Skip to main content

Zenarmor Reports Overview for OPNsense

Reports module is the place where you see what is happening on your network, which rules are hitting and more in real-time.

All reports have their charts set up. You'll be provided with the charts relevant to the report you're on.

Start with the big picture, drill-down to details

Zenarmor (Sensei)'s rich reporting allows you both to see the overall network activity in a birds-eye view, and if you want to inspect in detail, you can select any chart item and drill-down to details. You can drill-down as many levels as you like.

At any time, you can click on the Sessions Explorer to see per-connection details for the current reporting level.

For instance, if you selected Drill-down for Streaming application category and then you drilled down to "" IP address, all reports will be displaying information regarding the Streaming activity of IP Address.

When you launch the Sessions Explorer, the displayed records will have the same drill-down filter, so you'll only see the sessions belonging to IP address doing Streaming.

Reporting criteria

On the top right-hand side, you can select customize the reporting criteria

Reporting Metric

You can select the metrics used to create the reports. Do you want to see how many sessions are created, or how many packets are transmitted, or may be the number of bytes transferred? You can select which information you want to see here. They can be either one of them:

  1. Sessions: number of connections / transactions
  2. Packets: number of packets
  3. Volume: number of bytes

Reporting Time Interval

You can define a time interval. The time interval can be:

  1. Last 5 minutes
  2. Last 1 hour
  3. Last 1 day
  4. Last 1 week
  5. Last 1 month
  6. Custom time

Refresh Time

This is the auto-refresh interval for the reports to automatically refresh with new data.

Using the Drill-Down Filter

You can drill-down to the data you see on the page by clicking on any of the charts displayed, and filtering out the data. It will be automatically applied to all the charts.

Drill Down

Figure 1. Using the Drill Down

How to Use Generic Filter

You can filter out the reports by clicking + Add Filter button on top of each report page.

Add Filter

Figure 2. Add Filter

  • Select what to filter.

Filter Types

Figure 3. Filter Types

Filter types

  • Enter the keyword

Enter Keywords to filter

Figure 4. Entering keyword to filter

If you're on Connections tab, you can try Application Category

  • Click Add to apply your filter to the current report page.

Report Page

Figure 5. Connections filtered out for Application Category = Media Streaming

The Explorer and How to Use It

Zenarmor's Explorer module displays and lets you browse the relevant data about the report you're on. All reports have slightly different versions of the explorer. You'll notice how the explorer consolidates the data and changes functionality based on the report you're exploring.

To open up The Explorer, click on the button upper right corner of the page.

Each report page has an explorer screen that renders detailed connection logs in a searchable, sortable fashion.

There is a dynamic text search area at the upper right corner of every explorer screen. It helps you to filter all the data in the grid as you type.


Figure 6. Blocked live sessions explorer

How to Take Actions

You'll find three buttons for each log item.

  • Info icon: Provides connection details.

Connection Details

Figure 7. Connection Details Window

  • Action icon: Helps you to block or allow that particular connection.

Action Icon

Figure 8. Blocking via Action button on reports

  • Query icon: Renders a form to query whois data for that connection.


Figure 9. Whois Query

Whois Query Result

Figure 10. Whois Query Result

Report Charts

Due to the nature of the job, Zenarmor creates a vast amount of data and creates meaningful graphics based on them. Each Sub-Module has its own chart setup.

Use a drill down filter by right-clicking on any of the charts displayed to filter out the data. It will be automatically applied to all the charts as is.

Connection Report Charts

  • App Categories Breakdown
  • Apps Breakdown
  • Top Local Hosts
  • Top Remote Hosts


Figure 11. Connection Reports

  • Egress New Connections by App Over Time
  • Eggress New Connections by Source Over Time
  • New Connections & Unique Remote Hosts
  • Unique Local Hosts over Time


Figure 12. Eggress Reports

  • Conns - Facts
  • Egress New Connections Heatmap
  • Top Destination Locations Heatmap
  • Table of Local Assets


Figure 13. Connection Reports

  • Table of Apps
  • Table of Remote Hosts
  • Top Remote Ports
  • Top Locale Serving Ports


Figure 14. Connection Reports

Security Report Charts

  • Alerts - Top Blocks
  • Alerts - Blocked Local Hosts and Reasons
  • Alerts - Blocked Conversations Heatmap
  • Alerts - Blocked Local Hosts Over Time


Figure 15. Security Reports

Web Report Charts

  • Web - Top Categories
  • Web - HTTP Transactions by Source Over Time
  • Web - Top Talkers Heatmap
  • Web - Tag Cloud Top Request Methods
  • Web - Tag Cloud Top HTTP Versions


Figure 16. Web Reports

DNS Report Charts

  • DNS Transactions Heatmap
  • DNS Queries Distribution
  • DNS Query Types Tag Cloud
  • DNS Response Codes Tag Cloud


Figure 17. DNS Reports

TLS Report Charts

  • TLS - Top Talkers Heatmap
  • TLS - Web Categories Breakdown
  • TLS - Top TLS Session Creators Over Time
  • TLS - Destination Ports Tag Cloud
  • TLS - Top TLS Servers Over Time


Figure 18. TLS Reports