Charts and Tables Tab
The Charts and Tables tab displays statistical data on web usage, filtering activities, and system behavior of an appliance. If the appliance is a node in a Central Management configuration, it displays also statistical data for the other nodes.
View charts and tables information
On the Charts and Tables tab, you can view information on web usage, filtering activities, and system behavior.
- Select Dashboard | Charts and Tables.
- From the Appliance drop-down list, select the appliance you want to view chart and tables information for.
- [Optional] Click Update to ensure you see the most recent information.
- From the list on the navigation pane, select the type of information you want to view. For example, Web Traffic Summary.
Charts and tables display options
There are several options for displaying the information on the Charts and Tables tab, depending on the type of information that is provided.
Types of information are as follows:
- Evolving data — Shows how particular parameters evolved over a selected time interval.
For example, you can view how the number of blocked or allowed URL requests evolved over a selected time interval. - Top scores — Shows top numbers for activities or byte volumes related to key items of the filtering process up to the moment when you view them
What you see then is these numbers, but not how they evolved over time.
For example, you can view the URL categories that have been most often requested. Or you can view media types ranked according to the volumes transferred when web objects of these types were downloaded.
The maximum number of items stored on an appliance for presenting top scores at a given point in time is 20000. When this number is exceeded, items that have the lowest occurrence or byte volumes are removed.
- Other information — Shows other information presented on tables.
For example, you can view the current versions of key modules (also known as engines) on an appliance, such as the Anti-Malware module or the URL Filter module.
The following table shows the display options for the different types of information.
| Option | Definition |
|---|---|
| Show last |
Provides a drop-down list for selecting a time interval: 1 hour | 3 hours | ... | 1 year |
| Resolution |
Displays the time unit used for the diagram that shows the evolution of a parameter over the selected interval. Resolution varies with the interval. For example, when 1 hour is selected, the diagram uses 1 minute as the time unit, when 1 year is selected, the diagram uses 1 day. |
| View |
Provides a drop-down list for selecting:
|
| Refresh icon |
Refreshes the view. |
| Top |
Provides a drop-down list for selecting how many of the items with the highest scores are shown: 10 | 25 | ... | 1000 For example, the 25 URL categories that the most-often requested URLs fall in can be shown. |
| Refresh icon |
Refreshes the view. |
Overview of charts and tables information
Information about web usage, filtering activities, and system behavior for an appliance is displayed on the Charts and Tables tab of the dashboard.
The following tables provide an overview of this information.
Executive Summary
| Information | Description |
|---|---|
| URL Executive Summary |
Shows how numbers of requests evolved during the selected interval. Requests are sorted into allowed (“good”) requests and such that were blocked. Blocked requests are additionally sorted according to the filtering modules that caused the blocking, such as the Anti-Malware engine, the URL engine, and others. Clicking Edit Choosable Data Series opens a window for editing the selection of good and blocked requests that is shown. |
| Categories by Hits |
Shows the categories that the most-often requested URLs belonged to. |
| Malware by Hits |
Shows the virus and malware types that were requested most often. |
System Summary
| Information | Description |
|---|---|
| Network Utilization |
Shows how numbers of requests sent and received evolved during the selected interval. |
| System Utilization |
Shows how usage of hard disk, CPU, physical memory of the appliance system, and the physical memories of the core and coordinator subsystems evolved during the selected interval. |
| Update Status |
Shows the versions of several modules and filter information files that are implemented on an appliance, for example, of the Gateway Anti-Malware engine or of the malware signature files. |
| Last Update |
Shows when several modules of an appliance were last updated, for example, the URL Filter module. |
| Open Ports |
Lists the ports on an appliance that are currently listening to requests. |
| WCCP Services |
Shows the status of WCCP services used to redirect traffic to an appliance. |
| Active Proxy Connections |
Shows how numbers of connections evolved during the selected interval. |
Web Traffic Summary
| Information | Description |
|---|---|
| Traffic per Protocol |
Shows how volumes of web traffic under the HTTP, HTTPS, HTTP2, and FTP protocols evolved during the selected interval. |
| Requests per Protocol |
Shows how numbers of requests under the HTTP, HTTPS, HTTP2, FTP, and IFP protocols evolved during the selected interval. |
ICAP Traffic Summary
| Information | Description |
|---|---|
| ICAP Traffic with ICAP Clients |
Shows how volumes of traffic occurring during communication with ICAP clients in REQMOD and RESPMOD modes evolved during the selected interval. |
| ICAP Requests from ICAP Clients |
Shows how numbers of requests sent by ICAP clients in REQMOD and RESPMOD modes evolved during the selected interval. |
SOCKS Traffic Summary
| Information | Description |
|---|---|
| SOCKS Traffic |
Shows how volumes of traffic going on under versions 4 and 5 of the SOCKS protocol evolved during the selected interval. |
| SOCKS Connections |
Shows how numbers of connections for traffic going on under versions 4 and 5 of the SOCKS protocol evolved during the selected interval. |
| Traffic per Protocol |
Shows how volumes of traffic going on under the SOCKS protocol evolved during the selected interval. Volumes are shown for UDP and the protocols that could be detected as underlying the SOCKS protocol: HTTP and HTTPS. Volume is also shown for all other underlying protocols, which remained unfiltered, as filtering underlying protocols of the SOCKS protocol other than HTTP or HTTPS is not performed on Web Gateway. |
| Connections per Protocol |
Shows how numbers of connections for traffic going on under the SOCKS protocol evolved during the selected interval. Connection numbers are shown for the UDP protocol and the protocols that could be detected as underlying the SOCKS protocol: HTTP and HTTPS. The number of connections is also shown for all other underlying protocols, which remained unfiltered, as filtering underlying protocols of the SOCKS protocol other than HTTP or HTTPS is not performed on Web Gateway. |
| Protocol Detection per Connection |
Lists the underlying protocols of the SOCKS protocol that were most often detected for an individual connection together with these connections. |
IM Traffic Summary
| Information | Description |
|---|---|
| Instant Messaging Traffic |
Shows how volumes of instant messaging requests evolved for different services during the selected interval. |
| Instant Messaging Requests |
Shows how numbers of instant messaging requests evolved for different services during the selected interval. |
| Instant Messaging Clients |
Shows how numbers of instant messaging clients evolved for different services during the selected interval. |
Traffic Volume
| Information | Description |
|---|---|
| Top-Level Domains by Bytes Transferred |
Lists the domains that were requested most according to the number of bytes transferred from them. |
| Top-Level Domains by Number of Requests |
Lists the domains that were requested most often according to the number of requests for them. |
| Destinations by Bytes Transferred |
Lists the destinations that were requested most according to the number of bytes transferred from them. |
| Destinations by Number of Requests |
Lists the domains that were requested most often according to the number of requests for them. |
| Source IPs by Bytes Transferred |
Lists the source IP addresses that most volume was transferred to. |
| Source IPs by Number of Requests |
Lists the source IP addresses that most requests were made from. |
Web Cache Statistics
| Information | Description |
|---|---|
| Web Cache Efficiency |
Shows how numbers of caching requests evolved during the selected interval and sorts them into hits and misses. |
| Web Cache Object Count |
Shows how numbers of objects in the cache evolved during the selected interval. |
| Web Cache Usage |
Shows how usage of the cache evolved during the selected interval. |
Malware Statistics
| Information | Description |
|---|---|
| Malware URLs by Hits |
Lists the URLs infected by viruses and other malware that were requested most often. |
| Malware by Hits |
Lists the malware types that were requested most often. |
|
Advanced Threat Defense Requests |
Shows how numbers of requests for web objects that were passed on to Skyhigh Security Advanced Threat Defense for scanning evolved during the selected interval. Shows also how numbers of requests that were blocked due to the scanning results evolved during the selected interval. |
|
Advanced Threat Defense Scanning Time |
Shows how the time consumed for scanning web objects by Skyhigh Security Advanced Threat Defense evolved during the selected interval. |
URL Filter Statistics
| Information | Description |
|---|---|
| Category |
Shows how numbers of requested URL categories evolved during the selected interval. |
| Reputation |
Shows how numbers of requests evolved during the selected interval and sorts them according to the reputation of the requested URLs. |
| Categories by Hits |
Lists the URL categories that were requested most often. |
| Sites Not Categorized by Hits |
Lists among the sites that are not categorized those that were requested most often. |
| Malicious Sites by Hits |
Lists among the sites that were found to be infected those that were requested most often. |
| Top Blocked URLs |
Lists among the blocked sites those that were requested most often. |
Media Type Statistics
| Information | Description |
|---|---|
| Media Type Groups by Hits |
Shows how numbers of requested media type groups evolved during the selected interval. Types are sorted into audio files, images, and others. |
| Media Types by Bytes |
Lists the media types that were requested most according to the number of bytes transferred. |
| Media Types by Hits |
Lists the media types that were requested most often according to the numbers of successful requests for them. |
DLP Filter Statistics
| Information | Description |
|---|---|
| DLP Classification |
Shows how numbers of classifications for content that should not leave your network evolved during the selected interval. |
| DLP Classification by Hits |
Lists the classifications that were most often used for content that should not leave your network. |
SSL Scanner Statistics
| Information | Description |
|---|---|
| Certificate Incidents |
Shows how numbers of incidents evolved during the selected interval. Incidents are sorted according to the types of the events that caused them, for example, expired certificates or common name mismatches. |
| Remote Private Key Operations |
Shows how numbers of remote private key operations for encrypting and decrypting data evolved during the selected interval. |
| Remote Private Key Operations |
Lists the remote private key operations that were executed most often, providing information on the keys used, the functions that were performed, and the types of operation. |
Application Control Statistics
| Information | Description |
|---|---|
| Categories |
Shows how numbers of the different categories that requested applications belonged to evolved during the selected interval. |
| Reputation |
Shows how numbers of the reputation levels that were assigned to requested applications evolved during the selected interval. |
| Categories by Hits |
Lists the categories that occurred most often for applications that access to was requested. |
| High Risk Applications by Hits |
Lists the applications with high-risk reputation that were most often requested for access. |
Single Sign On Statistics
| Information | Description |
|---|---|
| All Logins |
Shows how numbers of logons to cloud applications (services) evolved during the selected interval. |
| Logins per Service |
Shows how numbers of logons evolved during the selected interval and sorts them according to the cloud applications (services) that logon was performed to. |
| Logins per Service |
Lists the cloud applications (services) that most logons were performed to. |
| Number of Invalid Tokens |
Shows how numbers of invalid tokens evolved during the selected interval. |
Encryption Statistics
| Information | Description |
|---|---|
| Operations |
Shows how numbers of encryption and decryption operations for cloud storage data and numbers of errors that occurred during these operations evolved during the selected interval. |
| Volume |
Shows how volumes of encrypted and decrypted data evolved during the selected interval. |
| Encryption Operations |
Lists the cloud storage services that were involved most often when data was encrypted and uploaded. |
| Decryption Operations |
Lists the cloud storage services that were involved most often when data was decrypted and downloaded. |
| Encryption Volume |
Lists the cloud storage services that were involved most when data was encrypted according to the volume of encrypted data. |
| Decryption Volume |
Lists the cloud storage services that were involved most when data was decrypted according to the volume of decrypted data. |
| Encryption Errors |
Lists the cloud storage services that were involved most often when errors in encrypting data occurred. |
| Decryption Errors |
Lists the cloud storage services that were involved most often when errors in decrypting data occurred. |
System Details
| Information | Description |
|---|---|
| Network Utilization |
Shows how numbers of requests sent and received evolved during the selected interval. |
| CPU Utilization |
Shows how CPU usage evolved during the selected interval. |
| Memory Usage |
Shows how usage of memory evolved during the selected interval. |
| MWG Processes Virtual Memory Usage |
Shows how usage of virtual memory by processes running on Web Gateway evolved during the selected interval. |
| Average System Load per CPU |
Shows how average load on individual CPUs evolved during the selected interval. |
| Swap Space Usage |
Shows how usage of memory available for swapping data evolved during the selected interval. |
| File System Utilization |
Shows how usage of the file system evolved during the selected interval. |
| File System Utilization |
Shows usage of the file system per partition. |
| Open TCP Ports |
Shows open TCP ports with IP addresses and port numbers. |
Authentication Statistics
| Information | Description |
|---|---|
| Authentication Requests |
Shows how numbers of requests processed remotely, locally, or found in the cache evolved under each authentication method during the selected interval. |
| Average Request Processing Time per Method in ms |
Shows how average processing time for requests sent to a server evolved under each authentication method during the selected interval. |
| Current Requests Report |
Shows numbers of requests, cache hits, as well as minimum, maximum, and average processing time for requests sent to a server. |
| Current Connection Status |
Shows the connections that are currently active under each authentication method. |
Performance Information
| Information | Description |
|---|---|
| General Performance |
Shows how the processing time consumed on average for completing particular tasks evolved during the selected interval. These tasks include performing a DNS lookup, connecting to a given web server, and the work done by the rule engine to process a request throughout all cycles. When measuring the time consumed for DNS lookups, only lookups on external servers are considered. Cache lookups are disregarded. |
| Detailed HTTP Performance |
Shows how the time consumed on average for processing a request throughout all cycles evolved during the selected interval. This performance information is only measured and displayed for web traffic that uses HTTP and HTTPS connections. The processing of a request throughout all cycles (request, response, and embedded object cycles) is considered to be one transaction. Average processing time is shown for complete transactions, but also for particular data transfers going on during a transaction:
|
DXL
| Information | Description |
|---|---|
| DXL Requests Sent |
Shows how numbers of DXL requests and events that were sent and received, as well of requests that failed, evolved during the selected interval. |
| DXL Traffic |
Shows how the volume of DXL traffic evolved during the selected interval. |
Bandwidth Statistics
| Information | Description |
|---|---|
|
Bandwidth Utilization per Direction |
Shows how bandwidth evolved during the selected interval for both incoming and outgoing traffic. Incoming traffic is shown under Ingress, outgoing under Egress. If more than one class is used for applying bandwidth control on the same network interface, the average bandwidth of these classes is considered when the overall bandwidth values for incoming and outgoing traffic are calculated. |
|
HTTP/HTTPS: Download Bandwidth Utilization per Class (server side) |
Shows how bandwidth evolved during the selected interval for downloads from web servers performed under HTTP/HTTPS with regard to individual bandwidth classes. |
|
HTTP/HTTPS: Upload Bandwidth Utilization per Class (server side) |
Shows how bandwidth evolved during the selected interval for uploads to web servers performed under HTTP/HTTPS with regard to individual bandwidth classes. |
|
Bandwidth Statistics per Class |
Shows values for important parameters of bandwidth classes. Values are only shown for child (also known as leaf) classes.
|
|
HTTP/HTTPS: Top Classes by Download Bandwidth (server side) |
Lists the average bandwidth values for the bandwidth classes that consumed most bandwidth when downloads from web servers were performed under HTTP/HTTPS. |
|
HTTP/HTTPS: Top Classes by Upload Bandwidth (server side) |
Lists the average bandwidth values for the bandwidth classes that consumed most bandwidth when uploads to web servers were performed under HTTP/HTTPS. |
|
HTTP/HTTPS: Top Destinations by Download Bandwidth (server side) |
Lists the average bandwidth values for the web servers that caused the highest consumption of bandwidth through downloads performed under HTTP/HTTPS with these web servers as destinations. |
|
HTTP/HTTPS: Top Destinations by Upload Bandwidth (server side) |
Lists the average bandwidth values for the web servers that caused the highest consumption of bandwidth through uploads performed under HTTP/HTTPS with these web servers as destinations. |
|
HTTP/HTTPS: Top Users by Download Bandwidth (server side) |
Lists the average bandwidth values for the users that consumed most bandwidth when performing downloads from web servers under HTTP/HTTPS. |
|
HTTP/HTTPS: Top Users by Upload Bandwidth (server side) |
Lists the average bandwidth values for the users that consumed most bandwidth when performing uploads to web servers under HTTP/HTTPS. |
|
FTP: Download Bandwidth Utilization per Class (server side) |
Shows how bandwidth evolved during the selected interval for downloads from web servers performed under FTP with regard to individual bandwidth classes. |
|
FTP: Upload Bandwidth Utilization per Class (server side) |
Shows how bandwidth evolved during the selected interval for uploads to web servers performed under FTP with regard to individual bandwidth classes. |
|
FTP: Top Classes by Download Bandwidth (server side) |
Lists the average bandwidth values for the bandwidth classes that consumed most bandwidth when downloads from web servers were performed under FTP. |
|
FTP: Top Classes by Upload Bandwidth (server side) |
Lists the average bandwidth values for the bandwidth classes that consumed most bandwidth when uploads to web servers were performed under FTP. |
|
FTP: Top Destinations by Download Bandwidth (server side) |
Lists the average bandwidth values for the web servers that caused the highest consumption of bandwidth through downloads performed under FTP with these web servers as destinations. |
|
FTP: Top Destinations by Upload Bandwidth (server side) |
Lists the average bandwidth values for the web servers that caused the highest consumption of bandwidth through uploads performed under FTP with these web servers as destinations. |
|
FTP: Top Users by Download Bandwidth (server side) |
Lists the average bandwidth values for the users that consumed most bandwidth when performing downloads from web servers under FTP. |
|
FTP: Top Users by Upload Bandwidth (server side) |
Lists the average bandwidth values for the users that consumed most bandwidth when performing uploads to web servers under FTP. |
|
SOCKS: Download Bandwidth Utilization per Class (server side) |
Shows how bandwidth evolved during the selected interval for downloads from web servers performed under the SOCKS protocol with regard to individual bandwidth classes. |
|
SOCKS: Upload Bandwidth Utilization per Class (server side) |
Shows how bandwidth evolved during the selected interval for uploads to web servers performed under the SOCKS protocol with regard to individual bandwidth classes. |
|
SOCKS: Top Classes by Download Bandwidth (server side) |
Lists the average bandwidth values for the bandwidth classes that consumed most bandwidth when downloads from web servers were performed under the SOCKS protocol. |
|
SOCKS: Top Classes by Upload Bandwidth (server side) |
Lists the average bandwidth values for the bandwidth classes that consumed most bandwidth when uploads to web servers were performed under the SOCKS protocol. |
|
SOCKS: Top Destinations by Download Bandwidth (server side) |
Lists the average bandwidth values for the web servers that caused the highest consumption of bandwidth through downloads performed under the SOCKS protocol with these web servers as destinations. |
|
SOCKS: Top Destinations by Upload Bandwidth (server side) |
Lists the average bandwidth values for the web servers that caused the highest consumption of bandwidth through uploads performed under the SOCKS protocol with these web servers as destinations. |
|
SOCKS: Top Users by Download Bandwidth (server side) |
Lists the average bandwidth values for the users that consumed most bandwidth when performing downloads from web servers under the SOCKS protocol. |
|
SOCKS: Top Users by Upload Bandwidth (server side) |
Lists the average bandwidth values for the users that consumed most bandwidth when performing uploads to web servers under the SOCKS protocol. |