Setting name | Description | |
Time Period | Select the time span of the report, such as This Month or Last N Days. | |
Past N Hours Past N Days Past N Weeks | Type the number N of units of time. This option appears only when you have selected Last N Hours, Last N Days, or Last N Weeks from Time Period, and therefore must define N. | |
From Date Hour | Select and configure the beginning of the time span. For example, you may want the report to include log messages starting from May 5, 2006 at 6 PM. You must also configure To Date. | |
To Date Hour | Select to configure the end of the time span. For example, you may want the report to include log messages up to May 6, at 12 AM. You must also select and configure From Date. | |
Data Filter | Select either: • None — Include all log messages within the time span. • Include logs that match the following criteria — Include only the log messages whose values match your filter criteria, such as Priority. Also select whether log messages must meet every other configured criteria (all) or if meeting any one of them is sufficient (any) to be included. To exclude the log messages which match a criterion, mark its not check box, located on the right-hand side of the criterion. Criteria are the fields of log messages. | |
Priority | Mark the check box to filter by log severity threshold (in raw logs, the pri field), then select the name of the severity, such as Emergency, and whether to include logs that are greater than or equal to (>=), equal to (=), or less than or equal to (<=) that severity. | |
Source(s) | Type the source IP address (in raw logs, the src field) that log messages must matc. | |
Destination(s) | Type the destination IP address (in raw logs, the dst field) that log messages must match. | |
Protocol(s) | Type the HTTP method (in raw logs, the http_method field) that log messages must match, such as get or post. | |
User(s) | Type the administrator account name (in raw logs, the user field) that log messages must match, such as admin. | |
Action(s) | Type the action (in raw logs, the action field) that log messages must match, such as login or Alert. | |
Subtype(s) | Type the subtype (in raw logs, the subtype field) that log messages must match, such as waf_information. | |
Policy(s) | Type the policy name (in raw logs, the policy field) that log messages must match. | |
Service(s) | Type the service name (in raw logs, the src field) that log messages must match, such as http or https. | |
Day of Week | Mark the check boxes for the days of the week whose log messages you want to include. |