You are here

Which additional functionality does the licensed Reporting Modul offer?

Affects product: 
Airlock WAF
Affects version(s): 
4.2

 
Core functionalty without licensed Reporting Modul

Airlock provides a lot of very useful log data and graphical informations even if the additional Reporting Module is not licensed.

Without the licensed Reporting Module, the section Report does only provide demo data. It doesn't contain real system data.

Log Viewer

The Log Viewer shows all Log Messages over all Airlock components like OS messages, blocked requests, allowed requests, authenticated sessions and others. You can filter for many predefined values and/or search strings.

  • Easy access to Today's Events (like System Errors, Blocked Requests, allowed Requests)
  • Advanced Search Form for fast find of log informations
  • Search for time ranges (year, month, day, hour, minute, second)
  • Simple filtering for components/categories
  • and more

Example of Log Viewer:

Log Viewer

You can also generate diagrams showing the number of log lines (avg/max) or log file sizes. The layout drop-down menu gives you access to these three layouts. You find them under “----GRAPH---“. A diagram showing response times between Airlock and back-end hosts is available as under “----Airlock----- Responses”.

System Monitor

Realtime system informations are available on the page System Monitor. In four cagetories you will find all necessary information of the status of your system. All graphics are available in following time ranges:

  • 8 h
  • 1 day
  • 1 week
  • 4 weeks
  • 1 year

The available categories are:

  • System
    • Number of Sessions
    • Number of SG Processes
    • CPU Load
    • Uptime
  • Memory
    • Free Memory
    • Allocated Memory
    • Available Memory
    • Memory Page Scan Rate
    • Disk Usage
  • TCP/IP
    • TCP Number of Open Connections
    • TCP Segment Size
    • TCP Reset Rate
    • TCP Attempt Fail Rate
  • Interfaces (separate tab for every interface)
    • Traffic
    • Interface Errors per Second
    • Interface Collisions

Example of System Monitor graphics:

System Monitor - System

Alerting

The Alerting Module delivers log messages and aggregated events to backend systems. These may be centralized monitoring solutions like IBM Tivoli, Nagios, BMC Patrol.

  • Syslog Forwarding
    • System Errors
    • All requests
    • Blocked Requests
    • Request aggregations
  • Event Notification Channels
    • Mail
    • HTTP

Example of an Alerting setup:

Alerting

Additional functionality with active Reporting Modul License

With a license including the Reporting Modul capability, following views and logs are added.

Log Viewer

You get additional diagrams through the Log Viewer. You will find over the dropdown “Layout” additional entries to generate following diagrams (if data are available).

  • Block Reason
    The legend show the type of block reasons (p.e. NoMappingFound).
  • Matched Deny Rules
    The legend show the type of matched deny rules (p.e. HTTP response splitting rule).
  • HTTP Method
    The legend show the type of HTTP Method (p.e. POST and GET).
  • Time Histogram
    Shows how many Web-Requests/Access take how long to proceed (group of <10 ms, 10 ms, 20ms, etc.).
  • Size Histogram
    Shows the Web-Request sizes in units of 100 Byte, 200 Byte… 2 kb, 5 kb etc.
  • HTTP Status Code
    It’s an overview of positive (like 200, 304) and negative status codes (like 404, 500, etc.) and counting values about the number of Web-Requests with this status codes.

Reporting

Summary of statistics and reports with text and graphical diagrams. Available time ranges are:

  • now
  • daily
  • weekly
  • monthly
  • yearly

Export of the reports are available in following formats:

Example for statistics over HTTP return codes:

Reports - Overview

Reports - Weekly

Licensing

The Airlock Reporting Module is sold as an optional capability for Airlock.
For sales inquiries, please contact airlock-sales@ergon.ch.

Knowledge Base Categories: