Search Tab

    Search Tab, offers numerous options for making your searches more precise and getting more useful results from the Aggregated Logs Database. It also allows you to search from the Raw Firewall Logs.

    In Advance Search, you can search the logs for the selected devices, from the aggregated logs database or raw firewall logs, and define matching criteria. 

    Selected Devices 

    In this section, you can choose the devices for which you want the logs to be searched. If no device is selected or you want to change the list of selected devices, select the devices.

     

    1. Click Change Selection link.
    2. Select Devices from the list window pops-up. In that window, All Devices with selection check box and individual devices with selection check boxes options are available.
    3. Select the devices by selecting the check boxes as per your requirement. Click OK to select the devices and close the window or click Cancel to cancel the operation and close the window.

    The selected devices are displayed in this section.

    Search From

    In this section, you can select one from the two options:

    1. Aggregated Logs Database
    2. Raw Firewall Logs
    1. Aggregated Logs Database

    Select this option if you want to search from the aggregated logs database.

    1. Raw Firewall Logs

    Select this option if you want to search from the raw firewall logs. Selecting this option will enable the following options:

    1. Raw VPN Logs
    2. Raw Virus/Attack Logs
    3. Raw Device Management Logs
    4. Raw Denied Logs

    Select the above logs options as per your requirement.

    Define Criteria

    This section, enables you to search the database for attributes using more than one following criteria's:

    Criteria Description
    Protocol Refers to the list of protocols and protocol identifiers that are available in the Protocol Groups page (Settings >> Protocol Groups)
    example: 8554/tcp, rtsp, IPSec
    Source

    Refers to the source host name or IP address from which requests originated
    Destination Refers to the destination host name or IP address to which requests were sent
    User Refers to the authenticated user name required by some firewall's
    example: john, kate
    Virus Refers to the Virus name.
    examples: JS/Exception, W32/Mitglieder
    Attack Refers to the attack name.
    examples: UDP Snort, Ip spoof
    URL Refers to the URL, which you want to search
    Rule Refers to the Firewall Rule, which you want to search
    Device Refers to the device from which logs are collected
    Message Refers to the log message texts stored in the DB

     

    • If the search string exists then the search result will be intelligently displayed based on the report category in which it occurred.
    • By default, the search is carried out for the time period selected in the Global Calendar present in the left pane of the UI.
    • You can also search within the search results.

    Advanced Search of Imported Firewall Logs

    You can carry out Advanced Search on the imported Firewall logs.