Predefined Reports List

Your WatchGuard Report Server includes predefined reports that you can generate to see the data from your Fireboxes or WatchGuard servers. You can use WatchGuard WebCenter to view the Available Reports that have already been generated, or you can generate a new On-Demand Report.

For detailed instructions about how to view and generate reports, go to View Reports in Report Manager.

This list includes all of the reports that you can schedule your Report Server to automatically generate or select to generate On-Demand. The sections in this topic include information about the daily and weekly reports that are automatically scheduled when you configure a Firebox and a WatchGuard server to send log messages to your WatchGuard Log Server.

The WatchGuard WebCenter web UI includes predefined daily and weekly reports that you can select to view from the Available Reports list. You can also generate a new Per Client report or an On-Demand report. Each report includes specific information about the activity on your network. Not all reports may be available to you in the web UI reports list.

For information about how to view or generate a report in WebCenter, go to View Reports in Report Manager or Generate On-Demand Reports.

WatchGuard Dimension includes predefined reports that are automatically generated from the log message data from your Fireboxes, FireClusters, and WatchGuard Servers. You can also select these reports when you configure a report schedule.

For information about how to view a report or create a report schedule in Dimension, go to View Reports or Schedule Dimension Reports.

Report Type	Report Name	Description
Application Control	Application Usage Summary	Summary report of application usage data
	Top Applications by user	Summary of application usage data by user
	Top Applications by host	Summary of application usage data by host
	Top Users Blocked	Summary of users blocked by Application Control
	Top Hosts blocked	Summary of hosts blocked by Application Control
Audit Reports	Server Audit Details	Detailed report of server activity
	Server Audit Summary	Summary of server activity
	Server Authentication Audit	Summary of server authentication
BUM Report	BUM Report	Detailed report for all Fireboxes and VPN tunnels managed by your Management Server
Client Reports	Top Client Reports	Top client reports by application usage, blocked applications, blocked categories, proxy bandwidth, and proxy connection count
Compliance Reports		The Compliance Reports group gives you information about the traffic on your network that relates to HIPAA and PCI compliance
	Alarm Summary Report	Summary report of alarm records on the Firebox
	Audit Trail	Detailed list of audited configuration changes for a Firebox
	User Authentication Denied	Detailed list of users denied authentication Includes date, time, and reason for authentication failure
	Gateway AntiVirus Summary	Gateway AntiVirus action summary
ConnectWise Reports		ConnectWise Reports are only available if you have a ConnectWise account and have configured the ConnectWise settings for your Report Server.
Data Loss Prevention Reports	DLP Activity Summary	Summary report of all Data Loss Prevention activity and actions on the Firebox
	DLP Source Summary	Summary report of all violations of the Data Loss Prevention rules on the Firebox, sorted by the source addresses
	DLP Destination Summary	Summary report of all violations of the Data Loss Prevention rules on the Firebox, sorted by the destination addresses
	DLP Rules Summary	Summary report of all violations of the Data Loss Prevention rules on the Firebox, sorted by the rules
	DLP Detail	Detailed list of all violations of the Data Loss Prevention rules on the Firebox
Firebox Statistics		Firebox bandwidth statistics for all interfaces
	Intrusion Prevention Service Summary	All intrusion prevention actions
	Most Popular Domains	Top websites visited by clients
	WebBlocker (Summary, by Category and by Client)	Statistics and websites blocked by WebBlocker service
Exceptions	Alarms	All alarm records To enable your Firebox to include alarm details in the log messages used to generate this report, in Policy Manager, you must enable the Firebox to send a log message and to send a notification message about the event that triggered the log message. For more information, go to Set Logging and Notification Preferences.
	Denied packets detail	Detailed report for each incoming or outgoing action
	Denied packets by client detail	Detailed report of all denied packets, grouped by client
	Denied packets by client summary	Summary report of all denied packets, grouped by client
Firebox Reports	Audit trail	Detailed list of audited configuration changes for a Firebox To enable your Firebox to include details about changes to the configuration file in the log messages used to generate this report, in Policy Manager, select Setup > Logging, and select the Send log messages when the configuration for this Firebox is changed check box. For more information, go to Define Where the Firebox Sends Log Messages.
	Bandwidth/Transfer Rate (for external interfaces and VPN tunnels)	These reports are generated when a Bandwidth report is scheduled. They include information about the bandwidth/transfer rate for external interfaces as well as BOVPN and Mobile VPN tunnels.The data sampling interval is based on the report time range. The minimum interval is 1 minute. The published report samples data every 10 minutes. To enable your Firebox to include details about performance statistics in the log messages used to generate this report, in Policy Manager, select Setup > Logging > Performance Statistics, and select the External interface and VPN bandwidth statistics check box. For more information, go to Include Performance Statistics in Log Messages (WSM).
	DHCP lease activity	Detailed report of all activity for the DHCP lease
	Firebox statistics	Firebox bandwidth statistics for all interfaces
	User Authentication	Detailed list of users authenticated Includes login time, logout time, and connection method information To enable your Firebox to include details about user authentication in the log messages used to generate this report, in Policy Manager, select Setup > Authentication, and configure the authentication settings for your Firebox.
	User Authentication Denied	Detailed list of users denied authentication Includes date, time, and reason for authentication failure
Gateway AntiVirus Reports	Detail by email sender	Gateway AntiVirus action details by email sender Available for SMTP or POP3
	Detail by host (HTTP)	Gateway AntiVirus action details by host
	Detail by protocol	Gateway AntiVirus action details by protocol
	Detail by virus	Gateway AntiVirus action details by virus
	Gateway AntiVirus summary	Gateway AntiVirus action summary
Intrusion Prevention Service Reports	Detail by IP-spoofed packets	Prevention summary details by IP-spoofed packets
	Detail by protocol	Prevention summary details by protocol
	Detail by signature	Prevention summary details by signature
	Detail by source IP	Prevention summary details by source IP
	Detail by threat level	Prevention summary details by severity
	Intrusion Prevention Service Summary	All intrusion prevention actions
Packet-Filter Summaries	Daily trend	Summary of packet-filter data by time, based on the number of connections
	Host summary by source	Summary of packet-filter data for hosts by source
	Host summary by destination	Summary of packet-filter data for hosts by destination
	Service summary	Summary of packet-filter data by service
	Session summary	Summary of packet-filter data by session
POP3 Proxy		To enable your Firebox to include proxy action details in the log messages used to generate the reports in this category, in Policy Manager, add or edit a POP3 proxy action, select the General Settings category and select the Enable logging for reports check box. For more information, go to POP3-Proxy: General Settings.
	POP3 Server summary	POP3 server activity summary
	User summary	POP3 user activity
Proxy Traffic		To enable your Firebox to include proxy action details in the log messages used to generate the reports in this category, in Policy Manager, add or edit a proxy action, select the General Settings or General category, and select the Enable logging for reports check box.
	Proxy daily trend	Proxied traffic summary by time
	Proxy source by hits	Proxied traffic summary of hits by host
	Proxy source by bandwidth	Proxied traffic summary of bandwidth by host
	Proxy destination by hits	Proxied traffic summary of hits by destination
	Proxy destination by bandwidth	Proxied traffic summary of bandwidth by destination
	Proxy session by hits	Proxied traffic summary of hits by session
	Proxy session by bandwidth	Proxied traffic summary of bandwidth by session
	Proxy summary	Proxied traffic summary by proxy
Reputation Enabled Defense	Reputation Enabled Defense Summary	Summary of Reputation Enabled Defense actions
SMTP Proxy		To enable your Firebox to include proxy action details in the log messages used to generate the reports in this category, in Policy Manager, add or edit an SMTP proxy action, select the General Settings category, and select the Enable logging for reports check box. For more information, go to SMTP-Proxy: General Settings.
	SMTP proxy detail	SMTP proxy action records by time
	SMTP server summary	SMTP server activity summary (for internal and external email accounts)
	SMTP email summary	SMTP email activity summary (for internal and external servers)
spamBlocker Summary	spamBlocker summary	Statistics by spam type, action, and spam senders and recipients, for SMTP-proxy traffic
Web Audit Reports		To enable your Firebox to include web audit details in the log messages used to generate the reports in this category, in Policy Manager, select Subscription Services > WebBlocker > Configure, add or edit a WebBlocker category, select the Categories tab, and select the Log this action check box.
	Web audit summary	Trends, active clients, most popular domains, WebBlocker information, and websites blocked by proxy rules Charts are included for the more detailed reports. You can click a chart to see a detailed report.
	Web audit by category	Web traffic details by category
	Web audit by client	Web traffic details by client
Web Traffic Reports
	Activity trend	Hourly trend data
	Most active clients detail	Top web traffic clients by name and IP address
	Most popular domains	Top websites visited by clients
	URL details by client	All URLs in order by client
	URL details by domain	All URLs in order by domain
	URL details by time	All URLs in chronological order
	Web Traffic Summary	Top websites visited by clients, in a bar chart Top web categories visited by clients, in a pie chart
WebBlocker Reports		To enable your Firebox to include WebBlocker details in the log messages used to generate the reports in this category, in Policy Manager, select Subscription Services > WebBlocker > Configure, add or edit a WebBlocker category, select the Categories tab, and select the Log this action check box.
	WebBlocker summary	Statistics and websites blocked by WebBlocker service
	WebBlocker by category	Websites blocked by category
	WebBlocker by client	Websites blocked by client
Wireless Intrusion Detection	Wireless Intrusion Detection Summary	Summary of all Wireless Intrusion Detection actions To enable your Firebox to include wireless intrusion detection details in the log messages used to generate this report, in Policy Manager, in the Wireless Configuration dialog box, you must select the Enable rogue access point detection check box. For more information, go to Enable Rogue Access Point Detection on a Wireless Firebox.

Daily and Weekly Report Schedules

When you install and configure your WatchGuard Report Server and configure a Firebox and a WatchGuard server to send log messages to your WatchGuard Log Server, four default reports are automatically added to the Report Server Report Schedules list in WatchGuard Server Center:

Weekly Appliance Reports
Weekly Server Reports
Daily Appliance Reports
Daily Server Reports

The Daily Server Reports schedule only appears if you configure a WatchGuard server to send log messages to your Log Server. The Daily Appliance Reports and Weekly Appliance Reports schedules appear when you configure one or more Fireboxes to send log messages to your Log Server. In Log and Report Manager Web UI, daily reports are available from the Daily tab.

Weekly reports are generated each week on the day and time you specify. When weekly reports are generated, if there is log data for one of the weekly report categories, that weekly report is generated. If there is not data for a category, the weekly report for that category is not generated. In WebCenter, weekly reports are available from the Weekly tab.

Weekly Appliance Reports

The Weekly Appliance Reports schedule includes these reports about activity on your device:

Compliance Reports
- Alarm Summary Report
- Gateway AntiVirus Summary
- Intrusion Prevention Service Summary
Application Control
- Application Usage Summary
- Blocked Application Summary
Exceptions
- Alarm Summary Report
- Alarms
- Denied Packets by Client (Summary and Detail)
Firebox Reports
- Bandwidth/Transfer Rate (for External Interfaces and VPN Tunnels)
- Firebox Statistics
- User Authentication
Gateway AntiVirus Reports
- Gateway AntiVirus Summary
Intrusion Prevention Service Reports
- Intrusion Prevention Service Summary
POP3 Proxy
- POP3 Summary (Email and Server)
Reputation Enabled Defense
- Reputation Enabled Defense Summary
SMTP Proxy
- SMTP Summary (Email and Server)
spamBlocker Summary
Web Traffic Reports
- Activity Trend
- Most Active Clients Detail
- Most Popular Domains

Weekly Server Reports

The Weekly Server Reports schedule includes the Server Audit Summary report of activity on your server.

Daily Appliance Reports

The Daily Appliance Reports schedule includes all of the reports about activity on your device. This schedule includes all the reports that are not specified in the Daily Server Reports or Weekly Appliance Reports sections.

Daily Server Reports

The Daily Server Reports schedule includes these reports about activity on your server: