XG on board reports - accuracy

Hi folks,

a discussion about the use of XG on board reports and their accuracy. The reports provide a summary of the affect of users firewall rules and polocies along with the XG inbuilt functions. So what is reflected in the reports is effected highlights bugs in XG processing whether user or Sophos created.

The preferred method of reporting is to use CM which is all very good if you have a number of devices or a large installation. Small companies and home users might prefer the trail version (not an appropriate name) which has a imitation of 7 days data and no emailed reports so they rely on the onboard reports.

The onboard report is daily for 24 hours.

Accuracy,

If you have an XG restart your user count does not stabilise for 48 hours.

Mail reports show deleted mail over 48 hours. Mail reports show a large quantity of possible spam from no-one to no-one. Mail reports show recipient '/span' or "/br".

Network usage. When you download a file that maxes out you link you see a  value approaching that in the report assuming you the download lasts a couple of minutes and if traffic is los during the day following the peak shows again but with lesser value the following day.

Application  categories.

Why is streaming to foxtel, apple tv etc classed ad infrastructure where streaming to facebook/youtube is considered social networking?

Hardware

The memory chart is good in tat it shows memory usage, but does not show whether the memory has high occupancy for long periods.

The CPU chart shows max and min and has similar issues as to the memory, you have no idea as to how loaded your machine is.

Now you can get details of the CPU and memory from the diagnostic reports on the XG which when used for any period greater than two hours reduce th peeks so you cannot get the full picture.

Further managers do not usually like to look at the device reports but prefer the daily summary to provide the details.

Open for discussion and thoughts.

Ian



Edited TAGs
[edited by: emmosophos at 10:33 PM (GMT -7) on 25 Aug 2022]
  • The onboard reporting is indeed poor, I've no idea why someone doesn't get hold of it and sort it out - it's barely changed over the years and has been a constant source of grumbling by everyone. I assume the data is in there, just needs the UI sorting out (I say that as someone that has no real idea what that entails, I'd assume not a huge deal though).

    We've started to move to adding CFR licenses as standard now as a sticking plaster, with that at least you can create reasonable customised reports and have off site log backups of a decent length (as the report partition also has a habit of filling up and needs constant purging on larger installs, none of that LIFO for some reason).

  • BTW: using a xStream Protection license does cover CFR Data for 30 Days plus advanced feature. So it is likely, most customer have CFR full feature set, as this is the default license. 

    __________________________________________________________________________________________________________________

  • today's report extract.

    XG115W - v19.0.1 mr-1 - Home

    1225v5 6gb ram, SSID, 4 NICs 20w - v19 EAP - on holiday.

    If a post solves your question please use the 'Verify Answer' button.

  • Hi folks,

    some more issues.

    Ian

    XG115W - v19.0.1 mr-1 - Home

    1225v5 6gb ram, SSID, 4 NICs 20w - v19 EAP - on holiday.

    If a post solves your question please use the 'Verify Answer' button.