DOTW: Scheduled Reports Based On Custom Queries

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Community Team Member

kiwi_0-1646316339121.png

 

In a discussion posted earlier this week, a user was pulling reports by manually going to the traffic logs, adding a query in the search bar, and then exporting the CSV file.

 

While this certainly works and is fine if you just need to pull a one-time report, it does come with a lot of overhead if you need to do this regularly using different queries. Instead of manually generating all these reports, I'm sure you want to use your time more wisely.

 

To avoid all this manual work, why not create a custom report once? That way, the report can be emailed to you and be available on the firewall for you to review whenever you need it.

 

To illustrate this, I'll use the examples used in the discussion. Below are some of the custom queries that the user in question was manually running:

 

(receive_time geq '2022/01/12') and (receive_time leq '2022/01/13') and (( natdst eq 172.22.123.12 ) or ( addr.dst in 172.22.123.12 ))

(receive_time geq '2022/01/12') and (receive_time leq '2022/01/13') and ( addr.dst in 172.22.114.10 )

(receive_time geq '2022/01/12') and (receive_time leq '2022/01/13') and (( natdst eq 172.22.113.19 ) or ( addr.dst in 172.22.113.19 ))

 

Using one of the queries above, the user would go to the traffic log and apply the filter as illustrated below and then export the result to CSV:

 

kiwi_0-1646312563507.png

 

An automated way to get a similar result every day would be by creating a custom report as shown below. 

 

Create a Custom ReportCreate a Custom Report

 

Don't forget to check the 'Scheduled' box. In doing so the report will then run each night and becomes available under Monitor > Reports.

 

If you're having problems with the correct query syntax you can use the Filter Builder to help you create the correct query.

 

Use the Filter Builder to help you create the correct query syntaxUse the Filter Builder to help you create the correct query syntax

 

Note that the report needs to run at least once for it to become available so you might have to wait 24hours for the first automatically created report.

 

If you don't want to check the firewall daily then you can take it a step further and have the report emailed to you directly.  Simply add your custom report to a Report Group or a PDF Summary report as illustrated below:

 

 

Custom Report added to a Report GroupCustom Report added to a Report Group

Custom Report added to a PDF Summary ReportCustom Report added to a PDF Summary Report

 

And add the Report Group or PDF Summary Report to an email schedule:

 

kiwi_3-1646314156042.png

 

Additional information:

 

Have you created any custom reports that can be useful to others?

Feel free to share your questions, comments and ideas in the section below.

 

Thank you for taking time to read this blog.

Don't forget to hit the Like (thumbs up) button and to Subscribe to the LIVEcommunity Blog area.

 

Kiwi out!

 
1 Comment
L2 Linker

Great blog, @kiwi

  • 2385 Views
  • 1 comments
  • 4 Likes
Register or Sign-in
Labels
Top Liked Authors