Skip to main content

Schedule Email Reports

You can have Trisul automatically email reports periodically.

Report Intervals

You may dispatch by email any of the supported report types at these intervals.

  1. Hourly
  2. Daily
  3. Weekly
  4. Monthly

Schedule a New Report

To schedule a new report

navigation

👉 Login as user Go to Reports → Schedule or you can also
👉 Login as admin Go to Context: Default → Admin Tasks → Schedule Email Reports

  1. A list of all reports scheduled will appear
  2. Click New report
  3. Fill out these fields

Figure: Showing Schedule a New Email Report Configuration

Here is the table with the description of all available fields to schedule a new report.

Field NameDescription
Select a ReportYou can choose various type of reports
ProbesYou can choose among different nodes if multiple probes are setup
Run TimeAt the top of what time do you want to run the report. The actual run times of the reports also depends on the frequency. For example if you select “2011-12-20 10:20:00” for hourly report runs. The report will be generated at 10:20, 11:20, 12:20, etc..
Business HoursRuns the report for business hours only
Run FrequencySelect from Hourly,Daily,Weekly, or Monthly
ToEmail address of receiver
CcRecipient received a copy of the message.
BccRecipients are invisible to all the other recipients of the message
Specify a SubjectSubject of the report
SignatureSignature of the sender
Report parameters (optional)Optional parameters, if present must be in valid JSON format. This parameter is only required for these three reports Endpoint Activity, Application Activity, Router and Interfaces
EnabledKeep this checkbox checked to generate reports on schedule and unchecked to temporarily disable scheduled reports

Once you schedule the report, all your scheduled reports will appear on the index page and you can toggle from there.

Figure: Showing List of Currently Scheduled Reports in Index Page

The following is the list of options and their description of all scheduled reports you can see on the index page of scheduled reports.

OptionsDescriptions
Run at TimeThe scheduled time at which the report will be generated and sent.
FrequencyThe frequency at which the report will be generated and sent, such as daily, weekly, or hourly.
TypeThe type of report being generated, such as network executive report, automatic email syslog alerts reports etc.
SubjectThe subject line of the email that will be sent with the report.
Mail toThe email address(es) to which the report will be sent.
Last RunThe date and time at which the report was last generated and sent.
StatusThe current status of the scheduled report, such as active or inactive.
ActionThe actions that can be taken on the scheduled report, such as "Edit", "Delete", or "Run Status".

With the action button of the scheduled reprots, you can,

  • Edit You can edit the parameters of the scheduled report one report at a time.
  • Delete You can delete the scheduled report.
  • Run Status You can check if the report has been sent successfully to the destination mail address.
  • Generate Report You can download the scheduled report manually.

Bulk Edit

To bulk edit scheduled reports select and click on the checkboxes on the left side against each scheduled report.


Figure: Bulk Edit Options

  • Delete Permanently removes the selected scheduled reports. Use with caution, as deleted reports cannot be recovered.
  • Edit Allows you to modify the parameters of the selected scheduled reports.
  • Select All Selects all scheduled reports on the page, enabling bulk actions to be applied to all reports at once.
  • Unselect All Deselects all scheduled reports on the page, allowing you to start the selection process again.
  • Invert Toggles the selection of all scheduled reports on the page, selecting those that were previously unselected and vice versa.

Report Parameters

Some reports are generated for a particular entity such as a specific host or application. For these reports you need to tell Trisul about the entity via the Report parameters field. Currently there are three types of such reports.

Parameters for the Endpoint Activity Report

The Endpoint activity report expects you to specify a host.

  1. Specify all common fields for a scheduled report
  2. In addition enter report parameters as shown below

Say you want to schedule an endpoint report for host 192.168.1.151, enter the ip address in this format
{"IP":"192.168.1.151"} You can also enter a host name instead of an IP like {"IP":"dns00.unleashnetworks.com"}

Parameters for the Application Activity Report

The Application activity report expects you to specify an application or port.

  1. Specify all common fields for a scheduled report
  2. In addition enter report parameters as shown below

Say you want to schedule an for the http app, use this format
{"port1":"http"} You can also enter a port number {"port1":"Port-80"}

Parameters for the Interface Activity Report

Netflow only You can generate a report for any netflow interface.

  1. Specify all common fields for a scheduled report
  2. In addition enter report parameters as shown below

Say you want to schedule an report for interface with ifIndex 22 on router 192.168.1.1, use the following format
{"interface":"192.168.1.1_22"}

Enable Email Dispatching

After you have setup email, you need to enable the job that actually generates the report and sends out the email.

To enable this :

navigation

👉 Select Customize → App Settings

Check the Automatically email scheduled reports

Note: Ensure you have set up your Email Settings

Troubleshooting

Are your reports not coming through ? Here are some possible reasons.

Check if cron support is available in your system

As root type

crontab -l

Check the Logs

If you are not receiving the email reports, check the logs.

navigation

👉 Login as Admin → WebAdmin → View Logs
Click on Background tasks log

You can see if any errors are observed there.

Executive Network Report

The Executive Network Report provides a comprehensive overview of network activity and performance, including:

ContentDescription
Bandwidth UtilizationTotal bandwidth received and transmitted
AlertsNotifications from threshold crossing alerts, , Flow tracker indicating analysis of network flows to identify trends and patterns, Badfellas for identification of suspicious or malicious hosts, and IDS indicating potential issues
Bandwidth Utilization ChartVisual representation of total bandwidth usage
Top Internal HostsMost active internal hosts
Top External HostsMost active external hosts
Top ApplicationsMost used applications
Top Network LayersMost used network layers
Top HTTP URL CategoryMost accessed URL categories
Top CountryCountries with the most network activity

This report provides a concise and informative snapshot of network performance, security, and usage patterns.

Download Sample Report here : Executive Network Report

Application Activity Report

The Application Usage Report provides a comprehensive overview of application activity and performance, including,

ContentDescription
Top Hosts by Total VolumeRanking of hosts with the highest total data transfer volume
Top ApplicationsIdentification of the most frequently used applications
Top Server HostsList of server hosts with the highest levels of activity
Top Client HostsRanking of client hosts generating the most network traffic
Top Internal HostsIdentification of internal hosts with the highest levels of activity
Top External HostsList of external hosts communicating with the network
Top TagsCategorization of network activity by relevant tags or keywords
Top FlowsAnalysis of the most prominent network flows, highlighting patterns and trends

Download Sample Report here : Application Activity Report

Subscriber Activity Report

The Subscriber Activity Report provides a comprehensive overview of network activity and performance, including:

ContentDescription
Inbound and Outbound Traffic ChartVisual representation of incoming and outgoing network traffic
TCP Connection ActivityAnalysis of TCP connections, highlighting potential issues such as large spikes indicating P2P or infected systems scanning
Blacklisted Connection TrendsAggregate view of malware, spamming, and botnet activity
Top 50 Users by Total TrafficRanking of users by total uploaded and downloaded traffic
Top 50 Users by ConnectionsIdentification of users with the most TCP connections, often indicative of P2P app usage
Top 50 DownloadersList of users with the highest received traffic
Top 50 UploadersList of users with the highest transmitted traffic
Top 50 Potentially InfectedIdentification of users hitting malware, virus, phishing, and spamming blacklists
Top 50 Apps for UploadsApplications responsible for the most upload traffic
Top 50 Apps for DownloadsApplications responsible for the most download traffic

Download Sample Report here : Application Activity Report

Malware Report

The Malware Report provides a comprehensive overview of malware activity and performance, including:

ContentDescription
Malware AlertsIdentification of potential malware threats
Blacklist MatchesCategorization of blacklisted traffic, indicating type of malicious activity
Connection Activity with Blacklist HitsAnalysis of connections with known malicious entities
ICMP ActivityMonitoring of ICMP traffic, potentially indicating port scanning, PING flood, and other attacks
Top 50 Blacklisted Internal HostsRanking of internal hosts with the most blacklist hits, based on malware, virus, phishing, and spamming activity
Top 50 Blacklisted External HostsIdentification of external hosts with the most blacklist hits, based on malware, virus, phishing, and spamming activity
Top Alerts TypeCategorization of most common alert types
Latest Malware AlertsList of most recent malware alerts

Download Sample Report here : Malware Report

Interface Activity Report

The Interface Activity Report provides a comprehensive overview of interface activity and performance, including:

ContentDescription
Top Hosts by Total VolumeRanking of hosts with the highest total data transfer volume
Top ApplicationsIdetification of most frequently used applications.
Top Server HostsList of server hosts with the highest levels of activity
Top Client hostsRanking of clients hosts generating the most network traffic
Top Internal HostsIdentification of internal hosts with the highest level of activity
Top External HostsList of external hosts communicating with the network
Top TagsCategorization of network activity by relevant tags or keywords
Top FlowsAnalysis of the most prominent network flows, highlighting patterns and trends

Download Sample Report here : Interface Activity Report

Routers and Interfaces Report

The Routers and Interface Activity Report provides a comprehensive overview of router and interface activity, including:

ContentDescription
Router Activity Report ChartVisual representation of top 20 routers by volume, highlighting network traffic patterns
Interface Report ChartBreakdown of top 2 interfaces for each of the top 20 routers, showing total traffic per interface

Download Sample Report here : Routers and Interfaces Report

Traffic and Toppers (Internal Hosts)

The Top Toppers and Traffic (Internal Hosts) Report provides a comprehensive overview of network activity and performance, including:

ContentDescription
Top Toppers and Traffic by TotalTotal top toppers and traffic received and transmitted
Newly Seen Top Toppers and Traffic by TotalNewly detected top toppers and traffic patterns
Top Toppers and Traffic by ReceivedTop toppers and traffic received by the network
Newly Seen Top Toppers and Traffic by ReceivedNewly seen top toppers and traffic patterns in received data
Top Toppers and Traffic by TransmitTop toppers and traffic transmitted from the network
Newly Seen Top Toppers and Traffic by TransmitNewly detected top toppers and traffic patterns in transmitted data
Top Toppers and Traffic by Total PacketsTop toppers and traffic based on total packets
Newly Seen Top Toppers and Traffic by Total PacketsNewly seen top toppers and traffic patterns in packet data
Top Toppers and Traffic by Active ConnectionsTop toppers and traffic associated with active connections
Newly Seen Top Toppers and Traffic by Active ConnectionsNewly detected top toppers and traffic patterns in active connections
Top Toppers and Traffic by Attacker AlertsTop toppers and traffic linked to attacker alerts
Newly Seen Top Toppers and Traffic by Attacker AlertsNewly seen top toppers and traffic patterns related to attacker alerts
Top Toppers and Traffic by HomenetTop toppers and traffic within the homenet
Newly Seen Top Toppers and Traffic by HomenetNewly detected top toppers and traffic patterns in the homenet
Top Toppers and Traffic by ExternalTop toppers and traffic from external sources
Newly Seen Top Toppers and Traffic by ExternalNewly seen top toppers and traffic patterns from external sources
Top Toppers and Traffic by TCP SYN SentTop toppers and traffic associated with TCP SYN sent
Newly Seen Top Toppers and Traffic by TCP SYN SentNewly detected top toppers and traffic patterns in TCP SYN sent
Top Toppers and Traffic by TCP SYN ReceivedTop toppers and traffic linked to TCP SYN received
Newly Seen Top Toppers and Traffic by TCP SYN ReceivedNewly seen top toppers and traffic patterns in TCP SYN received
Top Toppers and Traffic by Blacklist AlertsTop toppers and traffic associated with blacklist alerts
Newly Seen Top Toppers and Traffic by Blacklist AlertsNewly detected top toppers and traffic patterns in blacklist alerts
Top Toppers and Traffic by Victim AlertsTop toppers and traffic linked to victim alerts
Newly Seen Top Toppers and Traffic by Victim AlertsNewly seen top toppers and traffic patterns related to victim alerts
Top Toppers and Traffic by New ConnectionsTop toppers and traffic associated with new connections
Newly Seen Top Toppers and Traffic by New ConnectionsNewly detected top toppers and traffic patterns in new connections
Top Toppers and Traffic by Incoming InterfaceTop toppers and traffic entering through specific interfaces
Newly Seen Top Toppers and Traffic by Incoming InterfaceNewly seen top toppers and traffic patterns in incoming interfaces
Top Toppers and Traffic by Outgoing InterfaceTop toppers and traffic exiting through specific interfaces
Newly Seen Top Toppers and Traffic by Outgoing InterfaceNewly detected top toppers and traffic patterns in outgoing interfaces
Top Toppers and Traffic by Flow RecordsTop toppers and traffic associated with flow records
Newly Seen Top Toppers and Traffic by Flow RecordsNewly seen top toppers and traffic patterns in flow records
Top Toppers and Traffic by Unused Cardinality CounterTop toppers and traffic linked to unused cardinality counters
Newly Seen Top Toppers and Traffic by Unused Cardinality CounterNewly detected top toppers and traffic patterns in unused cardinality counters

Download Sample Report here : Traffic and Toppers (Internal Hosts)

Toppers and Traffic (Applications)

The Toppers and Traffic Report provides a comprehensive overview of network activity and performance, including:

ContentDescription
Top Toppers and Traffic by TotalOverall statistics on top toppers and traffic
Newly Seen Top Toppers and Traffic by TotalNewly seen top toppers and traffic statistics
Top Toppers and Traffic by Security AlertsStatistics on top toppers and traffic related to security alerts
Newly Seen Top Toppers and Traffic by Security AlertsNewly seen top toppers and traffic statistics related to security alerts
Top Toppers and Traffic by Into HomenetStatistics on top toppers and traffic entering the Homenet
Newly Seen Top Toppers and Traffic by Into HomenetNewly seen top toppers and traffic statistics entering the Homenet
Top Toppers and Traffic by Outof HomenetStatistics on top toppers and traffic leaving the Homenet
Newly Seen Top Toppers and Traffic by Outof HomenetNewly seen top toppers and traffic statistics leaving the Homenet
Top Toppers and Traffic by ConnectionsStatistics on top toppers and traffic by connection type
Newly Seen Top Toppers and Traffic by ConnectionsNewly seen top toppers and traffic statistics by connection type
Top Toppers and Traffic by Internal HomenetStatistics on top toppers and traffic within the Homenet
Newly Seen Top Toppers and Traffic by Internal HomenetNewly seen top toppers and traffic statistics within the Homenet
Top Toppers and Traffic by Transit HomenetStatistics on top toppers and traffic transiting the Homenet
Newly Seen Top Toppers and Traffic by Transit HomenetNewly seen top toppers and traffic statistics transiting the Homenet
Top Toppers and Traffic by Active ConnsStatistics on top toppers and traffic by active connections
Newly Seen Top Toppers and Traffic by Active ConnsNewly seen top toppers and traffic statistics by active connections
Top Toppers and Traffic by Into InterfaceStatistics on top toppers and traffic entering through specific interfaces
Newly Seen Top Toppers and Traffic by Into InterfaceNewly seen top toppers and traffic statistics entering through specific interfaces
Top Toppers and Traffic by Outof InterfaceStatistics on top toppers and traffic leaving through specific interfaces
Newly Seen Top Toppers and Traffic by Outof InterfaceNewly seen top toppers and traffic statistics leaving through specific interfaces
Top Toppers and Traffic by Unused Cardinality CounterStatistics on top toppers and traffic related to unused cardinality counters
Newly Seen Top Toppers and Traffic by Unused Cardinality CounterNewly seen top toppers and traffic statistics related to unused cardinality counters

Download Sample Report here : Traffic and Toppers (Applications)