View basic traffic metrics and inbound and outbound traffic distribution by using log reports - Cloud Firewall

Cloud Firewall provides log reports that show statistics such as basic traffic metrics and inbound and outbound traffic distribution. You can view and analyze traffic data distribution in different monitoring scenarios. For example, you can specify a time range, subscribe to log reports, and configure refresh frequency settings.

Prerequisites

The log analysis feature of Cloud Firewall is enabled. For more information, see Enable the log analysis feature.
The delivery switch for Internet traffic logs is turned on. For more information, see Modify log storage configurations.

Procedure

Log on to the Cloud Firewall console.
In the left-side navigation pane, choose Log Analysis > Log Analysis.
In the upper-right corner of the Reports tab, click Time Range and specify a time range to view the data that is collected within the specified time range on the dashboard. For more information, see Dashboard description.
If you do not specify a time range, the system displays the data within the previous hour.
Note
- The system applies the time settings only to the current tab and does not save the settings. The next time you open the Reports tab, the dashboard displays data based on the default time setting.
- In the upper-right corner of the Reports tab, click Refresh to specify the frequency at which you want to refresh log reports.
Optional. Click the icon in the upper-right corner of a widget to perform the following operations:
- View: Select this option to zoom in on the widget.
- Preview Query Statement: Select this option to view the statement that is used to query the log data of a specific metric. You can use the statement to query log data on the Logs tab. For more information, see Query and analyze logs.
- Select Time Range: Select this option to specify a relative time range, time frame, or custom time range to allow the widget to display the log data of a specific metric.
- Download Chart Data: Select this option to save the widget as a PNG file to your computer.
- Download Chart: Select this option to save the widget as an Excel file to your computer.

Dashboard description

Log reports provide a global view of Internet traffic, including basic traffic metrics, inbound and outbound traffic trends, and traffic distribution.

Type	Widget	Description
Basic metrics	Total number of Intercepting	The number of unauthorized access requests that are blocked by Cloud Firewall, including inbound and outbound requests.
	Inbound Traffic	The total volume of traffic from the Internet to internal assets.
	Outbound Traffic	The total volume of traffic from internal assets to the Internet.
	SSH Access	The number of SSH access requests, including inbound and outbound requests.
	RDP Access	The number of Remote Desktop Protocol (RDP) access requests, including inbound and outbound requests.
	FTP Access	The number of FTP access requests, including inbound and outbound requests.
Inbound Traffic	Intercept trend	The trend chart for the number of times that unauthorized access requests from the Internet to internal assets are blocked.
	Intercept Source Applications	The top 10 applications over which the most blocked access requests are initiated from the Internet to internal assets.
	Sources – Global	The geographic distribution of traffic sources from the Internet to internal assets.
	Source Applications – Top 10	The top 10 applications over which the most access requests are initiated from the Internet to internal assets and the proportion of visits.
	Source Regions – Top 10	The top 10 regions from which the most inbound traffic from the Internet to internal assets is sent and the proportion of visits.
	Source Ports – Top 20	The top 20 ports over which the most traffic is sent from the Internet to internal assets and the numbers of visits.
Outbound Traffic	Intercept trend	The trend chart for the number of times that unauthorized access requests from internal assets to the Internet are blocked.
	Intercept External Applications	The top 10 applications over which the most blocked access requests are initiated from internal assets to the Internet and the proportion of visits.
	External Ports – Top 20	The top 20 ports over which the most traffic is sent from internal assets to the Internet and the numbers of visits.
	External IP Addresses – Top 10	The top 10 IP addresses from which the most requests are initiated from internal assets to the Internet and the proportion of visits.
	External Domains – Top 10	The top 10 domain names from which the most requests are initiated from internal assets to the Internet and the numbers of visits.
	External Applications – Top 10	The top 10 applications over which the most requests are initiated from internal assets to the Internet and the proportion of visits.