Creating Log Report Definition
You can use the Create Log Report Definition page to create log report definitions and generate the corresponding log reports. Log reports are generated based on the data criteria, which are derived from one or more filters that you select. These reports help you to analyze business risks based on logs from services such as unified threat management (UTM) and firewalls.
To create a log report definition:
- Select Reports > Report Definitions > Security.
The Security Report Definitions page appears.
- Click Create > Log Report Definitions.
The Create Log Report Definition page appears.
- Complete the configuration according to the guidelines
provided in Table 1.
Fields marked with * are mandatory.
- Click OK to save the log report definition.
You are returned to the Security Report Definitions page on which a confirmation message, indicating that the report definition was successfully created, appears.
You can perform various actions on the report definition. See Scheduling, Generating, Previewing, and Sharing Security Reports.
Table 1: Fields on the Create Log Report Definition Page
Enter a unique name for the report definition. The name can be a string of alphanumeric characters, some special characters (colons, periods, dashes, and underscores); no spaces are allowed and the maximum length is 63 characters.
Enter a description for the report definition; the maximum length (including spaces) is 1024 characters.
Click Filters to select one or more filters.
The Use Data Criteria From Filter page appears.
The list of default and custom filters, which are saved from the Security Events page, is displayed in a tabular format. The table displays the Filter Name, Filter Description, Time Span, and Group By and Filter By criteria for each filter.
Select one or more filters from the list as per your requirement, and click OK.
You are returned to the Create Log Report Definition page.
When you select one or more filters, new fields appear on the Create Log Report Definition page. The fields are populated with values from the filters. You can either retain the values or change the values if needed. See Table 2 for an explanation of the fields.
Click Add Schedule to schedule the report generation.
The Add Report Schedule page appears.
Specify whether you want to generate the report immediately or schedule it for a later date and time:
You are returned to the Create Log Report Definition page on which the details of the report generation schedule appear.
Click Add Email Recipients to add e-mail addresses of recipients to whom you want to send the log report.
The Add Recipients page appears.
Table 2 displays the additional fields that appear on the Create Log Report Definition page when you select one or more filters.
Table 2: Additional Fields on the Create Log Report Definition Page
Section number in the log report for a selected filter.
Click Delete Section to remove the section and the corresponding filter.
Name of the section in the log report.
The section title is based on the selected filter.
Description for the section in the log report.
Criteria, such as Nested Application, based on which logs are aggregated.
You can select a maximum of two data criteria from the Group By drop-down list.
Time Span (Last)
Duration for which the report is to be generated.
The default time span is 3 hours.
You can specify the duration in minutes, hours, days, weeks, months, or specify a custom duration.
If you select Custom, the Custom Time Range Selection page appears. You must specify the From date and time, and To date and time (in MM/DD/YYYY and HH:MM:SS formats).
Filter criteria (such as filtering applications based on http and https protocols) based on which the log report is to be generated.
You can use AND, OR, Equal to (=), and Not Equal to (!=) logical operators as values to generate the report.
For example: If you want to generate a report with the event category as antivirus and event name as AV_VIRUS_Detected_MT, then the value must be:
Event Category = antivirus AND Event Name = AV_VIRUS_DETECTED_MT
Type of chart to graphically present data on the report.
The available options are Bar (default), Comparison Bar, Timeline, Grid, Grouped Grid, Donut, and Bubble chart.
Number of Top Logs
Specify the number of events that you want to retrieve and display for each section in the report.
Range: 1 through 20.