Predefined Reports List

With the release of Fireware v12.8, WatchGuard announced the deprecation of the WatchGuard Log Server, Report Server, and Quarantine Server. WSM still includes these server components, but they are no longer supported in v12.9 and higher. We will remove them in a future WSM release.

Your WatchGuard Report Server includes predefined reports that you can generate to see the data from your Fireboxes or WatchGuard servers. You can use WatchGuard WebCenter to view the Available Reports that have already been generated, or you can generate a new On-Demand Report.

For detailed instructions about how to view and generate reports, go to View Reports in Report Manager.

This list includes all of the reports that you can schedule your Report Server to automatically generate or select to generate On-Demand. The sections in this topic include information about the daily and weekly reports that are automatically scheduled when you configure a Firebox and a WatchGuard server to send log messages to your WatchGuard Log Server.

The WatchGuard WebCenter web UI includes predefined daily and weekly reports that you can select to view from the Available Reports list. You can also generate a new Per Client report or an On-Demand report. Each report includes specific information about the activity on your network. Not all reports may be available to you in the web UI reports list.

For information about how to view or generate a report in WebCenter, go to View Reports in Report Manager or Generate On-Demand Reports.

WatchGuard Dimension includes predefined reports that are automatically generated from the log message data from your Fireboxes, FireClusters, and WatchGuard Servers. You can also select these reports when you configure a report schedule.

For information about how to view a report or create a report schedule in Dimension, go to View Reports or Schedule Dimension Reports.

Report Type Report Name Description
Application Control Application Usage Summary Summary report of application usage data
  Top Applications by user Summary of application usage data by user
  Top Applications by host Summary of application usage data by host
  Top Users Blocked Summary of users blocked by Application Control
  Top Hosts blocked Summary of hosts blocked by Application Control
Audit Reports Server Audit Details Detailed report of server activity
  Server Audit Summary Summary of server activity
  Server Authentication Audit Summary of server authentication
BUM Report BUM Report Detailed report for all Fireboxes and VPN tunnels managed by your Management Server
Client Reports Top Client Reports Top client reports by application usage, blocked applications, blocked categories, proxy bandwidth, and proxy connection count
Compliance Reports   The Compliance Reports group gives you information about the traffic on your network that relates to HIPAA and PCI compliance
  Alarm Summary Report Summary report of alarm records on the Firebox
  Audit Trail Detailed list of audited configuration changes for a Firebox
  User Authentication Denied Detailed list of users denied authentication
Includes date, time, and reason for authentication failure
  Gateway AntiVirus Summary Gateway AntiVirus action summary
ConnectWise Reports   ConnectWise Reports are only available if you have a ConnectWise account and have configured the ConnectWise settings for your Report Server.
Data Loss Prevention Reports DLP Activity Summary Summary report of all Data Loss Prevention activity and actions on the Firebox
  DLP Source Summary Summary report of all violations of the Data Loss Prevention rules on the Firebox, sorted by the source addresses
  DLP Destination Summary Summary report of all violations of the Data Loss Prevention rules on the Firebox, sorted by the destination addresses
  DLP Rules Summary Summary report of all violations of the Data Loss Prevention rules on the Firebox, sorted by the rules
  DLP Detail Detailed list of all violations of the Data Loss Prevention rules on the Firebox
Firebox Statistics   Firebox bandwidth statistics for all interfaces
  Intrusion Prevention Service Summary All intrusion prevention actions
  Most Popular Domains Top websites visited by clients
  WebBlocker (Summary, by Category and by Client) Statistics and websites blocked by WebBlocker service
Exceptions Alarms

All alarm records

To enable your Firebox to include alarm details in the log messages used to generate this report, in Policy Manager, you must enable the Firebox to send a log message and to send a notification message about the event that triggered the log message.

For more information, go to Set Logging and Notification Preferences.

  Denied packets detail Detailed report for each incoming or outgoing action
  Denied packets by client detail Detailed report of all denied packets, grouped by client
  Denied packets by client summary Summary report of all denied packets, grouped by client
Firebox Reports Audit trail

Detailed list of audited configuration changes for a Firebox

To enable your Firebox to include details about changes to the configuration file in the log messages used to generate this report, in Policy Manager, select Setup > Logging, and select the Send log messages when the configuration for this Firebox is changed check box.

For more information, go to Define Where the Firebox Sends Log Messages.

  Bandwidth/Transfer Rate (for external interfaces and VPN tunnels)

These reports are generated when a Bandwidth report is scheduled. They include information about the bandwidth/transfer rate for external interfaces as well as BOVPN and Mobile VPN tunnels.The data sampling interval is based on the report time range. The minimum interval is 1 minute. The published report samples data every 10 minutes.

To enable your Firebox to include details about performance statistics in the log messages used to generate this report, in Policy Manager, select Setup > Logging > Performance Statistics, and select the External Interface and VPN Bandwidth Statistics check box.

For more information, go to Include Performance Statistics in Log Messages (WSM).

  DHCP lease activity Detailed report of all activity for the DHCP lease
  Firebox statistics Firebox bandwidth statistics for all interfaces
  User Authentication

Detailed list of users authenticated
Includes login time, logout time, and connection method information

To enable your Firebox to include details about user authentication in the log messages used to generate this report, in Policy Manager, select Setup > Authentication, and configure the authentication settings for your Firebox.
  User Authentication Denied Detailed list of users denied authentication
Includes date, time, and reason for authentication failure
Gateway AntiVirus Reports Detail by email sender Gateway AntiVirus action details by email sender
Available for SMTP or POP3
  Detail by host (HTTP) Gateway AntiVirus action details by host
  Detail by protocol Gateway AntiVirus action details by protocol
  Detail by virus Gateway AntiVirus action details by virus
  Gateway AntiVirus summary Gateway AntiVirus action summary
Intrusion Prevention Service Reports Detail by IP-spoofed packets Prevention summary details by IP-spoofed packets
  Detail by protocol Prevention summary details by protocol
  Detail by signature Prevention summary details by signature
  Detail by source IP Prevention summary details by source IP
  Detail by threat level Prevention summary details by severity
  Intrusion Prevention Service Summary All intrusion prevention actions
Packet-Filter Summaries Daily trend Summary of packet-filter data by time, based on the number of connections
  Host summary by source Summary of packet-filter data for hosts by source
  Host summary by destination Summary of packet-filter data for hosts by destination
  Service summary Summary of packet-filter data by service
  Session summary Summary of packet-filter data by session
POP3 Proxy  

To enable your Firebox to include proxy action details in the log messages used to generate the reports in this category, in Policy Manager, add or edit a POP3 proxy action, select the General Settings category and select the Enable Logging for Reports check box.

For more information, go to POP3-Proxy: General Settings.

  POP3 Server summary POP3 server activity summary
  User summary POP3 user activity
Proxy Traffic   To enable your Firebox to include proxy action details in the log messages used to generate the reports in this category, in Policy Manager, add or edit a proxy action, select the General Settings or General category, and select the Enable Logging for Reports check box.
  Proxy daily trend Proxied traffic summary by time
  Proxy source by hits Proxied traffic summary of hits by host
  Proxy source by bandwidth Proxied traffic summary of bandwidth by host
  Proxy destination by hits Proxied traffic summary of hits by destination
  Proxy destination by bandwidth Proxied traffic summary of bandwidth by destination
  Proxy session by hits Proxied traffic summary of hits by session
  Proxy session by bandwidth Proxied traffic summary of bandwidth by session
  Proxy summary Proxied traffic summary by proxy
Reputation Enabled Defense Reputation Enabled Defense Summary Summary of Reputation Enabled Defense actions
SMTP Proxy  

To enable your Firebox to include proxy action details in the log messages used to generate the reports in this category, in Policy Manager, add or edit an SMTP proxy action, select the General Settings category, and select the Enable Logging for Reports check box.

For more information, go to SMTP-Proxy: General Settings.
  SMTP proxy detail SMTP proxy action records by time
  SMTP server summary SMTP server activity summary (for internal and external email accounts)
  SMTP email summary SMTP email activity summary (for internal and external servers)
spamBlocker Summary spamBlocker summary

Statistics by spam type, action, and spam senders and recipients, for SMTP-proxy traffic
Web Audit Reports  

To enable your Firebox to include web audit details in the log messages used to generate the reports in this category, in Policy Manager, select Subscription Services > WebBlocker > Configure, add or edit a WebBlocker category, select the Categories tab, and select the Log This Action check box.
  Web audit summary Trends, active clients, most popular domains, WebBlocker information, and websites blocked by proxy rules
Charts are included for the more detailed reports. You can click a chart to see a detailed report.
  Web audit by category Web traffic details by category
  Web audit by client Web traffic details by client
Web Traffic Reports    
  Activity trend Hourly trend data
  Most active clients detail Top web traffic clients by name and IP address
  Most popular domains Top websites visited by clients
  URL details by client All URLs in order by client
  URL details by domain All URLs in order by domain
  URL details by time All URLs in chronological order
  Web Traffic Summary

Top websites visited by clients, in a bar chart

Top web categories visited by clients, in a pie chart
WebBlocker Reports   To enable your Firebox to include WebBlocker details in the log messages used to generate the reports in this category, in Policy Manager, select Subscription Services > WebBlocker > Configure, add or edit a WebBlocker category, select the Categories tab, and select the Log This Action check box.
  WebBlocker summary Statistics and websites blocked by WebBlocker service
  WebBlocker by category Websites blocked by category
  WebBlocker by client Websites blocked by client
Wireless Intrusion Detection Wireless Intrusion Detection Summary

Summary of all Wireless Intrusion Detection actions

To enable your Firebox to include wireless intrusion detection details in the log messages used to generate this report, in Policy Manager, in the Wireless Configuration dialog box, you must select the Enable Rogue Access Point Detection check box.

For more information, go to Enable Rogue Access Point Detection on a Wireless Firebox.

Daily and Weekly Report Schedules

When you install and configure your WatchGuard Report Server and configure a Firebox and a WatchGuard server to send log messages to your WatchGuard Log Server, four default reports are automatically added to the Report Server Report Schedules list in WatchGuard Server Center:

  • Weekly Appliance Reports
  • Weekly Server Reports
  • Daily Appliance Reports
  • Daily Server Reports

The Daily Server Reports schedule only appears if you configure a WatchGuard server to send log messages to your Log Server. The Daily Appliance Reports and Weekly Appliance Reports schedules appear when you configure one or more Fireboxes to send log messages to your Log Server. In Log and Report Manager Web UI, daily reports are available from the Daily tab.

Weekly reports are generated each week on the day and time you specify. When weekly reports are generated, if there is log data for one of the weekly report categories, that weekly report is generated. If there is not data for a category, the weekly report for that category is not generated. In WebCenter, weekly reports are available from the Weekly tab.

Weekly Appliance Reports

The Weekly Appliance Reports schedule includes these reports about activity on your device:

  • Compliance Reports
    • Alarm Summary Report
    • Gateway AntiVirus Summary
    • Intrusion Prevention Service Summary
  • Application Control
    • Application Usage Summary
    • Blocked Application Summary
  • Exceptions
    • Alarm Summary Report
    • Alarms
    • Denied Packets by Client (Summary and Detail)
  • Firebox Reports
    • Bandwidth/Transfer Rate (for External Interfaces and VPN Tunnels)
    • Firebox Statistics
    • User Authentication
  • Gateway AntiVirus Reports
    • Gateway AntiVirus Summary
  • Intrusion Prevention Service Reports
    • Intrusion Prevention Service Summary
  • POP3 Proxy
    • POP3 Summary (Email and Server)
  • Reputation Enabled Defense
    • Reputation Enabled Defense Summary
  • SMTP Proxy
    • SMTP Summary (Email and Server)
  • spamBlocker Summary
  • Web Traffic Reports
    • Activity Trend
    • Most Active Clients Detail
    • Most Popular Domains

Weekly Server Reports

The Weekly Server Reports schedule includes the Server Audit Summary report of activity on your server.

Daily Appliance Reports

The Daily Appliance Reports schedule includes all of the reports about activity on your device. This schedule includes all the reports that are not specified in the Daily Server Reports or Weekly Appliance Reports sections.

Daily Server Reports

The Daily Server Reports schedule includes these reports about activity on your server:

  • Audit Reports
    • Server Audit Details
    • Server Audit Summary
    • Server Authentication Audit
  • BUM Report

Related Topics

View Reports in Report Manager

Generate Per Client Reports

View Compliance Reports

About HIPAA Compliance Reports

About PCI Compliance Reports