The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
Description of the reporting system and tools on the Astaro Security Gateway.
Known to apply to the following Sophos product(s) and version(s)
One part of the reporting system is based on the RRDtool program. The reporting storage consists of several RRD databases storing average values of certain measurements. The data stored in those RRD databases is used to create the reporting graphs by the /usr/local/bin/create_rrd_graphs.pl script.
The RRDtool is good for showing trends and averages, but is not good for displaying totals - having an average of 10 mails per hour is not the same as having a total of 240 emails per day. Therefore, we added another storage type:
ACCU As a second type of storage, we implemented 'so-called' ACCU files. These provide accurate absolute numbers, but only over a time period of 30 days. The ACCU files contain data such as the number of login failures, the number of viruses caught, etc. The data is stored in 'buckets per day', so it is very easy to access a specific period of time like today, yesterday, the last seven days, etc.
ADBS To complete our reporting set, we added the ADBS reporting storage in version 7.0. Since version 7.300, this has been based on the PostgreSQL database. There is database "reporting" which contains tables for what are considered to be our most interesting subsections, like web security, mail security, network accounting. Those tables contain events and their precise timestamps.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.