Cloud Firewall provides log reports that show statistics such as basic traffic metrics and inbound and outbound traffic distribution. You can view and analyze traffic data distribution in different monitoring scenarios. For example, you can specify a time range, subscribe to log reports, and configure refresh frequency settings.
Prerequisites
The log analysis feature of Cloud Firewall is enabled. For more information, see Overview.
The delivery switch for Internet traffic logs is turned on. For more information, see Modify log storage configurations.
Procedure
Log on to the Cloud Firewall console.
In the left-side navigation pane, choose .
In the upper-right corner of the Reports tab, click Time Range and specify a time range to view the data that is collected within the specified time range on the dashboard. For more information, see Dashboard description.
If you do not specify a time range, the system displays the data within the previous hour.
NoteThe system applies the time settings only to the current tab and does not save the settings. The next time you open the Reports tab, the dashboard displays data based on the default time setting.
In the upper-right corner of the Reports tab, click Refresh to specify the frequency at which you want to refresh log reports.
Optional. Click the icon in the upper-right corner of a widget to perform the following operations:
View: Select this option to zoom in on the widget.
Preview Query Statement: Select this option to view the statement that is used to query the log data of a specific metric. You can use the statement to query log data on the Logs tab. For more information, see Query and analyze logs.
Select Time Range: Select this option to specify a relative time range, time frame, or custom time range to allow the widget to display the log data of a specific metric.
Download Chart Data: Select this option to save the widget as a PNG file to your computer.
Download Chart: Select this option to save the widget as an Excel file to your computer.
Dashboard description
Log reports provide a global view of Internet traffic, including basic traffic metrics, inbound and outbound traffic trends, and traffic distribution.
Type | Widget | Description |
Basic metrics | Total number of Intercepting | The number of unauthorized access requests that are blocked by Cloud Firewall, including inbound and outbound requests. |
Inbound Traffic | The total volume of traffic from the Internet to internal assets. | |
Outbound Traffic | The total volume of traffic from internal assets to the Internet. | |
SSH Access | The number of SSH access requests, including inbound and outbound requests. | |
RDP Access | The number of Remote Desktop Protocol (RDP) access requests, including inbound and outbound requests. | |
FTP Access | The number of FTP access requests, including inbound and outbound requests. | |
Inbound Traffic | Intercept trend | The trend chart for the number of times that unauthorized access requests from the Internet to internal assets are blocked. |
Intercept Source Applications | The top 10 applications over which the most blocked access requests are initiated from the Internet to internal assets. | |
Sources – Global | The geographic distribution of traffic sources from the Internet to internal assets. | |
Source Applications – Top 10 | The top 10 applications over which the most access requests are initiated from the Internet to internal assets and the proportion of visits. | |
Source Regions – Top 10 | The top 10 regions from which the most inbound traffic from the Internet to internal assets is sent and the proportion of visits. | |
Source Ports – Top 20 | The top 20 ports over which the most traffic is sent from the Internet to internal assets and the numbers of visits. | |
Outbound Traffic | Intercept trend | The trend chart for the number of times that unauthorized access requests from internal assets to the Internet are blocked. |
Intercept External Applications | The top 10 applications over which the most blocked access requests are initiated from internal assets to the Internet and the proportion of visits. | |
External Ports – Top 20 | The top 20 ports over which the most traffic is sent from internal assets to the Internet and the numbers of visits. | |
External IP Addresses – Top 10 | The top 10 IP addresses from which the most requests are initiated from internal assets to the Internet and the proportion of visits. | |
External Domains – Top 10 | The top 10 domain names from which the most requests are initiated from internal assets to the Internet and the numbers of visits. | |
External Applications – Top 10 | The top 10 applications over which the most requests are initiated from internal assets to the Internet and the proportion of visits. |