I'm quite new to PAN firewalls, and I find the ACC page to be very informative and can usually find all the info I need from there.
However, I've just had the IT manager request (and omg hes not a happy camper at me) a report of the usage of our internet as we just received an email stating we had gone over our limit for the month, which is strange as we never normally get within 75% of the quota.
Therefore, hes requested that I run a report from the start of the current month to today to find out where or who has done too much downloading as our quote is only downloaded bytes, uploads aren't counted towards the quota.
Now our external interface that the internet router connects to is ethernet1/1
So what I basically want to do is generate a couple of reports that will show whats apps have used the bandwidth this month and then what users have gone to town..
My problem is that I really don't know what fields to include in the custom report to show the info that I need..
Any help would be greatly appreciated.. Also on another note, when I go to the ACC and choose the time frame of this month its reporting some very funky data.. the web browsing is showing a some definate wrong info.. as you see, its telling me I've basically downloaded the entire
internet so far this month and to top it off the top 6 sources have completely incorrect info as well as anything in the 10.x.x.x subnet are our stores subnets and they don't even have external access back through our internet link.
EDIT::.. I've attached the image from above.. it looks a bit average when its inserted
Custom reporting take a little trial & error, but if you spend a little time in there you'll get the hang of it. I always recommend generating the trial custom reports with a short(er) timeframe before trying to make one for an extended period of time. Depending on which database you pull the data from, the report could take some time to run. Make sure it looks good & has the data you're interested in before you open it up to the longer time period.
Go to Monitor / Manage Custom Reports and "Add" a new Custom Report.
Name: 1Day Bandwidth
- Database: Traffic Summary
- Time Frame: Last Calendar Day
- Selected Columns: Source Zone / Destination Zone / Application / Bytes
- Sort By: Bytes / Top 500
(Tip: Click "OK" on this screen to first save the report, then open the report definition back up and click "Run Now". You can go straight to "Run Now" - but be sure to use "OK" to leave this screen, otherwise your custom report definition won't be saved).
If you like the report, then open it up to a week, and then for the month.
You can also generate a similar report using the Traffic Log database - although this report will take quite a bit more time to run than the Traffic Summary database. One caution here is that this report will not show any applications that are permitted through the firewall w/o logging (ie: "Allow" with no logging options enabled).
Hopefully that will help you narrow down which application(s) were the most used. Once you have that, then you can go to the ACC and filter based on the top application(s). You can also do something similar in the Custom Report. Add an additional "Selected Column" of Source Address, and then add a "Query Builder" for that top application. Click on: and, application, =, bittorrent (or whatever the top app was), and then "add". That will limit the report to the specific application, and then show you which IP addresses were the top consumers for that application.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!