Select this option if you want to search from the logs indexes and archive.
If you have selected the Raw Firewall Logs option in the Search Type and index Security Logs only option in the Raw Search settings, the following options will be enabled: Raw VPN Logs, Raw Virus/Attack Logs, Raw Device Management Logs, and Raw Denied Logs
If you have selected the Raw Firewall Logs option in the Search Type and the index Traffic & Security logs option in the Raw Search settings, the following options will be enabled: Raw VPN Logs, Raw Virus/Attack Logs, Raw Device Management Logs, and Raw Denied Logs and additionally Traffic logs option.
Choose the required logs to be searched.
Note: |
|
In the Search Type, you can also select Raw Proxy Logs and Unknown protocol from the dropdown list.
Selected Devices
In this section, you can choose the devices for which you want the logs to be searched. There are 2 lists,
By default all the devices are selected and available in the Selected Devices list. If you want to change the list of selected devices, select the required devices in the Available devices list and move it to the Selected devices list and vice versa. The selected devices are displayed in this section.
Define Criteria
If you have selected the Raw Firewall Logs option in the Search Type, this section enables you to search the logs for attributes using more than one of the following criteria:
Criteria | Description |
---|---|
Protocol | Refers to the list of protocols and protocol identifiers that are available in the Protocol Groups page (Settings >> Protocol Groups). Example: 8554/tcp, rtsp, IPSec |
Source | Refers to the source host name or IP address from which requests originated. |
Destination | Refers to the destination host name or IP address to which requests were sent |
User | Refers to the authenticated user name required by some firewall's. Example: john, kate |
Virus | Refers to the Virus name. Examples: JS/Exception, W32/Mitglieder |
Attack | Refers to the attack name. Examples: UDP Snort, Ip spoof |
URL | Refers to the URL to be searched |
Rule | Refers to the Rule used |
Category | Refers to the category type |
Application | Refers to the application type |
Src Country | Refers to the source country |
Dst Country | Refers to the destination country |
If you have selected the Raw Proxy Logs option in the Search Type, this section enables you to search the logs for attributes using more than one of the following criteria:
Criteria | Description |
---|---|
Protocol | Refers to the list of protocols and protocol identifiers that are available in the Protocol Groups page (Settings >> Protocol Groups). Example: 8554/tcp, rtsp, IPSec |
Source | Refers to the source host name or IP address from which requests originated |
Destination | Refers to the destination host name or IP address to which requests were sent |
User | Refers to the authenticated user name required by some firewall's. Example: john, kate |
Category | Refers to the category type |
URL | Refers to the URL to be searched |
Virus | Refers to the Virus name. Examples: JS/Exception, W32/Mitglieder |
Status | The status of the traffic whether it is permit or deny. |
Bytes | The number of bytes the traffic has used. |
Duration | The time duration of the traffic. |
If you have selected the Unknown Protocol option in the Search Type, this section enables you to search the logs for attributes using more than one of the following criteria:
Criteria | Description |
---|---|
Status | The status of the traffic whether it is permit or deny. |
Protocol | Refers to the list of protocols and protocol identifiers that are available in the Protocol Groups page (Settings >> Protocol Groups). Example: 8554/tcp, rtsp, IPSec |
Source | Refers to the source host name or IP address from which requests originated |
Destination | Refers to the destination host name or IP address to which requests were sent |
User | Refers to the authenticated user name required by some firewall's. Example: john, kate |
VPN | Refers to the Virus name. Examples: JS/Exception, W32/Mitglieder |
Click Generate button. On clicking Generate button you will see the search results.
Note: |
|
If the search string exists then the search result will be displayed in two tabs, Formatted Logs and Raw Logs. In the Formatted Logs tab, the search result is fetched from the log indexes and displayed.
In the Formatted Logs tab, the search results are displayed in a table format with the following column:
In the Raw Logs tab, the search result is fetched from the log archives and displayed as raw logs.
Choose Columns, Save buttons on right top of the screen.
Choose Column will list all the columns of the result table. You can select the columns for display as per your choice.
Note: | When you save the search results as report, the number of columns to choose is restricted to 11 for better reportin |
To enable indexing of raw logs follow the steps given below:
In Search screen, select the Raw Setting link. Raw Data Indexing page appears.
You will require additional hardware for index log storage space, refer hardware requirements in the System Requirements page.