Help Center User GuideGetting StartedFAQ
 
X
User Guide
Getting Started
FAQ
Contents  

Creating Log Report Definition

Procedure

You can use the Create Log Report Definition page to create log report definitions and generate the corresponding log reports. Log reports are generated based on the data criteria, which are derived from one or more filters that you select. These reports help you to analyze business risks based on logs from services such as unified threat management (UTM) and firewalls.

To create a log report definition:

  1. Select Reports > Report Definitions > Security.

    The Security Report Definitions page appears.

  2. Click Create > Log Report Definitions.

    The Create Log Report Definition page appears.

  3. Complete the configuration according to the guidelines provided in Table 191.

    Note Fields marked with * are mandatory.

  4. Click OK to save the log report definition.

    You are returned to the Security Report Definitions page on which a confirmation message, indicating that the report definition was successfully created, appears.

    You can perform various actions on the report definition. See Scheduling, Generating, Previewing, and Sharing Security Reports.

Table 191: Fields on the Create Log Report Definition Page

Field

Description

General

Report Name

Enter a unique name for the report definition. The name can be a string of alphanumeric characters, some special characters (colons, periods, dashes, and underscores); no spaces are allowed and the maximum length is 63 characters.

Description

Enter a description for the report definition; the maximum length (including spaces) is 1024 characters.

Content

Data Criteria

Click Filters to select one or more filters.

The Use Data Criteria From Filter page appears.

The list of default and custom filters, which are saved from the Security Events page, is displayed in a tabular format. The table displays the Filter Name, Filter Description, Time Span, and Group By and Filter By criteria for each filter.

Select one or more filters from the list as per your requirement, and click OK.

You are returned to the Create Log Report Definition page.

When you select one or more filters, new fields appear on the Create Log Report Definition page. The fields are populated with values from the filters. You can either retain the values or change the values if needed. See Table 192 for an explanation of the fields.

Schedule

Schedule Report

Click Add Schedule to schedule the report generation.

The Add Report Schedule page appears.

Specify whether you want to generate the report immediately or schedule it for a later date and time:

  • Run now—Select this option to schedule the report generation at the current time, and click OK.

  • Schedule at a later time—Select this option to schedule the report generation for a later date and time (in MM/DD/YYYY and HH:MM:SS formats) and click OK.

You are returned to the Create Log Report Definition page on which the details of the report generation schedule appear.

E-Mail

E-Mail Recipients

Click Add Email Recipients to add e-mail addresses of recipients to whom you want to send the log report.

The Add Recipients page appears.

  • Recipients—Enter or select one or more e-mail addresses of users to whom you want to send the report.

    By default, you can search by first name and select registered users. You can also enter external e-mail addresses (e-mail addresses that are not registered with CSO).

  • Subject—Enter the subject line for the e-mail that is sent with the generated report. The maximum length is 2048 characters.

  • Comment—Enter the text to be included in the body of the e-mail that is sent with the generated report.

    The maximum length is 2048 characters.

Table 192 displays the additional fields that appear on the Create Log Report Definition page when you select one or more filters.

Table 192: Additional Fields on the Create Log Report Definition Page

Section

Section number in the log report for a selected filter.

Click Delete Section to remove the section and the corresponding filter.

Section Title

Name of the section in the log report.

The section title is based on the selected filter.

Section Description

Description for the section in the log report.

Group By

Criteria, such as Nested Application, based on which logs are aggregated.

You can select a maximum of two data criteria from the Group By drop-down list.

Time Span (Last)

Duration for which the report is to be generated.

The default time span is 3 hours.

You can specify the duration in minutes, hours, days, weeks, months, or specify a custom duration.

If you select Custom, the Custom Time Range Selection page appears. You must specify the From date and time, and To date and time (in MM/DD/YYYY and HH:MM:SS formats).

Filter By

Filter criteria (such as filtering applications based on http and https protocols) based on which the log report is to be generated.

You can use AND, OR, Equal to (=), and Not Equal to (!=) logical operators as values to generate the report.

For example: If you want to generate a report with the event category as antivirus and event name as AV_VIRUS_Detected_MT, then the value must be:

Event Category = antivirus AND Event Name = AV_VIRUS_DETECTED_MT

Chart

Type of chart to graphically present data on the report.

The available options are Bar (default), Comparison Bar, Timeline, Grid, Grouped Grid, Donut, and Bubble chart.

Number of Top Logs

Specify the number of events that you want to retrieve and display for each section in the report.

Range: 1 through 20.

Default: 10.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit