Monitoring your system : Reports : Restricting the report’s scope
 
Restricting the report’s scope
When configuring a report profile, you can select the time span of log messages from which to generate the report. You can also filter out log messages that you do not want to include in the report. (To start at the beginning of the report configuration instructions, see “To configure a report profile”.)
Setting name
Description
Time Period
Select the time span of the report, such as This Month or Last N Days.
Alternatively, select and configure From Date and To Date.
 
Past N Hours
Past N Days
Past N Weeks
Type the number N of units of time.
This option appears only when you have selected Last N Hours, Last N Days, or Last N Weeks from Time Period, and therefore must define N.
 
From Date
Hour
Select and configure the beginning of the time span. For example, you may want the report to include log messages starting from May 5, 2006 at 6 PM. You must also configure To Date.
 
To Date
Hour
Select to configure the end of the time span. For example, you may want the report to include log messages up to May 6, at 12 AM. You must also select and configure From Date.
Data Filter
Select either:
None — Include all log messages within the time span.
Include logs that match the following criteria — Include only the log messages whose values match your filter criteria, such as Priority. Also select whether log messages must meet every other configured criteria (all) or if meeting any one of them is sufficient (any) to be included.
To exclude the log messages which match a criterion, mark its not check box, located on the right-hand side of the criterion.
Criteria are the fields of log messages.
 
Priority
Mark the check box to filter by log severity threshold (in raw logs, the pri field), then select the name of the severity, such as Emergency, and whether to include logs that are greater than or equal to (>=), equal to (=), or less than or equal to (<=) that severity.
 
Source(s)
Type the source IP address (in raw logs, the src field) that log messages must matc.
 
Destination(s)
Type the destination IP address (in raw logs, the dst field) that log messages must match.
 
Protocol(s)
Type the HTTP method (in raw logs, the http_method field) that log messages must match, such as get or post.
 
User(s)
Type the administrator account name (in raw logs, the user field) that log messages must match, such as admin.
 
Action(s)
Type the action (in raw logs, the action field) that log messages must match, such as login or Alert.
 
Subtype(s)
Type the subtype (in raw logs, the subtype field) that log messages must match, such as waf_information.
 
Policy(s)
Type the policy name (in raw logs, the policy field) that log messages must match.
 
Service(s)
Type the service name (in raw logs, the src field) that log messages must match, such as http or https.
 
Day of Week
Mark the check boxes for the days of the week whose log messages you want to include.