This section contains the following subsections:
These reports are constructed from the most current available summary data. In order to create summary data, the Analyzer Reporting Module must parse the raw data files.
When configuring Analyzer Reporting using the screens on the Console panel under Reports, you can select the amount of summary information to store. These settings affect the database size, be sure there is adequate disk space to accommodate the settings you choose.
Additionally, you can select the number of days that raw syslog data is stored. The raw data is made up of information for every connection. Depending on the amount of traffic, this can quickly consume an enormous amount of space in the database. Analyzer creates a new 2 GB database for raw syslog data everyday. Be very careful when selecting how much raw information to store.
Summarizer Settings and Summarization Interval for CDP
SonicWALL CDP appliances send their syslog packets to SonicWALL Analyzer via UDP packets. When summarization is enabled, the Summarizer will process those files and store the data in the summary databases at the interval you specify.
See the following sections:
Enabling Report Summarization for CDP Appliances
To globally enable the summarization of report data, which is necessary for viewing reports, perform the following:
1. On the Console panel, navigate to Reports > Summarizer.
2. Under Summarizer Settings, select the Enable Report Summarization checkbox.
3. Click Update.
Setting the Reports Data Summarization Interval
The Summarizer will process syslog data sent from SonicWALL CDP appliances and store the processed data in the summary databases at the interval you specify. When a CDP appliance is configured to communicate with Analyzer, you need to verify that the summarizer is scheduled to collect and process data for this unit at an appropriate interval.
To configure the summarization interval, perform the following steps:
1. Click the Console tab, expand the Reports tree and click Summarizer. The CDP Summarizer page displays.
2. Under Reports Data Summarization Interval, important information about the Summarizer is displayed. Use the Summarize every pull-down lists to specify how often in hours and minutes the Analyzer Reporting Module should process syslog data and update summary information.
3. Click the Update button to the right of this field.
4. To specify the next summarization time, enter a date in the form mm/dd/yyyy in the Next Scheduled Run Time field, and select the hour and minute values from the pull-down lists.
5. Click the Update button to the right of this field.
6. To update the summary information now, click the Summarize Now button. SonicWALL Analyzer will automatically process the latest information and make it available for immediate viewing.
Note: This will not affect the normally scheduled summarization updates on Analyzer.
For more information about using and verifying the Summarize Now option, see the Using Summarize Now.
The Summarize Now feature allows the administrator to create instant summary reports without affecting the regularly scheduled summary reports. You can use Summarize Now to test that the Summarizer is gathering data for a managed unit. The SonicWALL Analyzer Summarize Now feature is located in the Console tab under Reports > Summarizer. The SonicWALL Analyzer Summarizer creates summary reports by default every 8 hours. Summary reports can be configured by the administrator to occur every 15 minutes to every 24 hours.
To use the Summarize Now feature, perform the following tasks:
1. Click the Console tab, expand the Reports tree and click Summarizer. Click the Summarize Now button to summarize data immediately.
2. You will see a pop-up window verifying that you want to summarize the data now. Summarizing data using Summarize Now is a one-time action and will not affect the scheduled summary. Click OK to continue.
To verify summarization, navigate to Log > View Log in the left pane. Search for the message Report Data Summarized to verify that the Summarize Now action has completed.
4. When Summarize Now has completed, click the Firewall tab at the top of the screen. In the left-most pane, click GlobalView or click an appliance.
Note: You may see incomplete data if you view the Summary section of a selected report before the Summarize Now process is complete. Wait for the Report Data Summarized message to be displayed in Log > View Log.
5. In the center pane, click a report to expand it, then click the Summary option underneath it. For example, click Capacity, then click Summary to review the summarized CDP capacity usage data.
Navigate to the Summary section of other reports in the center pane to see other summarized data.
Configuring the Data Deletion Schedule Settings
Syslog files sent from SonicWALL appliances are stored on the Analyzersystem, and are consolidated into the syslog database. The Summarizer processes the syslog data and stores the processed data in the summary database. After the configured period of syslog storage, the syslog data can be periodically deleted from the system. This is necessary, as the syslog files and database can consume a lot of space on the file system.
This section of the Summarizer page also provides a way to delete summarized data for a certain date. For example, if summarized data is kept for a long time, such as 90 days, then you could use this option to remove some summarized data from a particular date within the 90 day period if the stored data was becoming too large.
Tip: Run your database maintenance jobs soon after the completion of the scheduled tasks configured on this page for summarizing data and deleting old syslog data.
Analyzer requires large amounts of disk space for raw data storage. In previous versions, the maximum raw syslog database size was 2 GB. Analyzer now provides enhanced database capacity by creating a new 2 GB database everyday. Each file name includes the date it was created for easy reference. Raw syslog data is used to create Custom Reports for Firewall, SRA, and CDP appliances.
To configure the syslog and summarized data deletion settings, perform the following:
1. On the Console panel, navigate to Reports > Summarizer.
2. Under Data Deletion Schedule, select the day and time for deletion in the hour and minute widget. Syslog data will be deleted at this time only after being stored for the number of days configured. You specify how long to keep the date in Data Storage Configuration.This field allows you to specify the data address of the Summarizer, how long to keep reporting data (in months), and how long to keep the raw syslog data (in months)
3. Click the Update button to the right of this field.