• Downloads
• Creating NSM Custom Reports    

• Related Topics
• NSM Logs and Reports Overview
• Intrusion Detection and Prevention Reporter Overview

Creating NSM Custom Reports

Purpose

You use custom reports if you require a view of data not covered by predefined reports.

Action

To create a custom report:

1. In the NSM navigation tree, select Investigate > Report Manager.
2. Select a pre-defined report with data similar to what you ultimately want to save.
3. Select File > Save As.
4. Use pre-defined report as a template and example, complete the configuration options, and click OK to save the new report settings.

   Table 1 describes configuration options.

   Table 1: Custom Report Configuration Options

   Tab	Field	Description
   General	Name	Specify a name for the report as you would like it to appear in the NSM navigation tree.
   	Report Title	Specify a name for the report as you would like it to appear at the top of the report.
   	Type of Report	Select a report type: Count-Based—Displays total current activity to date. For example, the Top Scan Targets report is a count-based report that displays the total number of scans currently recorded against a specified number of destination IP addresses. Time-Based—Displays activity over time. For example, the Attacks Over Time report is a time-based report that measures the top attacks recorded in log records over a specified period. Sum-Based—Displays the sum of the activities to date.
   	Columns for Report	In reports, columns are the same as log fields.
   	Time Period	You can configure a report to display all available data from either a specific date and time or during a specific time interval. For example, if you suspect that your network was attacked on September 15 at 6:00 PM, you could set the Starting At Time Period Duration report field in the options on a Top Screen Attacks report to that time, then generate the report. If you are not sure of the exact date or time of the attack, but know it occurred during the past 2 days, set the Duration field in the Time Period Duration report options on a Top Screen Attacks report to two days, then generate the report. Note: The data that you can display in each report is limited by the amount of log information available.
   	Data point count	Typically, the top 50 occurrences of each data type are displayed in each report. You can configure a report to display more or fewer data points depending upon the level of detail you need. For example, if you want to obtain a more precise view of the top occurrences of events, you would configure a lower data point count (such as 25). Note: The minimum data point count that you can configure in all reports is 5; the maximum data point count is 200.
   	Chart type	Select from the following choices: Horizontal bar (default) Pie Line Vertical bar
   	Save Report In	In the first selection box, specify whether to save in the My Reports or Shared Reports node. In the second box, select the Others folder or type a new folder name.
   Filter	Columns for Report	The columns you selected on the General tab are passed through. Select the column with the cursor to display the corresponding Filter Settings controls.
   	Filter Settings	Specify filter values related to column settings.

Tip: For information on deleting custom reports, organizing report folders, exporting reports, and using the NSM guiSvrCli.sh command line utility and Linux cron utility to automate reporting jobs, see the NSM online Help.