Raw Search

    Select this option if you want to search from the logs indexes and archive.

    If you have selected the Raw Firewall Logs option in the Search Type and index Security Logs only option in the Raw Search settings, the following options will be enabled: Raw VPN Logs, Raw Virus/Attack Logs, Raw Device Management Logs, and Raw Denied Logs

    If you have selected the Raw Firewall Logs option in the Search Type and the index Traffic & Security logs option in the Raw Search settings, the following options will be enabled: Raw VPN Logs, Raw Virus/Attack Logs, Raw Device Management Logs, and Raw Denied Logs and additionally Traffic logs option.

    Note: "Index Security logs only" option is enabled by default. If you want to search for "Traffic data", kindly change the settings here to "Index Traffic and Security logs.

    Choose the required logs to be searched.

    In the Search Type, you can also select  Raw Proxy Logs and Unknown protocol from the dropdown list.

    Selected Devices

    In this section, you can choose the devices for which you want the logs to be searched. There are 2 lists,

    1. Available devices list
    2. Selected devices list

    By default all the devices are selected and available in the Selected Devices list. If you want to change the list of selected devices, select the required devices in the Available devices list and move it to the Selected devices list and vice versa. The selected devices are displayed in this section.

    Define Criteria

    If you have selected the Raw Firewall Logs option in the Search Type, this section enables you to search the logs for attributes using more than one of the following criteria: 

    Criteria Description
    Protocol Refers to the list of protocols and protocol identifiers that are available in the Protocol Groups page (Settings >> Protocol Groups). Example: 8554/tcp, rtsp, IPSec
    Source Refers to the source host name or IP address from which requests originated.
    Destination Refers to the destination host name or IP address to which requests were sent
    User Refers to the authenticated user name required by some firewall's. Example: john, kate
    Virus Refers to the Virus name. Examples: JS/Exception, W32/Mitglieder
    Attack Refers to the attack name. Examples: UDP Snort, Ip spoof
    URL Refers to the URL to be searched
    Rule Refers to the Rule used
    Category Refers to the category type
    Application Refers to the application type
    Src Country Refers to the source country
    Dst Country Refers to the destination country

     

    If you have selected the Raw Proxy Logs option in the Search Type, this section enables you to search the logs for attributes using more than one of the following criteria: 

     

    Criteria Description
    Protocol Refers to the list of protocols and protocol identifiers that are available in the Protocol Groups page (Settings >> Protocol Groups). Example: 8554/tcp, rtsp, IPSec
    Source Refers to the source host name or IP address from which requests originated
    Destination Refers to the destination host name or IP address to which requests were sent
    User Refers to the authenticated user name required by some firewall's. Example: john, kate
    Category Refers to the category type
    URL Refers to the URL to be searched
    Virus Refers to the Virus name. Examples: JS/Exception, W32/Mitglieder
    Status The status of the traffic whether it is permit or deny.
    Bytes The number of bytes the traffic has used.
    Duration The time duration of the traffic.

     

    If you have selected the Unknown Protocol option in the Search Type, this section enables you to search the logs for attributes using more than one of the following criteria: 

    Criteria Description
    Status The status of the traffic whether it is permit or deny.
    Protocol Refers to the list of protocols and protocol identifiers that are available in the Protocol Groups page (Settings >> Protocol Groups). Example: 8554/tcp, rtsp, IPSec
    Source Refers to the source host name or IP address from which requests originated
    Destination Refers to the destination host name or IP address to which requests were sent
    User Refers to the authenticated user name required by some firewall's. Example: john, kate
    VPN Refers to the Virus name. Examples: JS/Exception, W32/Mitglieder

     

    Click Generate button. On clicking Generate button you will see the search results.

    Note:
    • By default, the search is carried out for the time period selected in the Calendar.
    • You can also search within the search results

    If the search string exists then the search result will be displayed in two tabs, Formatted Logs and Raw Logs.  In the Formatted Logs tab, the search result is fetched from the log indexes and displayed.

    In the Formatted Logs tab, the search results are displayed in a table format with the following column:

    • Device
    • Host
    • Source Port
    • User
    • Protocol
    • Destination
    • Destination Port
    • Date/Time
    • Virus/Attack
    • VPN
    • Severity
    • Rule Number/ID
    • Status
    • URL
    • Category
    • Duration
    • Description
    • VPN Group
    • Port based
    • Sent
    • Received

    In the Raw Logs tab, the search result is fetched from the log archives and displayed as raw logs.

    Choose Columns, Save buttons on right top of the screen.

    Choose Column will list all the columns of the result table. You can select the columns for display as per your choice.

    Note: When you save the search results as report, the number of columns to choose is restricted to 11 for better reportin

    Raw Settings

    To enable indexing of raw logs follow the steps given below:

    In Search screen, select the Raw Setting link. Raw Data Indexing page appears.

    • Raw Data Indexing: Move Enable or Disable slider button to enable or disable indexing of raw logs.
    • If you want to index security logs only, select Index Security Logs only radio button. If you select the Raw Firewall Logs option in the Search Type and index Security Logs only option here, the following options will be enabled: Raw VPN Logs, Raw Virus/Attack Logs, Raw Device Management Logs, and Raw Denied Logs
    • If you want to index both traffic and security logs, select Index Traffic & Security Logs radio button. If you select the Raw Firewall Logs option in the Search Type and the index Traffic & Security logs option here, the following options will be enabled: Raw VPN Logs, Raw Virus/Attack Logs, Raw Device Management Logs, and Raw Denied Logs and additionally Traffic logs option.
    • Click Save to save raw log index settings.

     You will require additional hardware for index log storage space, refer hardware requirements in the System Requirements page.

     

    Thank you for your feedback!

    Was this content helpful?

    We are sorry. Help us improve this page.

    How can we improve this page?
    Do you need assistance with this topic?
    By clicking "Submit", you agree to processing of personal data according to the Privacy Policy.