User guide
ManageEngine Firewall Analyzer :: User Guide
30
Zoho Corp.
Search From
In this section, you can select one from the two options:
1. Aggregated Logs Database
2. Raw Firewall Logs
3. Raw Proxy Logs
1. Aggregated Logs Database
Select this option if you want to search from the aggregated logs
database.
2. Raw Firewall Logs
Select this option if you want to search from the raw firewall logs.
Selecting this option will enable the following options:
a. Raw VPN Logs
b. Raw Virus/Attack Logs
c. Raw Device Management Logs
d. Raw Denied Logs
Select the above logs options as per your requirement.
3. Raw Proxy Logs
Select this option if you want to search from the raw Proxy server logs. All
Squid, ISA proxy logs will be indexed in real time (i.e., whenever
imported).
Hence, all logs are searchable.
Define Criteria
This section, enables you to search the database for attributes using more than one
following criteria's:
Criteria
Description
Protocol
Refers to the list of protocols and protocol identifiers that are available in the
Protocol Groups page (Settings >> Protocol Groups)
example: 8554/tcp, rtsp, IPSec
Source
Refers to the source host name or IP address (CIDR format also) from which
requests originated
Destination
Refers to the destination host name or IP address (CIDR format also) to
which requests were sent
User
Refers to the authenticated user name required by some firewall's
example: john, kate
Virus
Refers to the Virus name.
examples: JS/Exception, W32/Mitglieder
Attack
Refers to the attack name.
examples: UDP Snort, Ip spoof
URL
Refers to the URL, which you want to search
Rule
Refers to the Firewall Rule, which you want to search
Device
Refers to the device from which logs are collected
Message
Refers to the log message texts stored in the DB