoam iView.
 Hits: Number of attempts by a particular user to access the blocked site.
 Percent: Relative percent distribution among the blocked users.
Screen - Top Blocked Users
Top Blocked Applications widget
Report displays a list of blocked applications which has the maximum number of access attempts.
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per denied application while
 Application/Proto: Port: Displays name of the application as defined in Cyberoam/Cyberoam
iView. If application is not defined in Cyberoam/Cyberoam iView then this field will display
 Category: Name of application category as defined in Cyberoam/Cyberoam iView.
 Risk: Risk level associated with the application. The risk level is a numeric value. Higher value
represents higher risk.
 Hits: Number of attempts to access the application.
 Percent: Relative percent distribution among the blocked applications.
Screen - Top Blocked Applications
Top Blocked Destination Countries widget
Report displays a list of destination countries with maximum number of blocked attempts.
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per denied destination
country while tabular report contains following information:
 Country: Name of the top denied destination country.
 Hits: Number of denied attempts per destination country.
 Percent: Relative percent distribution among the denied destination countries.
Screen - Top Blocked Destination Countries
Top Blocked Source Countries widget
Report displays a list of source countries from where the maximum number of blocked attempts is
originated.
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per denied source country
 Country: Name of the top denied source country.
 Hits: Number of denied attempts per source country.
 Percent: Relative percent distribution among the denied source countries.
Screen - Top Blocked Source Countries
Top Blocked Rule ID widget
Report displays the list of the most denied firewall rule IDs.
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per denied rule ID while
 Rule ID: ID number of the top denied rule.
 Hits: Number of denied attempts per firewall rule.
 Percent: Relative percent distribution among the denied rule IDs.
Screen - Top Denied Rule ID
Top Blocked Categories widget
Report displays list of categories with the maximum number of denied attempts.
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per denied categories while
 Category: Name of the denied categories.
 Hits: Number of blocked attempts to access the category.
 Percent: Relative percent distribution among the denied categories.
Screen - Top Blocked Categories
Top Blocked Domains widget
Report displays list of domain name/IP Address with the maximum number of denied attempts.
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per denied domain while
 Domain: IP Address or domain name of the denied domain.
 Hits: Number of blocked attempts to access the domain.
 Percent: Relative percent distribution among the denied domains.
Screen - Top Blocked Domains
Top Attacks widget
Report displays list of attacks launched at your network along with number hits per attack.
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per blocked attack while
 Attack: Name of the top blocked attacks.
 Hits: Number of blocked attempts per attack.
 Percent: Relative percent distribution among the attacks.
Screen - Top Attacks
Top Viruses widget
Report displays list of the blocked viruses along with relative percentage distribution among the
viruses.
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per blocked virus while
 Virus Name: Name of the virus.
 Count: Number of virus instances.
 Percent: Relative percent distribution among the viruses.
Screen - Top Viruses
Click Virus hyperlink in table or pie chart to view Detailed Virus Reports.
Top Spam Senders widget
Report displays list of spam senders along with number of hits and relative percentage distribution.
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per spam sender while
 Sender: Email ID of the spam sender.
 Hits: Number of hits per Email ID.
 Percent: Relative percent distribution among the spam senders.
Screen - Top Spam Senders
Top Spam Recipients widget
Report displays list of spam recipients along with number of hits and relative percentage distribution.
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per spam recipient while
 Recipient: Email ID of spam recipient.
 Hits: Number of hits per recipient.
 Percent: Relative percent distribution among the spam recipients.
Screen - Top Spam Recipients
Blocked Traffic Summary widget
Report displays list of denied traffic types along with number of hits and relative percentage
distribution.
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per denied traffic type while
 Traffic: Blocked traffic type.
 Hits: Number of hits per blocked traffic type.
 Percent: Relative percent distribution among the blocked traffic type.
Screen - Blocked Traffic Summary
Virus Summary widget
Report displays list of top virus types along with number of hits and relative percentage distribution.
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per application carrying
viruses while tabular report contains following information:
 Application: Name of the application.
 Hits: Number of hits per application.
 Percent: Relative percent distribution among the applications.
Screen - Virus Summary
Spam Summary widget
Report displays list of spam protocols along with number of hits and relative percentage distribution.
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per spam protocol while
 Application: Name of the protocol.
 Hits: Number of hits per protocol.
 Percent: Relative percent distribution among the application protocol.
Screen - Spam Summary
IDP Attacks Summary widget
Report displays list of IDP attacks along with number of hits and relative percentage distribution.
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per IDP attack type while
 Attack Type: Displays type of attacks.
 Hits: Number of hits per attack type.
 Percent: Relative percent distribution among the attack types.
Screen - IDP Attacks Summary

Content Filtering Denied Summary widget
Report displays list of applications denied by Content Filtering along with number of hits and relative
percentage distribution.
row of the page.
Pie chart displays number of hits and percentage wise distribution of hits per protocol denied by
Content Filtering module while tabular report contains following information:
 Recipient: Protocol denied by Content Filtering module.
 Hits: Number of hits per denied protocol.
 Percent: Relative percent distribution among the denied protocols.
Screen - Content Filtering Denied Summary
Virus Traffic
Virus Traffic reports consist of following granular reports in widget format:
 Top Applications
 Top Viruses
 Top Virus Sending Countries
The granular reports page displays multiple reports in the widgets form, which can again be drilled
down to view the filtered report.
Top Applications widget
Report displays a list of applications which has the maximum number of virus counts.
Report is displayed using a bar chart as well as in tabular format.
By default, the report is displayed for the current date. Report date can be changed from the top
most row of the page.
Bar chart displays top applications while tabular report contains following information:
 Application/Protocol: Port: Displays name of the application as defined in Cyberoam/Cyberoam-
iView. If application is not defined in Cyberoam/Cyberoam-iView then this field will display
 Count: Number of virus counts.
Top Viruses widget
Report displays a list of viruses which has the maximum number of counts.
Bar chart displays top viruses while tabular report contains following information:
 Virus Name: Displays name of the virus.
 Count: Number of virus counts.
Top Virus Sending Countries widget
Report displays a list of countries from where maximum virus traffic is originated along with number
of counts per country.
Bar chart displays top countries while tabular report contains following information:
 Country: Displays name of the virus sending countries.
 Count: Number of hits for the virus sending countries.
Custom Dashboard
Cyberoam iView provides option to the user to create custom dashboard based on user, source host
and Email Address.
Custom Dashboard is divided into following sub-dashboards:

 Username Dashboard
 Source Host Dashboard
 Sender’s Email Address Dashboard
 Recipient’s Email Address Dashboard
Username Dashboard
Cyberoam iView user dashboard provides snapshot of user’s activities in your network.
To view the User Dashboard:

 Go to Dashboards > Custom Dashboard.
 Select Username in Criteria drop-down and specify the username.
 Click Go to view user based dashboard.

 Top Files Downloaded via FTP
 Top Web Viruses
 Internet Usage
Widget report displays number of Hits and amount of data transferred per category for the selected
user.
View report from Dashboards > Custom Dashboard > Username.

Bar graph displays amount of data transferred per category while tabular report contains following
information:
 Category: Displays name of the category as defined in monitored device. If category is not
defined in the monitored device then this field will display ‘None’ at place of category name.
 Hits: Number of hits to the category.
Please refer to Reports by User and Category for details.
Widget report displays number of Hits and amount of data transferred per file for the selected user.
View report from Dashboards > Custom Dashboard >Username.

Bar graph displays amount of data transferred per file while tabular report contains following
information:
 File: Name of the file.
 Hits: Number of hits to the file.
 Bytes: Amount of data uploaded.
Screen - Top Files Uploaded via FTP
Please refer to Reports by User and FTP Files Upload for details.
Top Files Downloaded via FTP widget
information:
 Bytes: Amount of data downloaded.
Please refer to Reports by User and FTP Files Download for details.
Widget report displays number of Hits per category for the selected user.

Bar graph displays number of Hits per category while tabular report contains following information:
Please refer to Reports by User and Category for details.
Top Web Viruses widget
Widget report displays number of Hits per virus for the selected user.

Bar graph displays number of hits per virus while tabular report contains following information:
 Virus: Name of the virus as identified by monitored device.
 Counts: Number of virus occurrence.
Screen - Top Web Viruses
Please refer to Reports by User and Virus for details.
Internet Usage widget
Widget report displays total amount of data transfer and surfing time for the selected user.
View report from Dashboards >Custom Dashboard > Username.

Bar graph displays total amount of data transfer per user while tabular report contains following
information:
 User Name: Name of the user as defined in monitored device.
 Data Transfer: Total amount of data transfer.
 Used Time: Total surfing time.
Screen – Internet Usage

Refer to Report by User and Internet Usage for details.
Report by User and Internet Usage

Report displays break-up of total amount of transferred data along with start time and stop time.
View report from Dashboards > Custom Dashboard > Username >Internet Usage
widget > User Name.

 Start Time: Data transfer starting time in HH:MM:SS format.
 Stop Time: Data transfer stop time in HH:MM:SS format.
 Uploaded: Amount of uploaded data.
 Downloaded: Amount of downloaded data.
 Data Transfer: Total amount of data transferred (Upload + Download) by the user.
Source Host Dashboard
To view the following detailed reports of a particular host, go to Dashboards > Custom
Dashboard > Source Host IP Address.
 Top Files Downloaded via FTP
Widget report displays number of Hits and amount of data transferred per category for the selected
user.
View report from Dashboards > Custom Dashboard > Source Host IP Address.

Bar graph displays amount of data transferred per category while tabular report contains following
information:
View report from Dashboards > Custom Dashboard > Source Host IP Address.
information:
 Hits: Number of Hits to the file.
 Bytes: Amount of data uploaded.
Screen - Top Files Uploaded via FTP
Please refer to Reports by Host and File Upload for details.
Top Files Downloaded via FTP widget
View report from Dashboards >Custom Dashboard > Source Host IP Address.

information:
 Bytes: Amount of data downloaded.
Please refer to Reports by Host and File Download for details.
Widget report displays number of Hits per category for the selected user.

Bar graph displays number of Hits per category while tabular report contains following information:
Sender’s Email Address Dashboard
To view the following detailed reports of a particular email address, go to Dashboards > Custom
Dashboard > Sender’s Email Address of the user
 Top Mails Sent to
 Top Sender Hosts
 Top Sender Destinations
 Top Sender Users
 Top Spam Sent
Top Mails Sent to Widget
Widget report displays list of top recipients along with the number of Hits and amount of data
transferred.
View report from Dashboards > Custom Dashboard > Sender’s Email Address.

Bar graph displays amount data transferred per recipient, while tabular report contains following
information:
 Recipient: Email address of the recipient.
 Hits: Number of Hits to the recipient.
Screen - Top Mails Sent to
Please refer to Reports by Sender and Recipient for details.
Top Sender Hosts Widget
Widget report displays list of top sender hosts along with the number of Hits and amount of data
transferred.

Bar graph displays amount data transferred per source host, while tabular report contains following
information:
 Source Host: IP address of the host.
 Hits: Number of Hits to the host.
Screen - Top Sender Hosts
Please refer to Reports by Sender and Host for details.
Top Sender Destinations Widget
Widget report displays list of top sender destinations along with the number of Hits and amount of
data transferred.

Bar graph displays amount data transferred per sender destination, while tabular report contains
 Destination: URL name or IP address of the destination.
 Hits: Number of hits to the destination.
Screen - Top Sender Destinations

Please refer to Reports by Sender and Destination for details.
Top Sender Users Widget
Widget report displays list of top sender users along with the number of Hits and amount of data
transferred.

Bar graph displays amount data transferred per sender user, while tabular report contains following
information:
 User: Username of the user as defined in the monitored device. If the User is not defined then
it will display ‘N/A’ which means the traffic is generated by an undefined user.
 Hits: Number of Hits for the user.
Screen - Top Sender Users
Please refer to Reports by Sender and User for details.
Top Spam Sent Widget
Widget report displays list of top spam recipient along with the number of Hits.

Bar graph displays number of hits per spam recipient, while tabular report contains following
information:
 Recipient: Email address of the spam recipient.
 Hits: Number of Hits for the recipient.
Screen - Top Spam Sent
Please refer to Reports by Spam Sender and Recipient for details.
Recipient’s Email Address Dashboard
To view the following detailed reports of a particular email address, go to Dashboards > Custom
Dashboard > Recipient’s Email Address of the user
 Top Mails Received From
 Top Recipients Hosts
 Top Recipient Destinations
 Top Recipient Users
 Top Spam Received
Top Mails Received from Widget
Widget report displays list of top senders along with the number of Hits and amount of data
transferred.
View report from Dashboards > Custom Dashboard > Recipient’s Email Address.

Bar graph displays amount data transferred per sender, while tabular report contains following
information:
 Sender: Email address of the sender.
 Hits: Number of Hits for the sender.
Screen - Top Mails Received From
Please refer to Reports by Recipient and Sender for details.
Top Recipient Hosts Widget
Widget report displays list of top recipient hosts along with the number of Hits and amount of data
transferred.

Bar graph displays amount data transferred per recipient host, while tabular report contains following
information:
 Recipient Host: IP address of the host.
 Hits: Number of hits to the host.
Screen - Top Recipient Hosts

Please refer to Reports by Recipient and Host for details.
Top Recipient Destinations Widget
Widget report displays list of top recipient destinations along with the number of Hits and amount of
data transferred.

Bar graph displays amount data transferred per recipient destination, while tabular report contains
 Destination: URL name or IP address of the destination.
 Hits: Number of hits to the destination.
Screen - Top Recipient Destinations
Please refer to Reports by Recipient and Destination for details.
Top Recipient Users Widget
Widget report displays list of recipient users along with the number of Hits and amount of data
transferred.

Bar graph displays amount data transferred per recipient user, while tabular report contains following
information:
 User: Username of the user as defined in the monitored device. If the User is not defined then
it will display ‘N/A’ which means the traffic is generated by an undefined user.
 Hits: Number of hits to the user.
Screen - Top Recipient Users
Please refer to Reports by Recipient and User for details.
Top Spam Received Widget
Widget report displays list of top spam senders along with the number of Hits.

Bar graph displays number of Hits per spam sender, while tabular report contains following
information:
 Sender: Email address of the spam sender.
 Hits: Number of hits to the sender.
Screen - Top Spam Received
Please refer to Reports by Spam Recipient and Sender for details.

Top Domains by User and Category
Report displays a list of domains, the number of connections to each domain and the amount of data
transferred through the selected category and by the user.
View the report from Dashboard > Custom Dashboard > Username> Top Web
Categories widget > Category.
To view detailed report for the selected domain, category and user, drill down by clicking the domain
name hyperlink in the table.
Detailed Report by User, Category, URL

Report displays URL details with time stamp in YYYY: MM: DD HH:MM:SS format and the amount
of data transferred through the selected URL.
View the report from Dashboard > Custom Dashboard > Username> Top Web
Categories widget > Category > Top Domains > Domain.
Top Servers and Hosts by User (Upload) and File (Upload

Report displays a list of servers and hosts through which the selected file is downloaded, the number
of hits established to that server through the host to upload the file by the selected user.
View the report from Dashboard > Custom Dashboard > Username> Top Files
Uploaded via FTP widget > File.
To view detailed report for the selected file, user, server and host drill down by clicking server
hyperlink in the table.
Detailed Report by User (Upload), File, Server, Host

Report displays path of the file, amount of data transfer and date and time when the file was
uploaded. Date and Time is displayed in the format - YYYY: MM: DD HH:MM: SS.
Uploaded via FTP widget> File > Top Servers and Hosts > Server.
Top Servers and Hosts by User (Download) and File

Report displays a list of server and hosts through which the selected file is downloaded by the
selected user. It also displays the number of hits established to download the file and the amount of
data downloaded.
View the report from Dashboard > Custom Dashboard > Username > Top Files
Downloaded via FTP widget > File.
Detailed Report by User (Download), File, Server and Host

downloaded. Date and Time is displayed in the format - YYYY: MM: DD HH:MM: SS.
Downloaded via FTP widget > File > Top Servers and Hosts > Server.
Report by User and Virus

Report displays number of connections per URL for the selected virus and user.
View report from Dashboard > Custom Dashboard > Username> Top Web Viruses
widget> Virus.
Bar graph displays number of connections per URL while tabular report contains following
information:
 Time: Date and Time in YYYY: MM: DD HH:MM:SS format.
 URL: URL name or IP address of URL.
 Host: IP address of the host.
 Connections: Number of connections to the URL.
Top Servers and Users by Host (Upload) and File

Report displays a list of servers and users who uploaded the selected file through selected host. It
also displays the number of hits established to upload the file and the amount of data uploaded.
View the report from Dashboard > Custom Dashboard > Source Host > Top Files
Uploaded via FTP widget > File.
Detailed Report by Host (Upload), File, Server and User

uploaded. Date and Time is displayed in the format - YYYY: MM: DD HH:MM: SS.
Uploaded via FTP widget > File > Top Servers and Users > Server.
Top Servers and Users by Hosts (Download) and Files

Report displays a list of server and users who have downloaded the selected file through the
selected host. It also displays the number of hits established to download the file and the amount of
data downloaded.
Downloaded via FTP widget > File.
To view detailed report for the selected file, user, server and host drill down by clicking the server
Detailed Report by Host (Download), File, Server and User

downloaded. Date and Time is displayed in the format - YYYY: MM: DD HH:MM: SS.
Downloaded via FTP widget > File > Top Servers and Users > Server.
Report by Sender’s E-mail Address and Recipient

Report displays amount of data transferred to the selected recipient(s) by the sender.
View the report from Dashboard > Custom Dashboard > Sender’s Email Address
>Top Mails Sent to widget >Recipient.
Bar graph displays amount of data transferred through each E-mail while tabular report contains
 Time: Date and Time in YYYY: MM: DD HH:MM:SS format.
 Subject: Subject line of the Email.
 User: Username of the sender as defined in monitored device. If the User is not defined then it
will display ‘N/A’ which means the traffic is generated by an undefined user.
 Host: IP address of the host.
Cyberoam iView Dashboard
Cyberoam iView Dashboard gives overview of main components of Cyberoam iView. This page
displays following information:
 CPU Usage
 Memory Usage
 Disk Usage
 Event Frequency
CPU Usage widget

Widget report displays percentage of CPU usage in graphical as well as tabular form.
View report from Dashboards > iView Dashboard.

 CPU: State of CPU - Idle or Used
 Percent: Percentage wise distribution of CPU state
Screen – CPU Usage
To view CPU usage Details drill down by clicking the CPU hyperlink in the table.
CPU Usage Details

Report displays trend of CPU usage. Records are collected at the time interval of 5 seconds.
View report from Dashboards > iView Dashboard > CPU Usage widget> CPU.
 Time: Time in (YYYY-MM-DD HH:MM:SS) format
 Usage: CPU usage corresponding to time
Screen – CPU Usage Details
Memory Usage widget

Widget report displays percentage of memory used.
View report from Dashboards > iView Dashboard. Tabular report contains following
information:
 Memory: Status of Cyberoam iView memory as used and free
 Usage: Usage of memory
Screen – Memory Usage
To view memory usage details drill down by clicking the memory hyperlink in the table.
Memory Usage Details

Report displays trend of memory usage.
View report from Dashboards > iView Dashboard > Memory Usage widget >
Memory.

 Usage: Memory usage corresponding to time
Screen – Memory Usage Trend

Disk Usage widget

Widget report displays percentage of hard disk used by Cyberoam iView.
View report from Dashboards > iView Dashboard. Tabular report contains following
information:
 Disk: Name and status of disk used to store database and archive logs
 Usage: Disk usage
Screen – Disk Usage
To view disk usage details drill down by clicking the memory hyperlink in the table.
Disk Usage Details

Report displays trend of disk usage in the form of database and archive usage.
View report from Dashboards > iView Dashboard > Disk Usage widget > Disk.

 Usage: Disk usage corresponding to time
Screen – Disk Usage Trend
Event Frequency widget

Widget report displays event frequency per minute for time slots of 1 hour, 12 hours and 24 hours.
View report from Dashboards > iView Dashboard.

 Time: Displays average time slot
 Events per minute: Displays event per minutes for time slot
Screen – Event Frequency
To view device wise event frequency drill down by clicking the time hyperlink in the table.
Device wise Event Frequency

Report displays device wise event frequency.
View report from Dashboards > iView Dashboard > Event Frequency widget> Time.
Graph displays number of events based on time slots while tabular report contains following
information:
 Device: Device IP address or name.
 Events: Number of events per device.
Screen –Event Frequency by Device

User Management
Prerequisite
Super Admin or Admin privilege required to access and manage User sub menu of System menu.
This section describes how to:

 Add User
 Update User
 Delete User
Cyberoam iView supports three types of user roles:

 Super Admin – Default account. No additional account can be created
 Admin – Only administrator with the Super Admin role can add Admin roles
 Viewer – Administrator with Super Admin and Admin roles can add Viewer roles
Below given table lists the various access privileges associated with the each user role:
Super Admin Admin Viewer

Menu/Role
For all the devices Only for assigned devices Only for assigned device
Add Update Delete View Add Update Delete View Add Update Delete View
Mail Server
Y Y Y Y N N N N N N N N
Configuration
User
Y Y Y Y Y Y Y Y N N N N
Management
Device
Management
Device Group
Management
Application
Y Y Y Y Y Y Y Y N N N N
Category
Custom View Y Y Y Y Y Y Y Y N N N N
Report
Notification Y Y Y Y Y Y Y Y N N N N
Settings
Data
Management
Bookmark
Management
Logs - Y - Y - N - N - N - N
Port
Y Y Y Y - N - N - N - N
Configuration
Backup
Y Y Y Y - N - N - N - N
Management
Disk Usage
Y Y Y Y - N - N - N - N
Limit
External
Configuration Y Y Y Y - N - N - N - N
Authentication Y Y Y Y - N - N - N - N
Server
Maintenance Y Y Y Y - N - N - N - N
Audit Logs - - - Y - - - Y - - - N
Super Admin Admin Viewer
For all the devices Only for assigned devices Only for assigned device
Load and
Search Y Y N
Archive
Unload,
Backup and
Y Y N
Restore
Archive Files
View Live
Y Y N
Logs
View and
Search Y Y Y
Reports
Dashboards
Main, Device,
User, Host,
Y Y Y
Email
Address,
iView)
Table – Privilege Matrix
Use the System > Configuration > Users page to configure and maintain administrators, set
user's administrative access, password maintenance.
Screen – User Management

Add Button Click to add a new user.
Delete Button Click to delete the selected user(s).
Username Username with which the user has logged in.
Name Name of the user.
Role Administrative access privilege of the user.
Email Email Address of the user.
Created by Username of the Administrator who added this user.
Last Login Time Last time when the user had logged in.
Table – User Management Screen Elements
Add User
Go to System > Configuration > Users and click Add to add a new user.
Screen – Add User

Name Name of the user.
Username Specify username, which uniquely identifies the user and will be
used for login.
Username can be any combination of alphanumeric characters

and special characters “_”, “@” and “.”.
Password Specify password.
Password is case sensitive.
Confirm Specify the same password to confirm spelling.
Password
Email Specify a valid Email ID.
The Email ID can be any combination of alphanumeric characters

and special characters “_”, “@” and “.”
Role Select user role from the drop down. Roles define administrative
access privilege.
Refer to Privilege Matrix for details.
Select Device Select the device or device group, which the user can manage.
Click checkbox against the device/device group(s) OR click global

checkbox to select all device/device group(s).
Add Button Click to add a new user.
Cancel Button Click to return to user management page.
Table – Add User Screen Elements
Note
Multiple administrators can have rights to manage same device.
In case of simultaneous update operations by multiple administrators, last updation will be saved.
Update User
Go to System > Configuration > Users and click user to be updated from the user list.
Screen – Update User

Name Displays name of the user, modify if required.
Password Modify password, if required.
Confirm Re-enter changed password.
Password
Email Displays Email Address of the user, modify it required.
Role Displays role of the user, modify if required.
Refer Privilege Matrix to specify the role.

Select Device Displays devices assigned to the user, modify if required.
Update Button Click to save changes in the user.
Cancel Button Click to return to user management page.

Table – Update User Screen Elements
Note
All the fields except Username are editable.
Delete User
Go to System > Configuration > Users to view list of users.
Screen – Delete User

Global Selection Click to select all users.
Individual Selection Click to select individual user.
Delete Button Click to delete selected user.
Table – Delete User Screen Elements
Note
Default account- Super Admin cannot be deleted.
Part 2: Basic Configuration

The section describes how to add and configure devices that communicate with Cyberoam iView.
This chapter covers following sections:

 Device Integration
 Device Management
 Device Group Management
Device Integration
Prerequisite
Super Admin privilege required to access and manage Device sub menu of System menu.
Cyberoam iView collects the log information from multiple devices to generate reports from that log
data.
There are two ways to integrate device to the Cyberoam iView:
 Auto-discover Device
 Add Device (manually)
Auto-Discover Device
Cyberoam iView uses UDP protocol to discover the network device automatically. In order to send
logs to Cyberoam iView, network device has to configure Cyberoam iView as a Syslog server.
On successful login, Super Admin will be prompted with a popup "New Device(s) Found" if a new
device is discovered; else the Main Dashboard is displayed. This prompt will be displayed every time
Super Admin logs in until she takes action on the newly discovered device.
Super Admin can:

 ignore this prompt by clicking
 accept and activate the device by providing Device Name and Device Type. Cyberoam iView will
accept the logs only after device is activated.
 accept and keep device in deactivated state. Cyberoam iView will not accept the logs if device is
in inactive state.
Screen – Device Auto Discovery


Device Name Specify name of the device.
Device name can be any combination of alphanumeric characters

and special characters “_”, “@” and “.
Appliance Key Device appliance key.
IP Address Displays IP Address of the discovered device.
Device Type Select device type from the drop down.
Possible device types:

 Cyberoam
 FortiGate
 SonicWALL
 Squid
 24Online
 Linux Firewall Netfilter/Iptables
 Cisco ASA
 Cisco ASA_CSC_
 Apache
 eScan
 NetGenie
Status Status of the device.
Possible status:
 Active: Click to accept logs from the device.
 Inactive: Click to reject device logs.
Save Button Click to save the information of newly discovered device.
Table – Device Auto Discovery Screen Elements
Device Management
Prerequisite
Super Admin privilege required to access and manage Device sub menu of System menu.
The Cyberoam iView can collect log messages from multiple devices and generate many different
types of reports from that log data.

 Add Device
 Update Device
 Activate Device
 Deactivate Device
 Delete Device
 View Real Time Logs
Go to System > Configuration > Device page to view the list of devices with device name, IP
Address, device type and status.
Screen – Device Management

Add Button Click to add a new device.
Delete Button Click to delete a device.
Current Status Current status of the device.
Possible status:
: Device is added and activated
: Device is added but deactivated
Device Name Name of the device
Device ID Appliance key of the monitored device
IP Address IP Address of the device
Device Type Type of the device.
Possible Device types:

 Cyberoam
 FortiGate
 SonicWALL
 Squid
 24Online
 Cisco ASA
 Cisco ASA_CSC_
 Apache
 eScan
 NetGenie
Status Action that can be performed on the device.
Possible actions:
 Active: Click to accept logs from the device.
 Inactive: Click to reject device logs.
Save Button Click to save the information after changing the status.
Table – Device Management Screen Elements
Add Device
Go to System > Configuration > Device and click Add to add a new device in Cyberoam
iView.
Screen – Add Device


Device ID Specify device ID.
Device Name Specify name of the device.
Device ID and device name can be any combination of

alphanumeric characters and special characters “_”, “@” and “.”.
IP Address Specify IP Address of the device.
Device Type Select device type from the drop down.
Possible device types:
 Cyberoam
 FortiGate
 SonicWALL
 Squid
 24Online
 Cisco ASA
 Cisco ASA_CSC_
 Apache
 eScan
 NetGenie
Description Specify device description, if required.
Status Select status of the device from drop down. To accept logs from
the device one needs to activate the device.
Default status – Inactive

Add Button Click to add the device.
Cancel Button Click to return to Device Management page.
Table – Add Device Screen Elements
Update Device
Go to System > Configuration > Device and click the device to be updated.
Screen –Device Management

Screen – Update Device

Device ID Displays Device ID.
Device Name Displays name of the device, modify if required.
IP Address Displays IP Address of the device, modify if required.
Device Type Displays device type.
Description Displays description of the device, modify if required.
Status Displays status of the device, modify if required.
Possible options:
 Active: Device is active and Cyberoam iView is accepting
logs
 Inactive: Device is inactive and Cyberoam iView is not
accepting logs from the device
Ok Button Click to save changes in the device.
Cancel Button Click to return to Device Management page.
Table – Update Device Screen Elements
Activate Device
To start accepting logs from the added device one needs to activate the device in Cyberoam iView.
Go to System > Configuration > Device and click Active against device name.
Click Save to change status of device.
Screen – Activated Device
Note
You can also activate the device from Update Device section. After activation, Cyberoam iView will start
accepting logs from the device.
Deactivate Device
To stop accepting logs from the added device, one needs to deactivate the device in Cyberoam iView.
Go to System > Configuration > Device and click ‘Inactive’ option against the device name.
Click Save to change the status of device.
Screen – Deactivated Device

Note
You can also deactivate the device from Update Device section. After deactivation, Cyberoam iView will stop
accepting logs from the device.
To access the data of device for forensic investigations do not delete the device from Cyberoam iView, just
deactivate it.
Delete Device
Prerequisite
The Device to be deleted should not be a member of any device group.
The Device to be deleted should not be a part of any Report Notification.
Go to System > Configuration > Device to view the device list.

Global Selection Click to select all the devices.
Individual Click against the device(s) to be deleted.
Selection
Delete Button Click to delete the selected device(s).
Table – Delete Device Screen Elements
View Real-time Logs

Once the device is added, Administrator can verify whether the device is sending the logs or not
through Live Archive Logs. With the real-time logs, Administrator can view the most recent log
received from the selected device without loading the archive log file.
Live Logs
Go to System > Archives >Live Logs to view real-time logs. Page displays the most recent log
received from the selected device.
Screen – Live Archive Logs Criterion
Screen – Received Live Logs

Device Name Select the device whose most recent log should be displayed.
Refresh Time Select the time to refresh the log view automatically.
Possible options:
3 sec, 5 sec, 10 sec, 20 sec,30 sec, 1 min, 2 min, 5 min
Go Button Click to view real-time log for the selected device.
Show Last Specify number of rows of the log entries to be displayed per
Records page.
Possible options:
25, 50, 100
Start Update Click to start log view.
Button
Stop Update Click to stop log view.
Button
Refresh Button Click to refresh the logs manually.
Log view is refreshed automatically as per the configured refresh

time. If you wish to refresh the log view in between, use refresh
button.
Table – Live Logs Screen Elements
Device Group Management
Prerequisite
Super Admin privilege required to access and manage Device Group sub menu of System menu.
Device group is logical grouping of devices based on device location, device type (UTM, Firewall etc.),
device model or device administrator. E.g., group all the devices sending Inventory logs of Inventory
of the organization to generate consolidated report of the Inventory department. Group all the devices
deployed at same geographical location to get network visibility of that area.

 Add Device Group
 Update Device Group
 Delete Device Group
Go System > Configuration > Device Group page to view the list of groups with group
name, description and group members.
Screen – Device Group Management

Add Button Click to add a new device group.
Delete Button Click to delete device group(s).
Device Group Name of the device group
Description Description of device group
Device Name(s) Name of device group members
Table – Device Group Management Screen Elements
Add Device Group

Go to System > Configuration > Device Group and click Add to add a new device group.
Screen –Device Group Management
Screen – Add Device Group

Device Group Specify name of the device group.
Name
Description Specify device group description, if required.
Select Category Specify device category from the drop-down.
Possible Options:
 UTM
 Access Gateway
 EPS
 Web Server
 Smart Wireless Router
Select Device Click drop-down to select the device(s). At least one device has
to be selected.
Selected devices will be member of the group. Single device can

be a member of multiple groups.
Ok Button Click to add a device group.
Cancel Button Click to return to Device Group Management page.
Table – Add Device Group Screen Elements
Update Device Group

Go to System > Configuration > Device Group and click device group to be updated.
Screen – Device Group Management
Screen – Update Device Group

Device Group Displays name of the device group, modify if required.
Name
Description Displays description of the device, modify if required.
Select Category Displays the Device Category of the device to be updated.
Select Device Displays device group members, modify if required.
Ok Button Click to save changes in the device group.
Cancel Button Click to return to device group management page.
Table – Update Device Group Screen Elements
Delete Device Group

Go to System > Configuration > Device Group to view list of device groups.
Screen –Device Group Management

Global Selection Click to select all device groups.
Individual Click to select individual device group.
Selection
Delete Button Click to delete selected device groups.
Table – Delete Device Group Screen Elements
Note
A group can be deleted without removing devices from the group. Removing a group will not remove the
devices from Cyberoam iView.
Part 3: Advanced Configuration

Cyberoam iView provides number of configuration options for customization as per your network
requirement. You can create and manage applications and application groups, configure mail server
to send report notifications, perform search in archives, create custom views, view audit logs for
investigation purpose and many more.
This chapter covers following sections:

 Mail Server Configuration
 Application Category Management
 Custom View Management
 Report Notification Management
 Data Management
 Bookmark Management
 Search
 Logs
 Port Configuration
 Backup Management
 Disk Usage Limit
 External Configuration
 Authentication Server
 Maintenance
 Audit Logs
 Archives
Mail Server Configuration
Prerequisite
Super Admin privilege required to access and manage Mail Server sub menu of System menu.
To send the report notification through E-mail, you need to configure SMTP server in Cyberoam
iView.
Go to System > Configuration > Mail Server Configuration to configure mail server to
send report notifications.
Screen – Mail Server Configuration

Mail Server IP- Specify IP Address and port number of the SMTP server, a port
Port number must be a numeric value in between 1 to 65535.
Default port - 25
Display Name Specify display name of mail sender.
From Email Specify E-mail ID of the sender. Email ID can be any combination
Address of alphanumeric characters and special characters “_”, “@” and
“.”.
SMTP Click checkbox to enable SMTP authentication, if required.
Authentication
Username If SMTP authentication is enabled, specify username. Username
can be any combination of alphanumeric characters and special
characters “_”, “@” and “.”.
Password Specify password. Password field cannot be blank.
Save Button Click to save the configuration information.
Send Test Mail Click to send a test email to specified IP Address.
Button
Table – Mail Server Configuration Screen Elements
Application Category Management
Prerequisite
Super Admin or Admin privilege required to access and manage Application Category sub menu of
System menu.
Cyberoam iView generates reports based on application groups. The application group is a logical
grouping of applications based on their functions, for example, all FTP related applications are part of
FTP application group. Cyberoam iView has categorized the most common applications under 28 pre-
defined application categories.
Each Application has an identifier in the form of protocol and port number through which it is
identified. E.g., Web-Proxy application is identified through protocol TCP and port number 8080. If
application is not defined in Cyberoam iView then instead of application name, protocol and port
number will be displayed in Reports. Cyberoam iView also allows the administrator to add custom
applications and application categories.

 Add Custom Application
 Update Application
 Delete Application
 Add Application Category
 Update Application Category
 Update Application Category Membership
 Delete Application Category
 Add Technology
 Delete Technology
Note
Cyberoam iView uses application categorization of Cyberoam to generate reports for Cyberoam
security appliances. Custom or default categorization done through System > Configuration >
Application Categories will not be applicable in this case.
This section is applicable for appliances other than Cyberoam.
Use System > Configuration > Application Categories page to add and manage
applications in Cyberoam iView.
Screen – Application Categories Management

Add Application Click to add a new application.
Button
Add Application Click to add a new application group.
Category Button
Add Technology Click to add a new technology in Cyberoam iView. By default all
Button the applications fall under one of the following technologies:
 Browser Based
 Client Server
 Network Protocol
 P2P
 N/A
Application Displays name of the application category.
Categories
Description Description of the application category.
Delete option Click to delete application category.
Table – Application Group Screen Elements
Add Custom Application

There are two steps to add a custom application in the Cyberoam iView.
 Add Application
 Add Application Identifier
 Add Application
Go to System > Configuration > Application Categories and click Add Application to
add a new application.
Screen – Application Categories Management
Screen – Add Application


Application Name Specify name of the application, application name can be any
combination of alphanumeric characters and special characters
“_”, “@” and “.”.
Technology Select a technology from following options:
 Browser Based
 Client Server
 P2P
 N/A
Risk Select the risk factor.
Application Select application group from the drop down. If the Application
Category Group is not selected, by default, new Application is added to the
“Unassigned” group.
Done Button Click to add new application.
Cancel Button Click to return to application group management page.
Table – Add Application Screen Elements
 Add Application Identifier

Go to System > Configuration > Application Categories, expand application category
tree, and click the newly added application.
Screen – View Application
Screen – Edit Application


Add Application Click to add application identifier to the created custom
Identifier application.
Technology Select a technology from following options:
 Browser Based
 Client Server
 P2P
 N/A
Risk Select the risk factor.
Application Displays name of the application group.
Category
Application Displays Identifiers associated with the selected application.
Identifiers
Done Button Click to add new application.
Table – Edit Application Screen Elements
Click Add Application Identifier to assign an identifier to the application.
Screen – Add Application Identifier


Application Select application type as TCP or UDP.
Port Type Select port type as port or port range.
From If port range is selected as port type then specify From value for
port range.
To If port range is selected as port type then specify To value for port
range. To port value must be greater than from port value.
Done Button Click to add application identifier.
Table – Add Application Identifier Screen Elements
Screen – Application Identifier added

Application Displays application identifier as combination of application and
Identifier port number.
Delete Icon Click to delete application identifier.
Table – Application Identifier Screen Elements
Note
An application cannot be the member of multiple application categories. To change the group membership,
first remove an application from the current category and then add in the required application category.
Update Application
 Go to System > Configuration > Application Categories.
 Expand Application Category tree and click application to be modified.
 Refer to Add Application for information on each parameter.
Delete Application
Go to System > Configuration > Application Categories and expand application tree to
view list of applications.
Screen –Delete Application

Application Displays application name.
Delete Icon Click to delete application.
Table – Delete Application Screen Elements
Add Application Category

Go to System > Configuration > Application Categories and click Add Application
Category to add a new application category.
Screen – Application Category Management
Screen – Add Application Category


Group Name Specify name of application category, application category name
can be any combination of alphanumeric characters and special
Description Specify description, if required.
Unassigned Displays list of all available unassigned applications.
Applications List
Selected Displays list of selected applications.
Applications List
Move Button Click to move applications from ‘Unassigned Applications’ list to
the 'Selected Applications' list. At least one Application is to be
added. Selected application(s) will be the member of the newly
added Application Category.
Done Button Click to add application category.
Cancel Button Click to return to application category management page.
Table – Add Application Category Screen Elements
Update Application Category

Go to System > Configuration> Application Categories and click the application category
that has to be updated.
Screen – Update Application Category

Description Displays description of application category, modify if required.
Move Button Click to move application from Selected Applications list to
Unassigned Applications list or vice versa.
Done Click to save the changes in application category.
Cancel Click to return to application category management page.
Table – Update Application Category Screen Elements
Note
All fields are editable except application category name.
Update Application Category Membership

Go to System > Configuration > Application Categories and click current application
category of the application.
Screen – Update Application Category Membership

Description Displays description of application category, modify if required.
Move Button Click to move application from Selected Applications list to
Unassigned Applications list.
Done Click to save the changes.
Table –Update Application Category Screen Elements
Refer Add Application Category and Update Application Category for details.
Note
You can also change application category membership from Update Application Category Membership.
Delete Application Category

Go to System > Configuration >Application Categories to view list of application categories.
Screen – Delete Application Category

Application Displays application category name.
Categories
Description Displays description of application category.
Delete Icon Click to delete application category.
Table – Delete Application Category Screen Elements
Note
When you delete an application category, applications under that category will also be deleted.
Add Technology
Go to System > Configuration > Application Categories and click Add Technology to
add a new technology.
Screen – Application Category Management
Screen – Add Technology

Technology Name Specify name of the technology
Done Click to add the technology
Table – Add Technology
Delete Technology
Go to System > Configuration > Application Categories and click Add Technology.
Screen – Delete Application Category

Description Displays description of application category.
Delete Icon Click to delete technology.
Table – Delete Application Category Screen Elements
Custom View Management
Prerequisite
Super Admin or Admin privilege required to access and manage Custom View sub menu of System
menu.
Custom view of reports allows grouping of the most pertinent reports that requires the special
attention for managing the devices. Reports from different report groups can also be grouped in a
single view. In a View, maximum eight reports can be grouped. Custom view provides a single page
view of all the grouped reports.

 Add Custom View
 Update Custom View
 Delete Custom View
Use System > Configuration > Custom View to create and manage custom views in
Cyberoam iView.
Screen –Custom View Management


Add Button Click to add a new custom view.
Delete Button Click to delete a custom view.
Custom View Displays custom view name.
Name
Custom View Displays description of custom view.
Description
Table – Custom View Management Screen Elements
Add Custom View

Go to System > Configuration > Custom View and click Add to create new Custom View.
Screen –Custom View Management

Screen –Add Custom View


Custom View Specify Custom View Name, custom view name can be any
Name combination of alphanumeric characters and special characters
“_”, “@” and “.”.
Custom View Specify description of the Custom View, if required.
Description
Category Product category.
Select Report Expand report group and click against the report to be added in
custom view. Maximum 8 reports can be added.
Add Button Click to add a new custom view.
Delete Button Click to delete a custom view.
Table – Add Custom View Screen Elements
Screen – Custom View display in Navigation Pane
Note
Added custom views will be displayed under Custom Views Sub menu of navigation pane.
Update Custom View

Go to System > Configuration >Custom View and click custom view name to be updated.
Screen – Update Custom View

Description Displays description of custom view, modify if required.
Select Report Expand report group tree to view current reports of custom view.
You can add or remove reports by clicking checkbox against
them. Number of selected reports from each report group will be
displayed against group name. Maximum 8 reports can be added
to a single custom view.
Update Button Click to save changes in custom View.
Cancel Button Click to return to custom view management page.
Table – Update Custom View Screen Elements
Note
All fields except Custom View Name are editable.
Delete Custom View

Go to System > Configuration > Custom View to view list of custom views.
Screen – Delete Custom View

Global Selection Click to select all custom views.
Individual Click to select individual custom view.
Selection
Delete Button Click to delete selected custom view.
Table – Delete Custom View Screen Elements
Report Notification Management
Prerequisite
Super Admin or Admin privilege required to access and manage Report Notification menu of System
menu.
Cyberoam iView can mail reports in PDF format to specified Email Addresses as per the configured
frequency.
 Add Report Notification
 Update Report Notification
 Delete Report Notification
Use the System > Configure > Report Notification to create and manage report notifications.
Screen – Report Notification Management

Add Button Click to add a new report notification.
Delete Button Click to delete a report notification.
Name Name of the report notification.
Report Category of the reports or Bookmark.
Group/Bookmark
Device Name Name of reported device(s).
Email Frequency Report notification frequency- Daily, Weekly, Monthly or Only
Once.
To Email Address Email ID of recipient(s).
Last Sent Time Last time when the report notification was sent.
Table – Report Notification Management Screen Elements
Add Report Notification
Go to System > Configuration > Report Notification and click Add to create a new report
notification.
Screen – Report Notification Management

Screen – Add Report Notification


Name Specify Report Name. Report name can be any
combination of alphanumeric characters and special
Description Specify description of the report notification, if required.
To Email Address Specify Email Address of the recipient in ‘To Email
Address’ field. Use comma to separate multiple Email
IDs.
Select Category Specify Category for the Report Notification. The
possible options are UTM, Access Gateway, EPS, Web
Server and Smart Wireless Router.
Notification Type Specify either ‘Report Group’ or ‘Bookmarks’ for adding
Report Notification.
Sorting Criteria Specify ‘Hits’ or ‘Bytes’ as sorting criterion.
Report Group Select report category from the Report Group drop down
list. Reports from selected category will be sent to the
recipients.
Bookmarks Select available Bookmark(s) from the drop-down.
Device Selection Click the device(s) whose reports are to be mailed from
the ‘Available Devices’ list and click to move the
selected devices to the 'Selected Devices' list. To select
multiple devices press Ctrl key and select devices using
mouse.
Email Frequency Set Email frequency and time. Reports can be mailed
Daily, Weekly, Monthly or Only Once at the configured
interval.
 In case of daily notification, select time of the
day.
 In case of weekly notification, select day of the
week.
 In case of monthly notification, select date of the
month and time.
Ok Button Click to add a new report notification.
Cancel Button Click to return to report notification management page.
Table – Add Report Notification Screen Elements
Update Report Notification

Go to System > Configuration > Report Notification and select report notification to be
updated.
Screen – Update Report Notification

Description Displays description of the report notification, modify if required.
To Email Address Displays Email Address of the recipient in ‘To Email Address’
field, modify if required.
Notification Type Displays selected ‘Report Group’ or ‘Bookmarks’, change if
required.
Report Group Displays report category to send report notification, change if
required.
Device Selection Displays list of available devices and selected devices whose
reports are to be mailed. Move devices from the ‘Available
Devices’ list to the 'Selected Devices' list or vice versa.
Email Frequency Displays Email frequency and time. Reports can be mailed daily
or weekly at the configured interval. In case of weekly
notification, select day of the week.
Ok Button Click to save the changes in report notification.
Cancel Button Click to return to report notification management page.
Table – Update Report Notification Screen Elements
Note
All fields except Report Notification name are editable.
Delete Report Notification

Go to System > Configuration > Report Notification to view list of report notifications.
Screen – Delete Report Notification

Global Selection Click to select all report notifications.
Individual Click to select individual report notification.
Selection
Delete Button Click to delete selected report notifications.
Table – Delete Report Notification Screen Elements
Data Management
Prerequisite
Super Admin privilege is required to access and manage Data Management sub menu of System
menu.
Retention of data and log archives use enormous amount of disk space. To control and optimize the
disk space usage, configure the data retention period of detailed and summarized table. Depending
on the compliance requirement, configure the log retention period.
This section describes how to configure log retention period for various product categories.
Use System > Configuration > Data Management page to configure retention period of
various data tables.
 UTM Data Management
 Access Gateway Data Management
 EPS Data Management
 Web Server Data Management
 Smart Wireless Router Data Management
UTM Data Management
Screen – Database Configuration

Log Retention You can retain following logs for UTM device(s):
Web Surfing Logs:

Web Surfing logs can be retained for time interval starting from 1 month to
1 year.
Cyberoam iView has set default storage of 6 months for Web Surfing logs.
You can configure 1 Month, 2 Months, 3 Months, 6 Months, 9 Months or 1
year to retain Web Surfing logs.
Mail Logs:
Mail logs can be retained for time interval starting from 1 month to 3
months.
Cyberoam iView has set default storage of 3 months for Mail logs. You can
configure 1 Month, 2 Months or 3 Months to retain Mail logs.
IM and Blocked IM Logs:

IM and blocked IM logs can be retained for time interval starting from 1
month to 3 months.
Cyberoam iView has set default storage of 3 months for IM and Blocked IM
logs. You can configure 1 Month, 2 Months or 3 Months to retain IM and
Blocked IM logs.
FTP Logs:
FTP logs can be retained for time interval starting from 1 month to 3
months.
Cyberoam iView has set default storage of 3 months for FTP logs. You can
configure 1 Month, 2 Months or 3 Months to retain FTP logs.
VPN Logs:
VPN logs can be retained for time interval starting from 1 day to 1 month.
Cyberoam iView has set default storage of 3 months for VPN logs. You
can configure 1 Day, 2 Days, 3 Days, 5 Days, 7 Days or 1 Month to retain
VPN logs.
Internet Usage Logs:

Internet usage logs can be retained for time interval starting from 1 day to
3 months.
Cyberoam iView has set default storage of 3 months for Internet usage
logs, but you can configure 1 day, 2 days, 3 days, 5 days, 7 days, 1 month
or 3 months to retain Internet Usage logs.
Blocked Web Attempts Logs:

Blocked Web Attempts logs can be retained for time interval starting from 1
month to 3 months.
Cyberoam iView has set default storage of 3 months for Blocked Web
Attempts logs, but you can configure 1 month or 2 months to retain
Blocked Web Attempts logs.
IPS (Attacks) Logs:

IPS logs can be retained for time interval starting from 1 month to 3
months.
Cyberoam iView has set default storage of 3 months for IPS logs, but you
can configure 1 month or 2 months to retain IPS logs.
Spam Logs:
Spam logs can be retained for time interval starting from 1 month to 3
months.
Cyberoam iView has set default storage of 3 months for spam logs, but
you can configure 1 month or 2 months to retain spam logs.
Virus Logs:
Virus logs can be retained for time interval starting from 1 month to 3
months.
Cyberoam iView has set default storage of 3 months for virus logs, but you
can configure 1 month or 2 months to retain virus logs.
Appliance Audit Logs:

Appliance audit logs can be retained for time interval starting from 1 day to
1 month.
Cyberoam iView has set default storage of 1 month day for appliance audit
logs, but you can configure 1 day, 2 days, 3 days, 5 days or 7 days to
retain appliance audit logs.
Application Logs:
Application logs can be retained for time interval starting from 1 month to 1
year.
Cyberoam iView has set default storage of 6 months for appliance audit
logs, but you can configure 1 month, 2 months, 3 months, 9 months or 1
year to retain application logs.
Blocked Attempts Logs:

Blocked Attempt logs can be retained for time interval starting from 1
month to 1 year.
Cyberoam iView has set default storage of 6 months for blocked attempt
logs, but you can configure 1 month, 2 months, 3 months, 9 months or 1
year to retain blocked attempts logs.
WAF Logs:
Blocked Attempt logs can be retained for time interval starting from 1
month to 1 year.
Cyberoam iView has set default storage of 1 month for WAF logs, but you
can configure 1 to 11 months to retain WAF logs.
Report Period Displays retention period of the logs.
Size Displays current size of the logs.
Status Displays status of last applied change.
Archive Retention Archive Logs:
Archive logs can be retained for time interval starting from 1 day to forever.
Cyberoam iView has set default storage as ‘Forever’ for archive logs, but
you can configure 1, 2 or 5 days, 1 or 2 weeks, 1, 3 or 6 months, 1, 3, 7
years or you can disable retention of archived logs.
Export to Excel Enable to allow number of records selection while saving reports in MS-
Parameters Excel format.
Customization
Apply Button Click to apply changes in database configuration.
Table – Database Configuration Screen Elements
Access Gateway Data Management
Screen - Access Gateway Data Management

Log Retention You can retain following logs for Access Gateway Data Management
device(s):
Firewall Logs:
Firewall logs can be retained for time interval starting from 1 month to 1
year.
Cyberoam iView has set default storage of 6 months for firewall logs.
You can configure 1 Month, 2 Months, 3 Months, 6 Months, 9 Months or
1 year to retain firewall logs.
Web Usage Logs:

Web Usage logs can be retained for time interval starting from 1 month
to 1 year.
Cyberoam iView has set default storage of 6 months for Web Usage
logs. You can configure 1 Month, 2 Months, 3 Months, 6 Months, 9
Months or 1 year to retain Web Usage logs.
Archive logs can be retained for time interval starting from 1 day to
forever.
you can configure 1,2 or 5 days, 1 or2 weeks, 1,3 or 6 months, 1,3,7
Customization
Table – Access Gateway Data Management Screen Elements
EPS Data Management
Screen – EPS Data Management

Log Retention You can retain following logs for EPS Data Management device(s):
USB Control:
USB Control logs can be retained for time interval starting from 1 month
to 1 year.
Cyberoam iView has set default storage of 6 months for USB Control
Months or 1 year to retain USB Control logs.
Web Report Logs:

Web Report logs can be retained for time interval starting from 1 month
to 1 year.
Cyberoam iView has set default storage of 6 months for Web Report
Months or 1 year to retain Web Report logs.
Update Data Logs:

Update Data logs can be retained for time interval starting from 1 month
to 1 year.
Cyberoam iView has set default storage of 6 months for Update Data
Months or 1 year to retain Update Data logs.
Anti Virus Logs:

Anti Virus logs can be retained for time interval starting from 1 month to
1 year.
Cyberoam iView has set default storage of 6 months for Anti Virus logs.
1 year to retain Anti Virus logs.
Application Control Logs:

Application Control logs can be retained for time interval starting from 1
month to 1 year.
Cyberoam iView has set default storage of 6 months for Application
Control logs. You can configure 1 Month, 2 Months, 3 Months, 6
Months, 9 Months or 1 year to retain Application Control logs.
Email Scanning Logs:

Email Scanning logs can be retained for time interval starting from 1
month to 1 year.
Cyberoam iView has set default storage of 6 months for Email Scanning
Months or 1 year to retain Email Scanning logs.
forever.
Customization
Table – EPS Data Management Screen Elements
Web Server Data Management
Screen – Web Server Data Management

Log Retention You can retain following logs for Web Server Data Management
device(s)
Apache Logs:
Apache logs can be retained for time interval starting from 1 month to 1
year.
Cyberoam iView has set default storage of 6 months for Apache logs.
1 year to retain Apache logs.
forever.
Customization
Table – Web Server Data Management Screen Elements
Smart Wireless Router Data Management
Screen - Smart Wireless Router Data Management

Log Retention You can retain following logs for Smart Wireless Router device(s)
Application Activity Logs:
Application Activity logs can be retained for time interval starting from 1
month to 1 year.
Cyberoam iView has set default storage of 1 month for Application
Activity logs.
Web Allow Logs:

Web Allow logs can be retained for time interval starting from 1 month
to 1 year.
Cyberoam iView has set default storage of 2 Months for Web Allow
logs.
Web Denied Logs:

Web Denied Logs can be retained for time interval starting from 1
Month to 1 year.
Cyberoam iView has set default storage of 3 Months for Web Denied
logs.
Attack Logs:
Attack Logs can be retained for the time interval starting from 1 Month
to 1 year.
Cyberoam iView has set default storage of 9 Months for Attack logs.
Virus Logs
Virus Logs can be retained for the time interval starting from 1 Month to
1 year.
Cyberoam iView has set default storage of 9 Months for Virus logs.
forever.
Customization
Table – Smart Wireless Router Data Management Screen Elements

Bookmark Management
Prerequisite
Super Admin or Admin privilege required to access and manage Bookmark Management sub menu of
System menu.
Cyberoam iView allows the user to Bookmark report or report groups at any level of drill down. The
user can generate and view reports on multiple criteria and save them as bookmark. The user can
access the bookmarked reports from left navigation menu on next login.
This section describes how to
 Add Bookmark Group
 Delete Bookmark Group
Use the System > Configuration > Bookmark Management to create and manage
bookmark group.
Screen –Bookmark Management

Add Bookmark Click to add a new bookmark group.
Group Button
Bookmark Groups Name of the bookmark group. Expand the bookmark group to
view member bookmarks.
Table – Bookmark Management Screen Elements
Add Bookmark Group

Go to System > Configuration > Bookmark Management and click Add Bookmark Group
to create a new bookmark group. The user can also add a bookmark group while creating bookmark
of a report page.
Screen –Add Bookmark Group Name

Bookmark Group Specify name of the bookmark group, bookmark group can be
Name any combination of alphanumeric characters and special
Ok Button Click to add the bookmark group.
Cancel Button Click to return on bookmark management page.
Table – Add Bookmark Management Screen Elements
Delete Bookmark Group

Go to System > Configuration > Bookmark Management to view list of available
bookmarks.
Screen – Delete Bookmark Group

Bookmarks or Displays name of the bookmark or bookmark group.
Bookmarks Group
Delete Icon Click to delete bookmark or bookmark group.
Table –Delete Bookmark Group Screen Elements
Search
Search provides option to search various reports based on multiple search parameters.
The administrator can search reports from following categories:
 Web Surfing Reports
 Mail Usage
 Spam
 Virus
 FTP
Web Surfing Reports
Use the Search > Web Surfing Reports to perform search in web surfing reports.
Screen Components:
 Report Type: Type of report to be searched.
o Summary
o Detail
 Search Type: Type of the search. Possible search types are
o Domain
o URL
o Category
o IP Address
 Search For: Possible searches for
o User
o Group
 User Name: User name to be searched.
 Domain: Domain name or URL name to be searched or ‘Category Name’ in case of
Search type ‘Category’.
By default, as soon as you click Web Surfing Reports, the Web Search Result report is displayed
in tabular manner.
Search Reports
1. Go to Search > Web Surfing Reports.
2. Specify Report Type. Possible report types are
o Summary
o Detail
3. Specify Search Type. Possible search types are:
o Domain
o URL
o Category
4. Specify ‘Search For’ value: Possible values are:

o User
o Group
5. Specify username or group name based on ‘Search For’ value. User Name/ Group Name can
be any combination of alphanumeric characters and special characters “_”, “@” and “.”. If User
Name/ Group Name is not specified then search result will be displayed for all the
users/groups.
6. Specify Domain/URL/Category Name. If the Domain/URL/Category Name is not specified then
the result will be displayed for all the domains/URLs or categories.
7. Click Search.
Given below is the list of available Web Surfing search reports:
 Web Search Results by Domain and User
 Web Search Results by Domain and Group
 Web Search Results by URL and User
 Web Search Results by URL and Group
 Web Search Results by Category and User
Web Search Results by Domain and User

The report displays number of hits and amount of data transferred for the selected domain and user
along with the web site name.
1. To view report go to Search > Web Surfing Reports.
2. Specify search parameters as below:
o Search Type: Domain
o Search For: User
o User Name
o Domain
The tabular report contains following information:

 User Name: Username of the user as registered in the monitored device. If User is not registered
in the monitored device then it will be considered as traffic generated by unregistered user and
the field will display ‘N/A’.
 Domain: Domain name or IP address of the domain.
 Hits: Number of Hits to the domain by the user.
 Bytes Amount of data transferred.
Web Search Results by Domain and Group

The report displays number of hits and amount of data transferred for the selected domain and group
along with web site name.
o Search Type: Domain
o Search For: Group
o Group Name
o Domain
Bar graph displays user group wise number of Hits while tabular report contains following
information:
 User Group: Group name of the user group as registered in the monitored device. If group is not
registered in the monitored device then it will be considered as traffic generated by ‘Unknown’
group.
 Domain: Domain name or IP address of the domain.
 Hits: Number of Hits to the domain by the user group.
Web Search Results by URL and User

The report displays number of hits and amount of data transferred for the selected URL and user
with web site name and URL path.

o Report Type: Detail
o Search Type: URL
o Search For: User
o User Name
o Domain/URL

 Time: Time at which the user accessed the website.
 User Name: User name of the user as registered in the monitored device. If User Name is not
registered in the monitored device then it will be considered as traffic generated by unregistered
user and the field will display ‘N/A’.
 Domain: Domain of the website visited by the user.
 URL: URL of the website visited by the user.
 Category: Category of the website visited by the user.
 IP Address: IP Address through which user accessed the website.
Web Search Results by URL and Group
The report displays number of hits and amount of data transferred for the selected URL and group
along with web site name and URL path.
o Report Type: Detail
o Search Type: URL
o Search For: Group
o Group Name
o Domain/URL

 Time: Time at which the user group accessed the website.
 Group Name: Group name of the user group as registered in the monitored device. If group is
not registered in the monitored device then it will be considered as traffic generated by ‘Unknown’
group.
 Domain: Domain of the website visited by the user group.
 URL: URL of the website visited by the user group
 Category: Category of the website visited by the user group.
 IP Address: IP Address through which user group accessed the website.
Web Search Results by Category and User

The report displays number of hits and amount of data transferred for the selected category and
user.
o Search Type: Category
o Search For: User
o User Name
o Category
Bar graph displays user wise number of Hits while tabular report contains following information:
 User Name: User name of the user as defined in the monitored device. If the user is not defined
in the monitored device then it will be considered as traffic generated by undefined user and the
field will display ‘N/A’.
 Category Name: Name of the category as defined in the monitored device.
 Hits: Number of Hits to the user.
Web Search Results by IP Address and User

The report displays number of hits and amount of data transferred for the selected host and user.
o Search Type: IP Address
o Search For: User
o User Name
o IP Address

 User Name: User name of the user as registered in the monitored device. If User Name is not
registered in the monitored device then it will be considered as traffic generated by unregistered
user and the field will display ‘N/A’.
 Host: IP Address associated with the user.
 Hits: Number of Hits to the host by the user.
Mail Usage
Use the Search > Mail Usage to perform search in mail usage reports.
Screen Components:
 Protocol: Search option is available on following protocols:
o SMTP
o POP3
o IMAP
o Any
 User Type: Possible user types
o Recipient
o Sender
o Any
 User Email Address: Specify Email address of the user to be searched.
 Subject: Specify subject line of the Email to be searched.
 Search button: Click to perform search.
By default, as soon as you click Mail Usage Reports, the Mail Search Report is displayed in
tabular manner.
Search Reports
1. Go to Search > Mail Usage.

2. Specify protocol. Available options:
o SMTP
o POP3
o IMAP
o Any
3. Specify user type: Possible user types are:
o Recipient
o Sender
o Any
4. Specify Email address to be searched. Email address can be any combination of
alphanumeric characters and special characters “_”, “@” and “.”. If the Email address is not
specified then search result will be displayed for all the Email addresses.
5. Specify subject line to be searched. If the subject line is not specified then the search result
will be displayed for all the subjects.
6. Click Search.
Refer to Mail Search Report to view report.
Mail Search Report

The report displays amount of data transferred for the selected protocol, user type, Email address
and subject line.
1. To view report go to Search > Mail Usage.

o Protocol: SMTP/POP3/IMAP/Any
o User Type: Recipient/Sender/Any
o Email Address
o Subject

 Time: Time in the YYYY-MM-DD HH:MM:SS format.
 From: From Email ID.
 To: To Email ID.
 Protocol: Protocol name.
 Source IP: Source IP address of the Email.
 Destination IP: Destination IP address of the Email.
Spam
Use the Search > Spam to perform search in spam reports.
Screen Components:
o SMTP
o POP3
o IMAP
o Any
 User Type: Possible user types:
o Recipient
o Sender
o Any
By default, as soon as you click Spam Reports, the Spam Search Report is displayed in tabular
manner.
Search Reports
1. Go to Search > Spam.
2. Specify protocol. Available options are:
o SMTP
o POP3
o IMAP
o Any
o Recipient
o Sender
o Any
6. Click Search.
Refer to Spam Search Report to view report.
Spam Search Report

and subject line.
1. To view report go to Search > Spam.
o Protocol: SMTP/POP3/IMAP/Any
o Email Address
o Subject

 Time: Time in the YYYY-MM-DD HH:MM:SS format.
 Source IP: Source IP address of the Email.
 Destination IP: Destination IP address of the Email.
Virus
Use the Search > Virus to perform search in Virus reports.

Screen Components:
o SMTP
o POP3
o IMAP
o HTTP
o HTTPS
o FTP
o Any
 User Type: Possible user types
o Recipient
o Sender
o Any
 Virus Name: Specify name of the virus to be searched.
Search Reports
1. Go to Search > Virus.
2. Specify protocol. Available options are:
o SMTP
o POP3
o IMAP
o HTTP
o HTTPS
o FTP
o Any
o Recipient
o Sender
o Any
6. Specify virus name to be searched. If the virus name is not specified then the search result will
be displayed for all the viruses.
7. Click Search.
Refer to Virus Search Report to view report.
Virus Search Report
and subject line.
1. To view report go to Search > Virus.

o Protocol: SMTP/POP3/IMAP/HTTP/HTTP/FTP/Any
o Email Address
o Subject
o Virus Name

 Time: Time in YYYY:MM:DD HH:MM:SS format.
 Virus: Name of the virus.
 Source IP: Source IP address of the virus.
 Destination IP: Destination IP address of the virus.
FTP
Use the Search > FTP to perform search in FTP reports.
Screen Components:
 Transfer Type: Possible types:
o Download
o Upload
o Any
 Search For: Possible search criteria
o User
o File
 User Name/File Name: User name or File name to be searched.
Search Reports
1. Go to Search > FTP.
2. Specify file transfer type. Available options:
o Download
o Upload
o Any
3. Specify search criteria: Available options:
o User
o File
4. Specify username or file name to be searched. If the user name or file name is not specified
then search result will be displayed for all the files and users.
5. Click Search.
Refer to FTP Search Report to view report.
FTP Search Report

The report displays amount of data transferred for the selected user, file and transfer type.
1. To view report go to Search > FTP.

o Transfer Type: Upload/Download/Any
o Search For: User/File
o User Name/File Name

 Time: Time in YYYY-MM-DD HH:MM:SS format.
 Client IP: IP address of the machine from where the file transfer is done.
 Server IP: IP address of the server from where the file transfer is done.
 User: User name as defined in monitored device.
 Direction: Upload/Download.
 Bytes: Amount of data transfer.
Logs
Prerequisite
Super Admin or Admin privilege is required to access and manage Logs page.
To achieve compliance requirement of some geographical regions, Cyberoam iView provides MD5
sum for DHCP and Web Usage log files. It ensures integrity of log data, which means the log files are
intact and log data is not manipulated.
This section describes how to enable and disable Checksum Configuration for DHCP and Web
Usage:
Go to System > Configuration > Logs to enable and disable Checksum Configuration for
DHCP and Web Usage.
Screen –Checksum Configuration

Click Save to save Changes.
Port Configuration
Prerequisite
Super Admin or Admin privilege is required to access and manage Port Configuration sub menu of
System menu.
This page allows administrator to configure access ports (HTTP and HTTPS) and syslog port to
provide flexibility for accessing Cyberoam-iView and receiving syslog data.
Go to System > Configuration > Port to specify HTTP, HTTPS and Syslog port number. By
default Cyberoam-iView is accessed on HTTP port 8000 and HTTPS port 8443 and syslogs are
received on port 514.
Screen – Port Configuration

Click Save to save changes
Backup Management
Prerequisite
Super Admin or Admin privilege required to access and manage Backup Management page.
Cyberoam iView allows the administrator to take scheduled backup of detailed report data on FTP
server.
Use System > Configuration > Backup Management to configure scheduled backup of detailed
report data on FTP server.
Backup Schedule
Screen –Backup Configuration

Backup Frequency of taking backup. You can choose to take backup on
Frequency daily basis or never.
FTP Server IP IP Address of the FTP server.
User Name Username of FTP server.
Password Password of FTP server.
Start Time (24 Start time to take backup.
Hour Format)
Save Button Click to save changes.
Table – Backup Configuration Screen Elements
Disk Usage Limit
Prerequisite
Super Admin or Admin privilege required to access and manage Disk Usage Limit page.
Cyberoam iView allows the administrator to configure threshold limit for disk usage.
When the specified Lower Threshold limit is reached, Cyberoam - iView sends an Email alert
notification informing the administrator to manage disk space and when the specified Upper Threshold
limit is reached, Cyberoam iView sends an Email alert notification informing that no new data will be
accepted till the disk space is restored to either Lower Threshold or below.
Use System > Configuration > Disk Usage Limit to configure lower and upper threshold
limit for disk usage.
Screen – Disk Usage Threshold Configuration

Lower Threshold Specify lower threshold value in percentage. On reaching the
(%) specified threshold, Cyberoam-iView sends an Email to the pre-
configured Email address informing the administrator to manage
disk space.
Higher Threshold Specify higher threshold value in percentage. On reaching this
(%) threshold, Cyberoam-iView sends an Email on the pre-configured
Email address informing that no new data will be accepted till the
disk space is restored to either Lower Threshold or below.
Apply Button Click to apply the changes.
Table – Disk Usage Threshold Configuration Screen Elements
External Configuration
Prerequisite
Super Admin or Admin privilege is required to access and manage External Configuration sub menu
of System menu.
External configuration page allows the administrator to configure necessary parameters required to
integrate Cyberoam iView with third party solutions like Cyberoam Central Control.
Use System > Configuration > External Configuration to set necessary parameters for
third party solution integration.
Screen – External Configuration

Name Specify name of the third party solution to be integrated.
URL Specify URL path to respond to requests sent by third party
solution.
HTTP Method Specify HTTP method to communicate with third party solution.
Response Specify response parameters to be sent to third party solution.
Parameter
Save Button Click Save to save changes.
Table – External Configuration Screen Elements
Authentication Server
Prerequisite
Super Admin or Admin privilege is required to access and manage Authentication Server sub menu of
System menu.
Cyberoam-iView supports user authentication against:

 a LDAP server
 a RADIUS server
 an internal database defined in Appliance
User authentication can be performed using local user database, RADIUS, LDAP or any combination
of these.
Local Authentication:
Cyberoam-iView provides a local database for storing user information. You can configure Cyberoam
iView to use this local database to authenticate users and control their access to the network. Choose
local database authentication over LDAP or RADIUS when the number of users accessing the
network is relatively small. Registering dozens of users takes time, although once the entries are in
place they are not difficult to maintain. For networks with larger numbers of users, user authentication
using LDAP or RADIUS servers can be more efficient.
Combination of external and local authentication is useful in large networks where it is required to
provide guest user accounts for temporary access while a different authentication mechanism like
RADIUS for VPN and SSL VPN users provides better security as password is not exchanged over the
wire.
External Authentication:
External Authentication Servers can be integrated with the Cyberoam iView for providing secure
access to the users of those servers.
This section describes how to

 Add Authentication Server
 Delete Authentication Server
Use System > Configuration > Authentication to add and manage Authentication Servers
in Cyberoam iView.
Screen – Authentication Server

Add Button Click to add a new authentication server.
Delete Button Click to delete an authentication server.
Server Name Displays authentication server name.
Type Displays type of authentication server. Possible Types:
 LDAP
 RADIUS
IP Address IP Address of authentication server.
Port Port number of authentication server.
Version Authentication server version.
Table – Authentication Server Screen Elements
Add Authentication Server

Go to System > Configuration > Authentication Server and click Add to add a new
Authentication Server.
Screen – Authentication Server Management

You can add following types of authentication servers:
 LDAP
 RADIUS
Add LDAP Server:
Screen – Add LDAP Authentication Server

Server Type Select LDAP Server. If user is required to authenticate using an
LDAP server, appliance needs to communicate with LDAP server
for authentication.
Server Name Name to identify the server.
Authentication Specify LDAP Server IP address.
Server IP
Port Specify Port number through which Server communicates.
Default port is 389
Version Select LDAP version. For example, 2
Base DN Specify the base distinguished name (Base DN) of the directory
service, indicating the starting point for searching user in the
directory service. If you are not aware about Base DN, click Get
Base DN to retrieve base DN.
The top level of the LDAP directory tree is the base, referred to
as the "Base DN". A base DN usually takes one of the three
forms: Organization name, Company’s Internet Domain name or
DNS domain name. For example dc=google, dc=com
Administrator Specify Username for the user with Administrative privileges for
LDAP server.
Password Specify Password for the user with Administrative privileges for
LDAP server.
Authentication Set authentication attribute. It is the attribute used to perform user
Attribute search.
By default, LDAP uses uid attribute to identify user entries. If you

want to use a different attribute (such as given name), specify the
attribute name in this field.
Test Connection Click Test connection” button to check the connectivity between
LDAP and the appliance.
Table – Add LDAP Authentication Server Screen Elements
Add RADIUS Server:
Screen – Add RADIUS Authentication Server

Server Type Select RADIUS Server. If user is required to authenticate using a
RADIUS server, appliance needs to communicate with RADIUS
server for authentication.
Server Name Name to identify the RADIUS server.
Server IP Specify RADIUS Server IP address.
Authentication Specify Port number through which Server communicates.
Port Default port - 1812
Shared Secret Specify share secret, which is to be used to encrypt information
passed to the appliance.
Test Connection Click Test connection button to check the connectivity between
RADIUS and the appliance.
Table – Add RADIUS Authentication Server Screen Elements
Delete Authentication Server

Go to System > Configuration > Authentication Server to view the list of Authentication
Servers.
Screen – Delete Authentication Server

Global Selection Click to select all authentication servers.
Individual Click to select individual authentication server.
Selection
Delete Button Click to delete selected authentication server.
Table – Delete Authentication Server Screen
Maintenance
Prerequisite
Super Admin or Admin privilege is required to access and manage Maintenance sub menu of System
menu.
Backup is the essential part of data protection. Backups are necessary in order to recover data from
the loss due to the disk failure, accidental deletion or file corruption. There are many ways of taking
backup and just as many types of media to use as well.
The Maintenance menu enables you to back up and restore your Cyberoam iView. It is a good idea to
backup the Cyberoam iView configuration on a regular basis to ensure that, if the system fails, you
can quickly get the system back to its original state with minimal effect to the network. It is a good idea
to back up the configuration after making any changes to the configuration of the Cyberoam iView or
settings that affect the managed appliances.
Once the backup is taken, you need to upload the file for restoring the backup. Restoring data older
than the current data will lead to the loss of current data.
Administrator can schedule Cyberoam iView backup or manually take the backup from System >
Configuration > Maintenance.
Screen – Maintenance

Backup Restore
Backup Click Backup Now to take backup manually.
Configuration
Restore Browse to locate backup available at your machine.
Configuration
Upload and Click to upload and restore browsed backup file.
Restore
Backup Schedule
Backup Select backup frequency.
Frequency
In general, it is best to schedule backup on regular basis.
Depending on how much information you add or change will help
you determine the schedule.
Available options:
 Never – Select this option if you do not want to take

backup.
 Daily – Configure time at which the backup should be
taken.
 Weekly – Configure day and time at which the backup
should be taken.
 Monthly – Configure day and time at which the backup
should be taken.
Backup Mode Select how and to whom backup files should be sent.
Available Options:
 FTP – If backup is to be stored on FTP server, configure

FTP server IP address, username and password to be
used.
 Mail – If back up is to be mailed, configure email id on
which backup is to be mailed.
Manage Backup
Backup Time Displays time in DD/MM/YYYY HH:MM:SS format when the
backup is taken.
Size (KB) Displays size of the backup file.
Restore Click to restore the backup.
Download Click to download the backup.
Table – Maintenance Screen Elements
Audit Logs
Prerequisite
Super Admin or Admin privilege is required to access and manage Audit Logs sub menu of System
menu.
Audit logs are required to ensure accountability, security and problem detection of a system.
Use System > Audit Logs page to view audit logs for Cyberoam iView.
Screen –Audit Logs


Action Time Action time represents time of the event.
Category Category of the event. Refer Category-Event-Message table for
details.
Severity Displays predefined severity levels in iView:
 Emergency : System is not usable
 Alert: Action must be taken immediately
 Critical: Critical condition
 Error: Error condition
 Warning: Warning condition
 Notice: Normal but significant condition
 Info: Informational
 Debug: Debug-level messages
Message Message is one line description of event. Refer Category-Event-
Message table for detail.
Username Username of the user associated with the event.
IP Address IP Address of the user.
Table – Audit Logs Screen Elements
Category-Event-Message Table:
Cyberoam iView displays audit logs for following categories with corresponding events and
messages:
Category Event Logs for Message

Mail SMTP server SMTP server IP: Port <IP Address>:<Port> has
configuration update been set
SMTP server IP: Port <IP Address>:<Port> with
username <username> has been set
SMTP server IP: Port <IP Address>:<Port>
setting failed
SMTP server IP: Port <IP Address>:<Port> with
username <username> setting failed
Add Report Notification Report notification < report notification name>
added successfully
Update Report Report notification < report notification name>
Notification updated successfully
Delete Report Notification Report notification < report notification name>
deleted successfully
Sent report notification Mail with subject <subject> sent to <recipient’s
Email ID>
Mail sending failed :<error message>
User User Login User <username> login successful
User <username> login failed
Not authenticated due to database connection
error
User Log out User log out successful
Add User User <username> added successfully
Add failed due to duplicate user name
Update User User <username> updated successfully
User <username>update failed
Delete User User <username> deleted successfully
User <username> delete failed
Device Add Device <device status> device <device name> is added
Update Device Device < device name> is updated
Device status for < comma separated device
name> updated
Delete Device Device < comma separated device name> are
deleted
Device < comma separated device name> are
not deleted
Add Device Group Device group <device group name> is added
Device group <device group name> add failed
due to duplicate device group name
Update Device Group Device group <device group name> is updated
Delete Device Group Device group <device group name> is deleted
Application Add Application Identifier Application identifier is added to application
<application name>
Delete Application Application identifier is deleted from application
Identifier <application name>
Add Application Application <application name> is added to
application group <application group name>

Update Application Application <application name> is updated in
application group <application group name>
Delete Application Application <application name> is deleted
Add Application Group Application group <application group name> is
added
Update Application Group Application group <application group name> is
updated
Delete Application Group Application group <application group name> is
deleted
Reset to Default Application groups, applications and application
identifiers are reset to default
Views Unauthorized access to Unknown user has tried to access unauthorized
web pages page name <page name>
User has tried to access unauthorized page
name <<page name>>
Data Archived Logs Archived (cold) log file will be deleted till date(dd-
mm-yyyy) <<configured removal date>>
Archived Log configuration updated to
<<archived limit>> days
Detail Table Detail Table configuration updated to <<detail
table limit >> days
Summary Table Summary Table configuration updated to
<<summary table limit>> days
Report Add Custom View Custom view < custom view name> added
successfully
Custom view < custom view name> addition
failed
Update Custom View Custom view < custom view name> updated
successfully
Custom view < custom view name> update failed
Delete Custom View Custom view < custom view name> deleted
successfully
Custom view < custom view name> deletion
failed due to <error message>
<number of custom view> custom view(s)
deleted successfully
Table – Category-Event-Message
Note
Audit logs can be filtered based on category type and severity.
In addition, you can perform search based on username, IP Address and message.
Archives
Prerequisite
Super Admin or Admin privilege is required to access and manage Archives sub menu of System
menu.
Archive logs are collection of historical records, which are the initial line of forensic investigation.
Cyberoam iView retains archive log data for the configured period. Data Retention period can be
configured from the System > Configuration > Data Management page. For further details, refer to
Data Management section.

 View Archived Files
 Search in Archived Files
 Live Logs
 Backup Archived Files
 Download Backup Files
 Restore Archived Files
 Unload Archived Files
View Archived Files

Go to System > Archives > Archive Files to view archived log files.
Screen – View Archived Files

Date Date of archive logs.
Total Size Total size of archive data for the specified day.
ZipSize Size of Zip file of archived data.
Table – Archived Files Screen Elements
Search in Archive Files

Go to System > Archives > Archive Search and click Search to perform search in loaded
archived file.
Screen - Archived Index Files

Date Displays date of archive index files.
Total Size Displays size of the archive index files.
Action Action that can be performed on archived index files:
 Search: Click to search the archive index files.
 Create Index: Click to generate index. This option is
against the dates when
o Cyberoam iView Firmware is upgraded.
o Backup from another Cyberoam iView is
taken on the current Cyberoam iView
Once archived index file is created, user can search it.
Table - Archived Index Files Screen Elements
User comes across the following screen after clicking Search:
Screen – Search in Archived Files

Advanced Search Logs search criteria can be based on either of the following:
options
 is - Click to get search results exactly matching the
mentioned criteria.
 isn’t - Click to get search results exactly opposite of the
mentioned criteria.
 contains - Click to get search results containing the
mentioned criteria.
 starts with - Click to get search results beginning with the
mentioned criteria.
Search Criteria Available search criteria:

 User
 Source
 Destination
 Rule
 Protocol
 Sent (Bytes)
 Received (Bytes)
 URL
 Sender
 Receiver
Add Criteria Click to add a new search criterion.
Button
Remove Criteria Click to remove the added criterion.
Button
Table – Search Criteria Section Elements

Time Displays date and time for the log.
User Displays name of the user as defined in the device.
Source Displays source IP Address.
Destination Displays destination IP Address.
Rule Displays rule ID.
Protocol Displays protocol number.
Sent (Bytes) Displays number of bytes sent.
Received (Bytes) Displays number of bytes received.
URL Displays IP Address or URL name accessed by the user.
Device Name Displays device name.
File Name Displays name of the file.
Offset Displays file offset.
Sender Displays name of the sender.
Receiver Displays name of the receiver.
Table – Search Result Screen Elements
Note
Blank fields in result show unavailability of the data.
Live Logs
Go to System > Archives > Live Logs to view live logs.
Screen – Live Logs

Device Name Select device to view live logs.
Refresh Time Select time interval for refreshing the logs.
Go Button Click to start receiving live logs data stream.
Show Last Select number of records to be displayed.
Start/Stop Update Click ‘Start Update’ to continue receiving live logs stream and
Button click ‘Stop Update’ to stop receiving live logs stream.
Refresh Button Click to refresh live logs manually.
Backup Archived Files
Prerequisite
Unloading of the archived file is required to take backup.
You cannot take back up for current date.
Go to System > Archives > Backup Management to take backup of archived files on
Cyberoam iView machine.
Screen – Backup Archived Files

Date Displays date of archive log files.
Total Size Displays size of the backup file.
Backup Now Click to take backup of the selected files.
Button
If the archived file is partially loaded, then the backup of only
unloaded data will be taken.
Once the backup file is created, Administrator can download the

backup file on any machine including Cyberoam iView machine
itself.
Table – Backup Archived Files Screen Elements
Screen – Successful Backup of Archived Files
Backup file naming convention:

To help identity the backup of each device, Backup file is named as <Device ID_ YYYYMMDD>
Where:
 Device ID - As configured in Cyberoam iView
 YYYYMMDD - Date as displayed on Archive Files page under Date column
Download Backup file

Go to System > Archives > Backup Management and click Download Backup Files. Click
Download button to against the filename to download the backup on local machine from where
Cyberoam iView Web Admin Consoles accessed.
Screen – Download Archived Files

Date Date in YYYY/MM/DD format when the backup was taken.
Device Name IP address or Name of the backup device.
Device ID Appliance key of the backup device.
Filename Displays list of all the zipped backup files.
Size Size of the backup file.
Delete Button Click to delete backup file.
Download Click to download backup files on the local machine.
Cancel Button Click to return to the Backup Management page.
Table – Download Archived Files Screen Elements
Restore Archived file

Go to System > Archives > Backup Management and click Restore Files button. Browse
the file to be restored and click Restore.
Screen – Restore Files

Browse Click to browse a backup file to be restored.
Filename Displays path of the file to be restored.
Add Click to add another file.
Delete Click to delete the selected file.
Restore Button Click to restore the selected file(s).
Cancel Button Click to return to Backup Management page.
Table – Restore Files Screen Elements
Cyberoam iView Documentation Copyright

© 2014 Cyberoam – a Sophos Company. All rights reserved worldwide.
Cyberoam – a Sophos Company has supplied this Information believing it to be accurate and reliable
at the time of printing, but is presented without warranty of any kind, expressed or implied. Cyberoam
– a Sophos Company assumes no responsibility for any errors that may appear in this document.
Information is subject to change without notice.
In no event shall Cyberoam – a Sophos Company be liable for any direct, indirect, or incidental
damages, including, damage to data arising out of the use or inability to use this manual.
No part of this work may be reproduced or transmitted in any form or by any means except as
expressly permitted by Cyberoam – a Sophos Company. This does not include those documents and
software developed under the terms of the open source General Public License.
Cyberoam iView ™ is the trademark of Cyberoam – a Sophos Company.
If you need commercial technical support for this product please visit www.cybreoam-iview.com.
You can visit open source Cyberoam iView forums at https://sourceforge.net/projects/cyberoam-
iview/support to get support from the project community.
Cyberoam iView License Policy

Cyberoam iView is free software, if you are using and/or enhancing / developing open source
applications: you can redistribute it and/or modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, either version 3 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
A copy of the GNU General Public License is available along with this program; see the COPYING file
for the detailed license.
The interactive user interfaces in modified source and object code versions of this program must
display Appropriate Legal Notices, as required under Section 5 of the GNU General Public License
version 3.

CR Iview Administrator Guide PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CR Iview Administrator Guide PDF

Uploaded by

Copyright:

Available Formats

Administrator Guide

Document Version 1.3- 0.1.2.7

Search ........................................................................................................................................ 131

This Guide is organized into three parts:

Part 2 – Basic Configuration

Part 3 – Advanced Configuration

Item Convention Example

Subtitles Bold & Black

Navigation link Bold typeface System > Configuration > Users

Prerequisites Bold typefaces

Part 1: Cyberoam iView Basics

Accessing Cyberoam iView

Web Browser should meet the following requirements:

Cyberoam-iView can be accessed over HTTP and HTTPS protocol.

For Cyberoam iView Software:

For Cyberoam iView Hardware Appliance:

Web Admin Console – Browse to http://<IP address of Cyberoam-iView Appliance>:8000 or

Screen Elements Description

Password Specify password.

Language Web Admin Console language.

Login button Logs on to Web Admin Console.

If you are logging for the first time after installation:

Log out procedure

Understanding Interface – Web Admin Console

Screen – Basic Screen Components

Screen Elements Description

Select the product category to generate and view reports.

Click the menu item to access the next level menu.

Reports Menu Screen components

Screen – Report Screen Components

Screen Elements Description

Reports will be generated and displayed for all the selected

Reports will be generated and displayed for the selected time.

Use page controls to navigate to a specific page of the report.

Dashboard provides a summary view of entire network traffic.

By default, Cyberoam iView provides following dashboards:

 Allowed Traffic Overview widget

Allowed Traffic Overview widget

Widget report is displayed as graph as well as in tabular format.

Screen – Allowed Traffic Overview

Denied Traffic Overview widget

Widget report is displayed as graph as well as in tabular format.

Screen – Denied Traffic Overview

Cyberoam Main dashboard can be drilled down for following dashboards:

Traffic Dashboard consists of following reports in widget form:

Top Applications widget

View the report from Main Dashboard > Traffic Dashboard.

Report is displayed as pie chart as well as in tabular format.

Screen - Top Applications

Top Application Categories widget

View the report from Main Dashboard > Traffic Dashboard.

Report is displayed as pie chart as well as in tabular format.

Screen - Top Application Categories

Top Users widget

View the report from Main Dashboard > Traffic Dashboard.

Report is displayed as pie chart as well as in tabular format.

Screen - Top Users

Top Hosts widget

View the report from Main Dashboard > Traffic Dashboard.

Report is displayed as pie chart as well as in tabular format.

host while tabular report contains following information:

Screen - Top Hosts

Top Source Countries widget