Chapter 12: Logging and Reporting > Configuring report queries

Configuring Report Queries

The predefined list of queries covers the most common administrator and stakeholder interests. It includes the following:

If necessary, you can create your own query configuration objects.

Before you begin:

After you have created a query configuration object, you can select it in the report configuration.

To configure report queries:
  1. Go to Log & Report > Report Config.

    2. The Report tab is displayed.

  2. Click the Query Set tab.
  3. Click Add to display the configuration editor.
  4. Complete the configuration as described in Table 129.
  5. Save the configuration.

 Table 129:   Query configuration
Settings Guidelines

Name

Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. You reference this name in the zone configuration (if you use forwarders).

Note: After you initially save the configuration, you cannot edit the name.
Module
  • SLB
  • LLB
  • DNS
  • Attack
  • Event
SLB
Traffic Sort Type
  • sessions
  • bytes
SLB Subtype
  • top_policy (virtual server)
  • top_source
  • top_source_country
  • slb_history_flow (total traffic over time)
LLB
Traffic Sort Type
  • sessions
  • bytes
LLB Subtype
  • top_link
  • slb_history_flow (total traffic over time)
DNS
DNS Sort Type Only count is applicable.
DNS Subtype
  • top_policy
  • top_source
Attack
Attack Sort Type Only count is applicable.
Attack Subtype
  • top_destip_for_geo
  • top_destip_for_ipreputation
  • top_destip_for_sysflood
  • top_destip_for_waf
  • top_source_country_for_geo
  • top_source_country_for_ipreputation
  • top_source_country_for_waf
  • top_source_for_geo
  • top_source_for_ipreputation
  • top_source_for_waf
Event
Event Sort Type Only count is applicable.
Event Subtype
  • top_admin_login
  • top_failed_admin_login
  • top_admin_config