Diverse data is needed to be gathered for the statistics. Statistic data is stored in the database (the star\data
subdirectory of the WinRoute's installation directory — for details, see chapter 25.1 Configuration Backup and Transfer). Total period length for which WinRoute keeps the statistics can be set in the Accounting section of the Administration Console (see chapter 21.2 Settings for statistics and quota). By default, this time is set to 24 months (i.e. 2 years).
For technical reasons, the WinRoute Firewall Engine stores gathered statistic data in the cache (the star\cache
subdirectory) and data is recorded in the database once per hour. The cache is represented by several files on the disk. This implies that any data is kept in the cache even if the WinRoute Firewall Engine is stopped or another problem occurs (failure of power supply, etc.) though not having been stored in the database yet.
The statistics use data from the main database. This implies that current traffic of individual users is not included in the statistics immediately but when the started period expires and the data is written in the database.
Note: Data in the database used for statistics cannot be removed manually (such action would be meaningless). In statistics, it is possible to switch into another view mode where data is related only to a period we need to be informed about. If you do not wish to keep older data, it is possible to change the statistics storage period (see above).
The following conditions must be met for correct function of all statistics:
The firewall should always require user authentication. The statistics by individual users would not match the true state if unauthenticated users are allowed to access the Internet. For details see chapter 10 User Authentication.
For statistics on visited websites, it is necessary that a corresponding protocol inspector is applied to any HTTP traffic. This condition is met by default unless special traffic rules disabling the particular protocol inspector are applied (see chapter 7.7 Partial Retirement of Protocol Inspector).
If the WinRoute proxy server is used, visited pages are monitored by the proxy server itself (see chapter 8.4 Proxy server).
Note: HTTPS traffic is encrypted and, therefore, it is impossible to monitor visited sites and categories. Only volume of transferred data is included in the statistics for such traffic.
For monitoring of web categories of visited websites, the ISS OrangeWeb Filter module must be enabled.. In its configuration, the Categorize each page regardless of HTTP rules option should be enabled, otherwise web categories statistics would be unreliable. For details, see chapter 12.4 Content Rating System (ISS OrangeWeb Filter).
Connections from the Internet to mapped services on local hosts (or to services on the firewall available from the Internet — see chapter 7.3 Definition of Custom Traffic Rules) are also included in user statistics. If a user is connected to the firewall from the particular host, access to the mapped service is considered as an activity of this user. Otherwise, such connection is included in activity of unknown users (users who are not logged in).
The following example helps recognize importance of this feature. User jsmith is authenticated at the firewall and connected to it from a local workstation. The RDP service for this host is mapped on the firewall, allowing the user to work remotely on the workstation. If user jsmith connects from the Internet to the remote desktop on the workstation, this connection (and data transferred within the connection) will be correctly included in the user's statistics and quota.
The following example addresses case of a mapped web server accessible from the Internet. Any (anonymous) user in the Internet can connect to the server. However, web servers are usually located on a special machine which is not used by any user. Therefore, all traffic of this server will be accounted for users who are “not logged in”.
However, if any user is connected to the firewall from the server, any traffic between clients in the Internet and the web server is accounted as an activity of this user. If this user also reaches their data volume quota, corresponding restrictions will be applied to this web server ( see chapters 15.2 Local user accounts and 9.2 Bandwidth Limiter configuration).