Reporter for SonicWall Release Notes
Reporter for SonicWall (2024-02-20)

Introducing Fastvue’s New Safeguarding Report

We’re excited to launch our new Safeguarding Report, designed specifically for Digital Safeguarding Leads (DSLs), Student Well-being Officers, and Pastoral Care Teams. This streamlined report focuses on identifying ‘risky’ online behaviors among students, pinpointing searches, videos, and web content related to self-harm, extremism, drugs, and other unacceptable categories as defined by your school.

For a brief overview, watch our quick guide here.

Getting started with the Safeguarding Report:

  • Navigate to Reports > Overview Report > Safeguarding.
  • Optionally, apply filters to exclude staff or include only certain year groups.
  • Select your desired date range and click Run Report, or click Schedule to automatically send the report to the appropriate recipients daily, weekly, or monthly.

This is the initial version, and we’re eager for your honest feedback to refine it further!

Productivity Settings

With the introduction of the Safeguarding report detailing access to categories in the ‘Unacceptable Productivity’ list, we felt it important to separate IT Security concerns, such as Botnet and Malware, from this list, as they are not safeguarding concerns.

We have therefore added a new ‘IT Security’ list in Settings > Productivity, which separates categories such as Botnet and Malware from the existing ‘Unacceptable’ Productivity list.

For new installations, the ‘Unacceptable’ Productivity list is ordered by safeguarding priorities. Existing installations will retain their current ordering, but categories can be re-ordered by dragging and dropping in the ‘Unacceptable’ list under Settings > Productivity. This order is reflected in the ‘Unacceptable Web Categories’ sections of the new Safeguarding report.

If needed, existing installations can reset their Productivity settings to the new defaults by:

  1. Going to Settings > Data Storage > Settings and noting the Data Location.
  2. Stopping the Fastvue Reporter service in services.msc.
  3. Navigating to the data location on the Fastvue server.
  4. Deleting all Aliases.* files.
  5. Starting the Fastvue Reporter service in services.msc. It may take a few minutes for the database to initialize, visible in Settings > Diagnostic > Database.
  6. Navigating to Settings > Productivity to review the new Productivity settings.
  • Keyword Groups can now be reordered in Settings > Keywords, reflecting the order of Keyword sections in the new Safeguarding report.
  • Adjusted the search term extraction rules for YouTube to prevent duplicated searches appearing in alerts and reports.
  • Fixed the detection of VPN connections on newer versions of SonicOS where the vpn client session type is now logged as “client” instead of “sslvpnc”.
  • Fixed an issue where adding multiple email addresses using commas in the Schedule dialog on the Reports tab didn’t separate the addresses correctly.
  • When YouTube integration is not configured, Internet Usage reports will show raw YouTube URLs instead.
Download Update
Reporter for SonicWall (2023-11-21)

  • All changes in this build relate to other Fastvue Reporter brands. Specifically, Reporter for Palo Alto Networks, Cisco Firepower and Barracuda. See all release notes here.

Reporter for SonicWall (2023-10-13)

Security Update
New Fields
  • You can now filter Reports and Alerts by the ‘isJunk’ field, allowing you to remove or include URLs in the Junk URLs list (see Settings > Site Clean > Junk URLs). Note that the ‘Clean (on)’ option in Overview Reports already removes Junk URLs or substitutes them with the actual/visited domain.
Site Clean
  • Added Junk URLs associated with background LinkedIn activity that can bloat browsing time when not actually using LinkedIn.
  • Added over 42,500 known ad servers to the list of Junk URLs.
  • Added domain substitutes for known TikTok CDNs.
  • Added a range of exclude keywords to many drugs in the Drugs Keyword group to remove false positives associated with researching issues related to drugs (statistics, prevention, long term effects, etc).
  • Added new keywords and exclude keywords to Extremism, Self Harm and Adult and Profanity keyword groups.

Note: Site Clean and Keyword updates are delivered automatically behind the scenes, but if your Fastvue Reporter server is air-gapped, simply update the software to obtain these updates.

Reporter for SonicWall (2023-09-22)

Improved SonicWall Integration
  • Improved the Application ID to Application lookup, preventing App IDs being shown in the Application reports.
  • When filtering an Activity Report by multiple Security Groups, the selected Security Groups are now shown as a comma separated list in a single row in the report, rather than creating duplicated rows for each Security Group a person is a member of. This fix also applies to filtering by other multi-value (arrayed) fields such as categories.
  • Source host resolution now only occurs on internal IP address ranges, or ranges specified in the ResolveSourceHostsIPRanges property in the Settings.xml file.
  • Added Search Term extraction for
  • Fixed the handling of value-less URL query parameters (e.g. ‘?ab&c=123’ -> ab=(blank), c=123)
  • Elasticsearch *.mdmp files now get deleted as part of the cleanup task when a low disk space warning is triggered.
Performance Improvements
  • Incoming syslog data is no longer queued in memory when the database is not operational.
  • Elasticsearch is now configured to enable memory locking by default, configurable via setting DatabaseElasticMemoryLock in the Settings.xml file.
  • Elasticsearch Java process priority is now set to Normal by default, and can be optionally set to BelowNormal by setting DatabaseElasticProcessPriorityLow in the Settings.xml file.

Reporter for SonicWall (2023-08-09)

Improved SonicWall integration & IPS reporting
  • New fields: Added new fields that represent the Group Name and Legacy Category from the SonicOS 7.x Event Log Reference Guide. These fields are named Event Group Name and Event Legacy Category, respectively. These fields are in addition to the existing fields Event Category, Event Message, Event Message Detail, and Message ID.
  • Improved IPS Reports: Updated the filters behind the Intrusions Detected widgets in the Firewall Dashboard and the IT Network and Security Report to accommodate changes in SonicWall’s log event categorization.
  • Changed the widgets in the IT Network and Security report Threats section to separate IPS Detection and IPS Prevention events, as well as Attacks and Possible Attacks.
  • Note that the Intrusion Detection Event Category is now obsolete and has been replaced with different filters across Reports, Dashboard, Alerts. However, the change to Alerts is not automatically applied. After upgrading to this version, reset the default ‘Intrusion Detected’ alert to Factory Default (click the Recycle icon on the alert in Settings > Alerts) to get access to the new filter, or change the Criteria in the Alert to Message ID ‘Equal to’ 608.
  • SecurityProtocols now enforces a minimum of TLS 1.2 by default, with an option to specify SecurityProtocols via XML settings.
  • Data Retention Policy enforcement now includes the size of today’s data in calculating the total size of data for the size policy, while still not deleting today’s data if it alone exceeds the size policy.
  • Fixed an issue introduced in the previous build where no records would be written to the Elasticsearch database until a minimum number of 10,000 syslog records were reached.
  • Fixed index management being unable to delete indexes in certain situations when an index has unassigned shards.
  • Fixed an issue with YouTube enrichment where some records would be imported without the enriched video metadata from YouTube. This meant you would see both the original YouTube URL as well as the enriched video title as separate items in the YouTube Videos report widget.
  • Switch buttons above Report widgets (e.g., Clean (on) | Clean (off) | Show Both) now indicate which option is currently selected.
Performance Improvements
  • Optimized memory and resource usage in a range of areas across the application. Note that if you have a large amount of data, you may still see memory usage often pegged near 100% due to the way Elasticsearch uses memory-mapped files; however, this memory is made available to other processes when needed and should not affect general performance.

Reporter for SonicWall (2023-07-14)

Improved SonicWall Integration
  • Applications: Added experimental support for Applications. New fields include Application, Application ID, Application Category, Application Risk, Application Signature. New widgets for Applications exist on the Bandwidth Dashboard, Firewall Dashboard, and in both Internet Usage and IT Network and Security reports.
  • Blocked Countries: The Country from GeoIP block events are now imported into the Country field. Added a new Blocked Countries widget to the IT Network and Security report.
  • New Productivity Dashboard: Replaced the Productivity dashboard with a new improved version.
  • Fixed issue where log data will stop importing if the IP sending the syslog data changes. When adding syslog sources by a hostname / FQDN, Fastvue Reporter will now re-resolve the Source’s hostname to an IP when they detect they are no longer receiving syslog data from the IP the hostname last resolved to. The hostname to IP resolution previously only occurred when a Source is added, or when the Fastvue Reporter service is started.
  • Fixed issue where users logged with their UPN instead of their sAMAccountName would not be aliased to a user object in Active Directory. This meant they would not be displayed with their Display Name, or included in reports on AD Security Groups or Departments, Offices, or Companies)
  • Fixed issue where users with the same sAMAccountName from different domains would be aliased to the same user.
  • Top downloads widget on the Bandwidth dashboard now handles long URLs by truncating to one line, with the rest of the URL shown in a hover-over ellipsis.
Performance Improvements:
  • Further optimized the data import pipeline.
  • Reduced the performance impact of source host resolution by increasing the TTL for cached entries and reducing resolution attempts for failed resolutions.

Reporter for SonicWall (2023-06-26)

Improved performance:
  • Optimized the live dashboard query processing and timing to reduce CPU wastage.
  • Optimized the import pipeline to reduce RAM, CPU, and I/O.
  • Adjusted the default database memory settings. JVM Heap Size now defaults to 50% of RAM or 1GB, whichever is larger, clamped up to 32GB. These settings are used when Memory Settings are set to ‘Automatic’ in Settings > Diagnostic > Database > Memory Settings.
  • Improved Search Term extraction rules including TikTok,,, Yahoo, and Bing chat.
  • Activity Reports now insert a column for Keyword Group when filtering by more than one Keyword Group.
  • The YouTube Videos widget now shows the original YouTube URL if YouTube integration is not enabled in Settings > YouTube.
  • Fixed an issue that may prevent users from being notified about errors saving configuration, such as Alerts being created with the same name.

Reporter for SonicWall (2023-04-20)
  • Fixed an issue preventing drill downs from Activity Reports that was introduced in the previous build.
  • Improved Activity Report loading.

Reporter for SonicWall (2023-04-19)
  • Fixed issue preventing Activity Reports from loading correctly, showing an endless spinner for some hour tables.
  • Date picker now shows previous month and current month instead of current month and two future months.
  • Installer no longer shows prerequisite prompt if the IIS and .NET prerequisites are already installed.

Reporter for SonicWall (2023-03-30)
  • Fixed Report error
    "Elastic shard failed: Type: script_exception Reason: "compile error" CausedBy: "Type: illegal_argument_exception Reason: "unexpected character [/^(.*[^\wÀ-ÿ]|)(Elden)([^\wÀ-ÿ].*|)))]." CausedBy: "Type: lexer_no_viable_alt_exception Reason: """"
  • Fixed Report error
    valcount = doc[params.field].length;

  • Improved LDAP Directory connection logic preventing ‘LDAP server unavailable’ errors.
  • Fixed issue preventing drilling down into Keyword Groups from an existing report.