In a discussion posted earlier this week, a user was pulling reports by manually going to the traffic logs, adding a query in the search bar, and then exporting the CSV file.
While this certainly works and is fine if you just need to pull a one-time report, it does come with a lot of overhead if you need to do this regularly using different queries. Instead of manually generating all these reports, I'm sure you want to use your time more wisely.
To avoid all this manual work, why not create a custom report once? That way, the report can be emailed to you and be available on the firewall for you to review whenever you need it.
To illustrate this, I'll use the examples used in the discussion. Below are some of the custom queries that the user in question was manually running:
(receive_time geq '2022/01/12') and (receive_time leq '2022/01/13') and (( natdst eq 172.22.123.12 ) or ( addr.dst in 172.22.123.12 ))
(receive_time geq '2022/01/12') and (receive_time leq '2022/01/13') and ( addr.dst in 172.22.114.10 )
(receive_time geq '2022/01/12') and (receive_time leq '2022/01/13') and (( natdst eq 172.22.113.19 ) or ( addr.dst in 172.22.113.19 ))
Using one of the queries above, the user would go to the traffic log and apply the filter as illustrated below and then export the result to CSV:
An automated way to get a similar result every day would be by creating a custom report as shown below.
Create a Custom Report
Don't forget to check the 'Scheduled' box. In doing so the report will then run each night and becomes available under Monitor > Reports.
If you're having problems with the correct query syntax you can use the Filter Builder to help you create the correct query.
Use the Filter Builder to help you create the correct query syntax
Note that the report needs to run at least once for it to become available so you might have to wait 24hours for the first automatically created report.
If you don't want to check the firewall daily then you can take it a step further and have the report emailed to you directly. Simply add your custom report to a Report Group or a PDF Summary report as illustrated below:
Custom Report added to a Report Group
Custom Report added to a PDF Summary Report
And add the Report Group or PDF Summary Report to an email schedule: