Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Creating Log Report Definitions

 

Use this page to create log report definitions. Log‐based reports help you to schedule reports based on default reports and default filters defined. You can also generate reports with different data criteria, including filters, aggregation criteria, and time range.

Before You Begin

To configure a log report definition:

  1. Select Report > Report Definitions.
  2. Click Create and then select Log Report Definition.
  3. Complete the configuration according to the guidelines provided in the Table 1.
  4. Click Preview as PDF to review the configuration.
  5. Click OK to save the report definition.
  6. Click Send Report Now to send the report through e‐mail to the recipient immediately.

A new log report definition with the defined configurations is created. You can use the created policy definition to identify the issues with the firewall rules.

Table 1: Log Report Definition Settings

Settings

Guidelines

General Information

Report Name

Enter a unique name for the report definition that is a string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 29 characters

Description

Enter a description for the report definition; maximum length is 1024 characters.

Content

Use Data Criteria from Filters

Click Use Data Criteria from Filters.

Select the data criteria from the list of default and user‐created filters that are saved from the Events and Logs page.

The details of the filters displayed are:

  • Filter Name—Name of the filter.

  • Filter Description—Description of the filter.

  • Group By—Select group by option.

  • Time Span (Last)—Select a period in Minutes/Hours/Days/Weeks/Months or select a time range to generate reports.

  • Filter By—Specify the filter criteria based on which the report must be generated.

    Example: If you want to generate a report with event category as antivirus and event name as AV_VIRUS_Detected_MT, then the value must be: Event Category = antivirus AND Event Name = AV_VIRUS_DETECTED_MT.

  • Chart—Select the chart type for the report.

  • Show Top—Select the number of top records to be displayed in the generated report. Valid range is 1 to 1000.

Note: The default time stamp value is last 3 hours.

Schedule

Add Schedule

Click Add Schedule.

Select the type of report schedule that you want to use:

  • Run now—Select this option to schedule and publish the configuration at the current time.

  • Schedule at a later time—Select this option if you want to schedule and publish the configuration at a later time.

Select the recurring schedule for report generation. The available options are:

  • Repeat—Select this option to generate the report on an hourly, daily, weekly, monthly, or yearly basis.

  • Every—Select the number of days, weeks, or months for which the recurring report will be generated.

  • Ends—Select the end date and end time for the report.

Email

Email Recipients

Click Add Email Recipients

  • Recipients—Enter or select the e‐mail addresses of the recipients. By default, you can search by first name and select registered users. You can also type in external email addresses.

  • Subject—Enter the subject for the e‐mail notification.

  • Comment—Enter the comments for the e‐mail notification.

Note: The reports are not sent if a specified recipient does not have permission for a device or domain included in the report configuration when the report is generated.