Aggregated Search

    Select this option if you want to search from the logs database.

    Selected Devices

    In this section, you can choose the devices for which you want the logs to be searched. There are 2 lists,

    1. Available devices list
    2. Selected devices list

    By default all the devices are selected and avilable in the Selected Devices list. If you want to change the list of selected devices, select the required devices in the Available devices list and move it to the Selected devices list and vice versa. The selected devices are displayed in this section.

    Define Criteria

    This section, enables you to search the database for attributes using more than one following criteria's: 

    Criteria Description
    Protocol Refers to the list of protocols and protocol identifiers that are available in the Protocol Groups page (Settings > Protocol Groups) Example: 8554/tcp, rtsp, IPSec
    Source Refers to the source host name or IP address from which requests originated
    Destination Refers to the destination host name or IP address to which requests were sent
    User Refers to the authenticated user name required by some firewall's. Example: john, kate
    Virus Refers to the Virus name. Examples: JS/Exception, W32/Mitglieder
    Attack Refers to the attack name. Examples: UDP Snort, Ip spoof
    URL Refers to the URL to be searched
    Rule Refers to the Rule used
    Category Refers to the category type
    Application Refers to the application type
    Src Country Refers to the source country
    Dst Country Refers to the destination country

     Click Generate button. On clicking Generate button you will see the search results.

    Note:
    • By default, the search is carried out for the time period selected in the Calendar.
    • You can also search within the search results

     If the search string exists then the search result will be intelligently displayed based on the report category in which it occurred. The report categories are:

    • Spam Detail
    • Virus Details
    • Analysis of Attack
    • URL Details
    • VPN Usage Report
    • Analysis of Protocol
    • Application Detail
    • Conversation Details
    • Rules Triggered analysis

    Choose Columns, Save buttons on right top of the screen.

    The result of the search is displayed as table with its own columns. You can select the columns for display as per your choice.