User guide
ManageEngine Firewall Analyzer :: User Guide
126
Zoho Corp.
a. Raw VPN Logs
b. Raw Virus/Attack Logs
c. Raw Device Management Logs
d. Raw Denied Logs
Select the above logs options as per your requirement.
Define Criteria
This section, enables you to search the database for attributes using more than one
following criteria's:
Criteria
Description
Protocol
Refers to the list of protocols and protocol identifiers that are available in the
Protocol Groups page (Settings >> Protocol Groups)
example: 8554/tcp, rtsp, IPSec
Source Refers to the source host name or IP address from which requests originated
Destination
Refers to the destination host name or IP address to which requests were
sent
User
Refers to the authenticated user name required by some firewall's
example: john, kate
Virus
Refers to the Virus name.
examples: JS/Exception, W32/Mitglieder
Attack
Refers to the attack name.
examples: UDP Snort, Ip spoof
Device
Refers to the device from which logs are collected
Message
Refers to the log message texts stored in the DB
• If the search string exists then the search result will be intelligently displayed
based on the report category in which it occurred.
• By default, the search is carried out for the time period selected in the Global
Calendar present in the left pane of the UI.
• You can also search within the search results.
Using Advanced Search to create Report Profile
To generate remote VPN users reports:
• Click Advanced Search link in the Sub Tab.
• Select appropriate Devices.
Raw Firewall Logs
o Select Raw Firewall Logs radio button.
o Select Raw VPN Logs in the Raw Firewall Logs group.
o In the Criteria section, enter Duration isn't '0'.
o Click Search and click Configure Columns to change reports
columns.