Search Tab
Search Tab, offers numerous
options for making your searches more precise and getting more useful
results Aggregated Logs Database. It allows you to search from the Raw Firewall Logs.
In Advance Search, you can search the logs for the selected devices, from the aggregated logs database or raw firewall logs, and define matching criteria.
Selected Devices
In this section, you can choose the devices for which you want the logs to be searched. If no device is selected or you want to change the list of selected devices, select the devices.
- Click Change Selection link.
- Select Devices from the list window pops-up. In that window, All Devices with selection check box and individual devices with selection check boxes options are available.
- Select the devices by selecting the check boxes as per your requirement. Click OK to select the devices and close the window or click Cancel to cancel the opration and close the window.
The selected devices are displayed in this section.
Search From
In this section, you can select one from the two options:
- Aggregated Logs Database
- Raw Firewall Logs
- Raw Proxy Logs
- Unknown Protocol
- Aggregated Logs Database
Select this option if you want to search from the aggregated logs database. Search criteria for 'Aggregated Logs Database' are, Protocol, Source, Destination, User, Virus, Attack, URL, Rule, and Category
- Raw Firewall Logs
Select this option if you want to search from the raw firewall logs. Selecting this option will enable the following options:
- Raw VPN Logs
- Raw Virus/Attack Logs
- Raw Device Management Logs
- Raw Denied Logs
Select the above logs options as per your requirement. Search criteria for 'Raw Firewall Logs' are, Protocol, Source, Destination, User, Virus, Attack, Severity, URL, Status, Rule, VPN, Duration, Message, and VPN Group
- Raw Proxy Logs
Select this option if you want to search from the raw Proxy server logs. All Squid, ISA proxy logs will be indexed in real time (i.e., whenever imported). Search criteria for 'Raw Proxy Logs' are, Protocol, Source, Destination, User, Virus, Status, Bytes, and Duration
- Unknown Protocol
Select this option if you are sure of the protocol and log source. Search criteria for 'Unknown Protocol' are, Status, Protocol, Source, Destination, User, and VPN
You can search all the logs.
Define Criteria
This section, enables you to search the database for attributes using more
than one following criteria's:
Criteria |
Description |
Protocol |
Refers to the list of protocols and protocol identifiers that are
available in the Protocol Groups page (Settings >> Protocol
Groups)
example: 8554/tcp, rtsp, IPSec |
Source |
Refers to the source host name or IP address (CIDR format also) from which requests
originated |
Destination |
Refers to the destination host name or IP address (CIDR format also) to which requests
were sent |
User |
Refers to the authenticated user name required by some firewall's
example: john, kate |
Virus |
Refers to the Virus name.
examples: JS/Exception, W32/Mitglieder |
Attack |
Refers to the attack name.
examples: UDP Snort, Ip spoof |
Severity |
Refers to the event severity |
URL |
Refers to the URL, which you want to search |
Status |
Refers to the event status |
Rule |
Refers to the Firewall Rule, which you want to search |
VPN |
Refers to the VPN details |
Duration |
Refers to the duration reference in the log |
Bytes |
Refers to the bytes transefered information in the log |
Category |
Refers to the log category |
Device |
Refers to the device from which logs are collected |
Message |
Refers to the log message texts stored in the DB |
VPN Group |
Refers to the VPN group details |
Application |
Refers to the application for which the alert profile is created |
Source Country |
Refers to the source country for which the alert profile is created |
Destination Country |
Refers to the destination country for which the alert profile is created |
- If the search string exists then the search result will be intelligently
displayed based on the report category in which it occurred.
- By default, the search is carried out for the time period selected
in the Global Calendar present in the left pane of the UI.
- You can also search within the search results.
Advanced Search of Imported Firewall Logs
You can carry out Advanced Search on the imported Firewall logs.
|