02-20-2010 05:07 AM
I'm struggling a little with the documentation on how to generate useful reports.
If I look in the ACC or default reports I can see destinations but they are simply a mix of raw hostname and rdns lookups - they might show a lot of traffic to, say, a88-221-183-148.deploy.akamaitechnologies.com, but they won't show that traffic was actually people looking at http://news.bbc.co.uk.
How can I get a report that (for example) simply show the top X sites (not individual pages) visited for the past X hour or days please?
Also I'm unclear what I need to enable in terms of logging to be able to do this - do I need to enable (as a minimum) alerting on all URLs for a URL profile assigned to a policy, or does the PAN log all this info somewhere by default?
Thanks!
02-22-2010 11:56 AM
The Reports don't include an option to view the top X domains visited. To view the top X URLs you can create a custom report in which you'd choose the "URL Log" as the Database, choose "URL" as one of your options under "Columns", choose the top X option you'd like and the period of data. To see traffic in the log, either the URL itself or the URL category must be set to alert. Traffic that is allowed and not flagged in any way, will not be recorded in the logs.
Nancy Rice
Technical Support
Palo Alto Networks
1-866-898-9087
02-21-2010 11:29 PM
I'm also looking for the same issue .. I'd like to produce report based on URL domain and not only hits but also volume of traffic for this domains. Till now I wasn't able to do it ... is that on the road map ?
02-22-2010 11:56 AM
The Reports don't include an option to view the top X domains visited. To view the top X URLs you can create a custom report in which you'd choose the "URL Log" as the Database, choose "URL" as one of your options under "Columns", choose the top X option you'd like and the period of data. To see traffic in the log, either the URL itself or the URL category must be set to alert. Traffic that is allowed and not flagged in any way, will not be recorded in the logs.
Nancy Rice
Technical Support
Palo Alto Networks
1-866-898-9087
02-23-2010 05:48 AM
Thanks Nancy.
Are there any plans to change this please?
I ask as, respectfully, there are lots of reports by default which don't seem overly relevant (admittedly I only speak for myself here) yet this seems to me to be a fairly fundamental "What's our Internet connection being used for?" report, IYSWIM?
Thanks.
02-23-2010 10:39 AM
I'll submit a request for the reporting features mentioned in this string.
Nancy Rice
Technical Support
Palo Alto Networks
1-866-898-9087
11-08-2010 10:41 AM
Any movement/roadmap on this please?
It's still a little frustrating to only be able to report by rdns hostname, or by URL visited rather than "plain english" top websites visited.
Thanks.
11-11-2010 06:48 AM
Hi, same as here too.
I'm struggle as the problem that u mention.
Hope this will be available in the next release.
11-12-2010 10:53 AM
Agreed also - a simple top down list of locations as defined by brightcloud
09-22-2011 03:26 AM
I would also like to add my wish for such a report please.
The main selling point to us for the PAN was the reporting but these basic type of reports seem to be missing.
How soon are we likely to see any improvement in the reporting please?
09-22-2011 06:22 AM
I would also like this report.
09-22-2011 11:45 PM
Hi,
Now some of our third party partners reporting tool can actually create reports based on the URL domain portion of the URL logs. I have attached an example from Sawmill.
We understood the need and I will recommend you guys to escalate your needs to our local sales and SE team, in order to make sure that we will be able to well documented your needs in details with justification.
Regards,
Jones
10-26-2011 02:30 AM
Hi,
the sawmill example provided is still not enough:
As a reseller, I (and final customers too) don't care to know that Mister X goes to ad.yieldmanager.com, a248.e.akamai.net or imageserv01.yss4.com...
Palo Alto SE tell us all the time that Next-gen FW can replace WEB Proxys and that cache is not useful . This is true, but how can we argue that point if the FW is not even able to produce the most basic WEB report: Top Website visited (User, Domain, Bytes) ?
I don't want to add a third party tool, such as Sawmill, splunk or whatever else to have this very simple report.
What about PanOS 4.0 (or 4.1) ? If not, is it in the roadmap ? I search in the knowledgepoint forum and a lot of users have the same question...
Thanks for Palo Alto responses.
Regards,
10-26-2011 03:50 AM
Hi,
Certainly I understood your request and I had also heard similar requests somewhere else. For roadmap and formal request I will recommend you to reach your local PAN SE so that they can have better escalation to us. For the time being if you are using some 3rd party reportin solutions that will be a good alternative.
Regards,
Jones
10-26-2011 05:26 AM
Thanks for your answer Jones.
For sure, we will contact our local PAN SE and hope this part of reporting will be improved quickly.
About integrating with a 3rd party, I'm not sure it will solve the problem since the FW only logs websites by Reverse DNS, as someone else already said earlier. Whatever the 3rd party, it will only be capable to use data sent by the FW, isn't it ?
Regards,
10-26-2011 06:11 AM
Hi,
For Sawmill, it will based on our URL log to find out the URL domain versions for top URL domain reporting which should be able to be a temp solution.
Jones
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
