Home » Reports using Advanced Search

Using Advanced Search


Firewall Analyzer provides advanced search feature. Advanced Search, offers numerous options for making your searches more precise and getting more useful results. It allows you to search from the Raw Firewall Logs. Using this feature, you will be able to save the search results as Report Profiles. This provides a simplified means to create very precise, selectively filtered and narrowed down Report Profiles.

Advanced Search

In Advance Search, you can search the logs for the selected devices, from the aggregated logs database or raw firewall logs, and define matching criteria.

 

Selected Devices

 

In this section, you can choose the devices for which you want the logs to be searched. If no device is selected or you want to change the list of selected devices, select the devices.

  1. Click Change Selection link.
  2. Select Devices from the list window pops-up. In that window, All Devices with selection check box and individual devices with selection check boxes options are available.
  3. Select the devices by selecting the check boxes as per your requirement. Click OK to select the devices and close the window or click Cancel to cancel the opration and close the window.

The selected devices are displayed in this section.

 

Search From

 

In this section, you can select one from the two options:

  1. Aggregated Logs Database
  2. Raw Firewall Logs
  1. Aggregated Logs Database

Select this option if you want to search from the aggregated logs database.

  1. Raw Firewall Logs

Select this option if you want to search from the raw firewall logs. Selecting this option will enable the following options:

  1. Raw VPN Logs
  2. Raw Virus/Attack Logs
  3. Raw Device Management Logs
  4. Raw Denied Logs

Select the above logs options as per your requirement.

Define Criteria

 

This section, enables you to search the database for attributes using more than one following criteria's:

 

Criteria Description
Protocol Refers to the list of protocols and protocol identifiers that are available in the Protocol Groups page (Settings >> Protocol Groups)
example: 8554/tcp, rtsp, IPSec
Source

Refers to the source host name or IP address from which requests originated

Destination Refers to the destination host name or IP address to which requests were sent
User Refers to the authenticated user name required by some firewall's
example: john, kate
Virus Refers to the Virus name.
examples: JS/Exception, W32/Mitglieder
Attack Refers to the attack name.
examples: UDP Snort, Ip spoof
Device Refers to the device from which logs are collected
Message Refers to the log message texts stored in the DB
  • If the search string exists then the search result will be intelligently displayed based on the report category in which it occurred.
  • By default, the search is carried out for the time period selected in the Global Calendar present in the left pane of the UI.
  • You can also search within the search results.

Using Advanced Search to create Report Profile

To generate remote VPN users reports:

  • Click Advanced Search link in the Sub Tab.
  • Select appropriate Devices.

    Raw Firewall Logs

    • Select Raw Firewall Logs radio button.
    • Select Raw VPN Logs in the Raw Firewall Logs group.
    • In the Criteria section, enter Duration isn't '0'.
    • Click Search and click Configure Columns to change reports columns.

    Aggregated Logs Database

    • Select Aggregated Logs Database radio button.
    • In the Criteria section, select Match all of the following or Match any of the following to match all the criteria set or any of the criteria set and add or remove additional criteria using Add Criteria and Remove Criteria links and select Protocol is 'HTTP'.
    • Click Search. Search results provide the Reports related to your search <for time period from begining of the day to current time>.
    • Select the required reports by selecting the individual reports or by selecting the Add Criteria to select all the reports. These will form the criteria for the Report Profile.
  • To save the search result as report profile, click Save as Report Profile link.

  • Enter a Report Profile Name.
  • Schedule the report, if required by selecting Associate Schedule check box.

  • In the Schedule & Email Options section, choose the format of report to be Emailed using Send report as: PDF CSV radio buttons. Choose a Schedule Type to schedule this report to be automatically generated at specific time intervals. Choose from hourly, daily, weekly, or monthly schedules, or choose to run this report only once. For Daily, and Only once schedules, you can set the TimeFilter TimeFilter for Custom Hours, Only Working Hours, or Only NonWorking Hours.

    For the Daily schedules, if the option Run on Week Days is selected then the reports are run daily except on the weekends. For the Weekly or Monthly schedules, select the option Generate Report only for Week Days if you want to report on the events that occurred only on the week days and not report on events that occurred over the weekends.

    If the Email the Report option is checked, the scheduled report will be generated and emailed as PDF to the Mail Id that is provided. You can use comma "," separator for multiple mail ids.

     

    Warning You need to configure the mail server settings in Firewall Analyzer before setting up an email notification. You can do this from the Setup the Mail-Server Details link.
  • Click Save as Profile button. A new report profile is added.

 

In the Configure Columns pop-up screen you can select the required columns of the report. For example: User, StartTime, Time, and Duration. Here, Time represents EndTime of the VPN connection.

 

Copyright © 2013, ZOHO Corp. All Rights Reserved.
ManageEngine