Custom Reports for Summary Versus Detailed Logs Database

Details

When creating custom reports, fundamentally there are two views.

1. General information about the statistics based on the log type, such as Traffic, Threat and so on. This information is obtained by selecting Summary Database.
2. Detailed information provides all the possible details related to each log entry on the device. This information is obtained by selecting the Detailed logs option. Since these logs provide additional/detailed information, queries may take longer to complete compared to the summarized option.

For the Traffic database, the following additional information is contained within the detailed logs:

1. Action - Allow or Deny.
2. Bytes received / sent -  This is used to calculate the Bandwidth.
3. Elapsed Time - Time spent on the session for that log entry.
4. Interface Inbound and outbound.
5. Nat info - Ip and port details of nat source and destination.
6. Packet - Count, received and sent packets.
7. Repeat count - Number of sessions with same source ip, destination ip and application with in certain time.
8. Session id info.

For the Threat database, the following additional information is contained within the detailed logs:

1. Direction - Indicates direction of Attack 'client-to-server' or 'server-to-client'.
2. URL - url link for the threat log.
3. Repeat Count - Number of sessions with same source ip, destination ip and application with in certain time.
4. Interface Inbound and outbound.
5. Nat info - Ip and port details of nat source and destination.

owner: ssunku