Reporting and Analytics
IronWiFi provides detailed reporting on authentication events, session data, bandwidth usage, and user activity. Use these reports to monitor network health, audit access, plan capacity, and demonstrate compliance.
Accessing Reports
- Log in to the IronWiFi Console
- Navigate to Reports in the main menu
- Select the report type from the submenu
Reports are available for all Networks in your account. Use filters to narrow results by date range, Network, user, or authentication result.
Report Types
Authentication Reports
Authentication reports show every RADIUS authentication request processed by IronWiFi.
| Field | Description |
|---|---|
| Timestamp | Date and time of the authentication attempt |
| Username | The identity used for authentication |
| Result | Accept, Reject, or Challenge |
| NAS IP | IP address of the access point or controller |
| Auth Method | EAP type used (PEAP, EAP-TLS, PAP, etc.) |
| Reject Reason | Specific reason for rejected attempts |
Filtering authentication data
Use filters to isolate specific issues:
- By result -- Show only rejected attempts to identify failing users
- By date range -- Compare authentication patterns across time periods
- By NAS IP -- Isolate issues to a specific access point
- By username -- Track a single user's authentication history
When troubleshooting a user's connection issues, filter the authentication report by their username and sort by newest first. The reject reason column tells you exactly why authentication failed.
Session Reports
Session reports track active and historical user sessions, including connection duration and data transfer.
| Field | Description |
|---|---|
| Username | Authenticated user identity |
| Session ID | Unique session identifier |
| Start Time | When the session began |
| Stop Time | When the session ended (blank if active) |
| Duration | Session length in seconds |
| Input Octets | Data uploaded by the client (bytes) |
| Output Octets | Data downloaded by the client (bytes) |
| NAS IP | Access point serving the session |
| Terminate Cause | Reason the session ended |
Common terminate causes:
| Cause | Meaning |
|---|---|
| User disconnected voluntarily |
| Session exceeded configured time limit |
| No activity for the configured idle period |
| Administrator terminated the session |
| Access point restarted |
| Client lost wireless signal |
Bandwidth Usage Reports
Bandwidth reports aggregate data transfer across users, time periods, and access points.
Per-user bandwidth:
- Navigate to Reports > Sessions
- Filter by the target user
- Review the Input Octets and Output Octets columns
- Sum values across sessions for total usage within the date range
Per-network bandwidth:
- Navigate to Reports > Sessions
- Filter by the target Network
- Review aggregate data transfer totals shown at the bottom of the report
RADIUS accounting must be enabled on your access points for session and bandwidth data to appear in reports. Configure your access points to send accounting packets to IronWiFi's accounting port (shown in your Network settings).
User Activity Reports
Track individual user behavior over time:
- Login frequency -- How often a user connects
- Session duration patterns -- Average session length
- Device usage -- MAC addresses used by a user
- Location tracking -- Which access points a user connects to (by NAS IP)
- Data consumption -- Upload and download volumes per session
Working with Report Data
Searching and Filtering
All report views support:
- Date range picker -- Select start and end dates
- Text search -- Search by username, MAC address, or NAS IP
- Column sorting -- Click column headers to sort ascending/descending
- Result filters -- Filter by authentication result (Accept/Reject)
Exporting Data
Export report data for external analysis, compliance audits, or archival.
- Navigate to the desired report
- Apply any filters to narrow the data set
- Click Export
- Choose the export format:
- CSV -- For spreadsheet analysis (Excel, Google Sheets)
- JSON -- For programmatic processing
For large exports spanning many months, narrow your date range and export in smaller batches. This keeps file sizes manageable and avoids timeouts.
Programmatic Access via API
Retrieve report data programmatically using the REST API:
See the API Endpoints reference for available query parameters and response formats.
Configuring RADIUS Accounting
For session and bandwidth data to appear in reports, your access points must send RADIUS accounting packets to IronWiFi.
Access point configuration
- In the IronWiFi Console, navigate to Networks and note your Accounting Port
- On your access point or controller, configure RADIUS accounting:
- Accounting Server IP -- Same as your RADIUS authentication server IP
- Accounting Port -- The accounting port from your Network settings
- Shared Secret -- Same shared secret as authentication
- Accounting Interval -- Recommended: 300 seconds (5 minutes)
Accounting packet types
| Packet | When Sent | Contains |
|---|---|---|
| User connects | Session ID, username, NAS IP |
| At configured interval | Running session time, data counters |
| User disconnects | Final session time, total data, terminate cause |
If your access points do not send accounting packets, the Sessions report will be empty even though authentication works. Always configure both authentication and accounting on your access points.
Verifying accounting data
- Connect a test user to your WiFi network
- Wait at least one accounting interval (e.g., 5 minutes)
- Check Reports > Sessions in the IronWiFi Console
- Confirm the session appears with data counters
If no sessions appear, check:
- Accounting server IP and port match your Network settings
- Shared secret is identical for both authentication and accounting
- Firewall allows outbound UDP on the accounting port
- Your access point has RADIUS accounting enabled (not just authentication)
Common Reporting Use Cases
Compliance auditing
Export authentication logs regularly for compliance requirements (ISO 27001, SOC 2, GDPR). Authentication reports provide a complete audit trail of who accessed the network, when, and from which device.
Capacity planning
Use session and bandwidth reports to:
- Identify peak usage times and plan for growth
- Detect access points with consistently high client counts
- Monitor bandwidth trends to anticipate upgrades
Troubleshooting connectivity
When a user reports intermittent connectivity:
- Filter authentication reports by their username
- Look for patterns -- repeated rejects followed by accepts may indicate signal issues
- Check session reports for short session durations or terminate causes
Lost-Carrier - Identify if the issue is specific to one access point (NAS IP)
Detecting unauthorized access
Review authentication reports for:
- Failed login attempts from unknown usernames
- High volumes of rejects from a single NAS IP
- Successful authentications at unusual hours
- Users authenticating from unexpected locations
Data Retention
IronWiFi retains report data based on your account plan:
- Authentication logs are available for the retention period configured in your account
- Session data follows the same retention policy
- Export data regularly if you need to retain records beyond your plan's retention period
For long-term archival, set up a scheduled export using the REST API to pull data into your own storage on a regular basis.
Related Topics
- Networks -- RADIUS server configuration including accounting ports
- Troubleshooting -- Diagnosing authentication failures using report data
- REST API -- Programmatic access to reporting data
- Groups -- Group-level policies that affect session behavior
- Attributes -- RADIUS attributes that control sessions and bandwidth
Was this page helpful?