Generate Custom Reports
You can configure custom reports that the firewall generates immediately (on demand) or on schedule (each night). To understand the selections available to create a purposeful custom report, see Custom Reports.
After the firewall has generated a scheduled custom report, you risk invalidating the past results of that report if you modify its configuration to change its future output. If you need to modify a scheduled report configuration, the best practice is to create a new report.
- Select MonitorManage Custom Reports.
- Click Add and then enter a Name for
the report.To base a report on an predefined template, click Load Template and choose the template. You can then edit the template and save it as a custom report.
- Select the Database to use for
the report.Each time you create a custom report, a log view report is automatically created. This report show the logs that were used to build the custom report. The log view report uses the same name as the custom report, but appends the phrase (Log View) to the report name.When creating a report group, you can include the log view report with the custom report. For more information, see Manage Report Groups.
- Select the Scheduled check box to run the report each night. The report is then available for viewing in the Reports column on the side.
- Define the filtering criteria. Select the Time Frame, the Sort By order, Group By preference, and select the columns that must display in the report.
- (Optional) Select the Query
Builder attributes if you want to further refine the
selection criteria. To build a report query, specify the following
and click Add. Repeat as needed to construct
the full query.
For example, the following figure (based on the Traffic Log database) shows a query that matches if the Traffic log entry was received in the past 24 hours and is from the untrust zone.
- Connector—Choose the connector (and/or) to precede the expression you are adding.
- Negate—Select the check box to interpret the query as a negation. If, for example, you choose to match entries in the last 24 hours and/or are originating from the untrust zone, the negate option causes a match on entries that are not in the past 24 hours and/or are not from the untrust zone.
- Attribute—Choose a data element. The available options depend on the choice of database.
- Operator—Choose the criterion to determine whether the attribute applies (such as =). The available options depend on the choice of database.
- Value—Specify the attribute value to match.
- To test the report settings, select Run Now. Modify the settings as required to change the information that is displayed in the report.
- Click OK to save the custom report.Examples of Custom ReportsIf you want to set up a simple report in which you use the traffic summary database from the last 30 days, and sort the data by the top 10 sessions and these sessions are grouped into 5 groups by day of the week. You would set up the custom report to look like this:And the PDF output for the report would look as follows:Now, if you want to use the query builder to generate a custom report that represents the top consumers of network resources within a user group, you would set up the report to look like this:The report would display the top users in the product management user group sorted by bytes.
Monitor > Manage Custom Reports
Monitor > Manage Custom Reports You can create custom reports to run on demand or on schedule (each night). For predefined reports, select Monitor Reports ...
Configure Custom URL Filtering Reports
Configure Custom URL Filtering Reports To generate a detailed report that you can schedule to run regularly, configure a custom URL Filtering report. You can ...
Custom Reports In order to create purposeful custom reports, you must consider the attributes or key pieces of information that you want to retrieve and ...
Managing Botnet Reports
Botnet Report Settings Monitor > Botnet > Report Setting Before generating the botnet report, you must specify the types of traffic that indicate potential botnet ...
Generate, Schedule, and Email Reports
Generate, Schedule, and Email Reports You can configure reports to run immediately or schedule them to run at specific intervals. You can save and export ...
Identify Infected Hosts
Identify Infected Hosts After you have configured DNS sinkholing and verified that traffic to a malicious domain goes to the sinkhole address, you should regularly ...
Generate Mobile Network Reports
Generate Mobile Network Reports You can view daily reports or configure and schedule custom reports on mobile network activity. The predefined Mobile Network Reports allow ...
Configure a Botnet Report
Configure a Botnet Report You can schedule a botnet report or run it on demand. The firewall generates scheduled botnet reports every 24 hours because ...
Monitor Activity and Create Custom Reports Based on Threat ...
Monitor Activity and Create Custom Reports Based on Threat Categories Threat categories classify different types of threat signatures to help you understand and draw connections ...