Actions

Toolbar no. 1: period

Time scale This field allows choosing the period: Last hour, Today,
past 7 days, past 30 days and customized duration.
  • The past hour is calculated up to the minute before the current one.
  • The Today view covers the current day, from midnight of the day before up to the minute before data is refreshed.
  • The Yesterday view covers the previous day.
  • The last 7 and 30 days refer to the period that has ended the day before at midnight.
  • The customized duration allows you to define a determined period, which covers the whole day except for the current day in which data runs up to the previous minute.

The button is a shortcut allowing you to select a customized duration.
http://testdoc.netasq.com/firewall/guide/v91/fr/ImagesExt/image1496_2.png Refresh This button allows you to refresh the display of data.

Toolbar no. 2: simple or advanced search

Change search modes using the "Simple search" / "Advanced search" button.

Simple search mode

In this default search mode, the appliance will search for the value entered in all the fields of the log files displayed.

This search only covers field values, and not field names. For example, to filter blocked connections, enter the value “block” in the search field, instead of “action=block”. For source or destination countries, use the country code (e.g.: fr, en, us, etc.).

(field for entering the search value) To create the search, enter text in the field or drag and drop the value from a result field. The name of an object can also be dragged and dropped directly into this field from the Network objects module.

Advanced search mode

In advanced mode, several search criteria can be combined. All of these criteria have to be met in order to be displayed, as the search criteria are cumulative.

This combination of search criteria can then be saved as a “filter”. Filters will then be saved in memory and can be reset in the Preferences module of the administration interface.

(Filter drop-down menu) Select a filter to launch the corresponding search. The list will suggest filters that have been saved previously and for certain Views, predefined filters. Selecting the entry (New filter) allows the filter to be reinitialized by deleting the selected criteria.
Save Save as a customized filter the criteria defined in the Filter panel described in the next section. You can save a new filter using the button "Save as" based on an existing filter or a predefined filter offered in certain Views. Once a filter has been saved, it will be automatically offered in the list of filters.
Delete Delete a customized filter saved earlier.

FILTER panel

You can add a search criterion either by clicking on Add a criterion, or by dragging a value from the results field and dropping it in the panel.

The filter creation window allows you to either apply or add the defined criterion. The Add button keeps the window open in order to define several criteria successively before launching the search.

Add a criterion To add a search criterion, click on this button in order to open a window to edit a criterion, for which you need to enter the 3 following elements:
  • A Field in which the value will be searched. Selecting any will enable searches in all values contained in the logs.
  • In this list, the translated name of the field is displayed as well as the original name between brackets (token). The main fields are displayed in black and secondary fields in gray, corresponding to the display of the button Expand all the elements / Collapse elements.
  • A sort Criterion that will be associated with the value sought. These operators are: equal to, different from, contains, does not contain, starts with and ends with.
  • A Value to look for according to the criteria selected earlier. For source or destination countries, use the country code (e.g.: fr, en, us, etc.).

Once the criterion has been set up, it will be added to this Filter panel. The following actions can be done to this criterion:

  • Delete using the icon. Deleting a criterion automatically refreshes the search of the modified filter, without this criterion.
  • Edit in a window similar to the one during its creation, using the icon. The editing window only allows you to apply the search.

Toolbar no. 3: actions

Expand all the elements / Collapse elements Displays all fields or only main fields.
Export data The button allows downloading data in CSV format. The values are separated by commas and saved in a text file. This makes it possible to reopen the file in a spreadsheet program such as Microsoft Excel.
Print The button enables access to the preview window in order to print logs. The Print button sends the file to the browser’s print module, which allows you to choose whether to print the fie or generate a PDF file.
reset columns Shows only the columns offered by default the first time the log or view is looked up, or cancels changes to column width.

Information

Above the table displaying the logs, the queried period will be shown, according to the value selected in the drop-down menu in the 1st toolbar. This period is displayed as:

SEARCH FROM - DD/MM/YYYY HH:MM:SS – TO - DD/MM/YYYY HH:MM:SS

Below the log table, the following information will be shown:

  • Number of the page displayed,
  • Number of logs displayed in the page,
  • Period covered by the logs shown in the page,
  • The UTM’s date and time (information that will be useful if the administrator’s workstation does not have the same settings).