Data Storage Patern for Firewall Analyzer

Data Storage Patern for Firewall Analyzer

Firewall Analyzer will populate the exact log time only in it's base table 'FirewallRecords' and not in the data, Hourly, Daily, Monthly and Yearly tables.  As per our Database structure, all queries will get the data from data tables only.

Data tables will be populated with aggregated data from base table,

                Houly table = 5Min average
                Daily table =  4 Hour average
                Monthly table = 12 Hour average
                Yearly table = 24 Hour average

Based on the time selection [from Calendar] data will be retrieved from the above tables.

Firewall Analyzer provides ceiled timestamps than giving you the absolute timestamps.  For the last 24 hours (hourly tables) we will give you the time ceiled to 5 mins average.  For example 10:11:11 will be ceiled to 10:15:00 and shown in the UI. 

Then, for the last 7 days (daily tables) we will give you the time ceiled to 4 hours. for example 10:11:11 would be shown as 12:00:00 etc.

For the last 90 days, average would be 12 hours. For the remaining, average would be a day or 24 hours.

We do provide the real time scenario with respect to security related events.  We do have an option to view the raw logs (of security events like VPN, Attack, Virus, Denied logs, Failed logons, etc,.) from the UI itself.  You can do search for any criteria for the following raw logs from "Advanced Search" and any reports, that is created through "Advanced Search" would give us the exact time stamp.

Raw VPN Logs
Raw Virus/Attack Logs
Raw Device Management Logs
Raw Denied Logs
Raw Traffic Logs