Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Creating Log Report Definition

Use the Create Log Report Definition page to create log report definitions and generate the corresponding log reports.

Log reports are generated based on the data criteria, which are derived from one or more filters that you select. These reports help you to analyze business risks based on logs from services such as Content Security and firewalls.

To create a log report definition:

  1. Select Reports > Report Definitions > Security.

    The Security Report Definitions page appears.

  2. Click Add > Log Report Definitions.

    The Create Log Report Definition page appears.

  3. Complete the configuration according to the guidelines provided in Table 1.
    Note:

    Fields marked with * are mandatory.

  4. Click OK to save the log report definition.

    The report definition is saved and the Security Report Definitions page appears.

    A confirmation message appears on this page, indicating that the log report definition was successfully created.

    You can perform various actions on the report definition. See Scheduling, Generating, Previewing, and Sharing Security Reports.

Table 1: Fields on the Create Log Report Definition Page

Field

Description
General

Report Name

Enter a unique name for the report definition.

The name can contain a string of alphanumeric characters and some special characters (colons, periods, dashes, and underscores); no spaces are allowed and the maximum length allowed is 63 characters.

Description

Enter a description for the report definition; the maximum length (including spaces) allowed is 1024 characters.
Content

Data Criteria

Click Filters to select one or more filters.

The Use Data Criteria From Filter page appears.

The list of default and custom filters, which are saved from the Security Events page, is displayed in a tabular format. The table displays the Filter Name, Filter Description, Time Span, and Grouping and Filtering criteria for each filter.

Select one or more filters from the list as per your requirement, and click OK.

The Create Log Report Definition page appears.

When you select one or more filters, new fields appear on the Create Log Report Definition page. The fields are populated with values from the filters. You can either retain the values or change the values if needed. See Table 2 for an explanation of the fields.
Schedule

Schedule Report

Click Add Schedule to schedule the report generation.

The Add Report Schedule page appears.

Specify whether you want to generate the report immediately or schedule it for a later date and time:

  • Run now—Select this option to schedule the report generation at the current time, and click OK.

  • Schedule at a later time—Select this option to schedule the report generation for a later date and time (in MM/DD/YYYY and HH:MM:SS formats) and click OK.

The Create Log Report Definition page appears with details of the report generation schedule.
E-Mail

E-Mail Recipients

Click Add Email Recipients to add e-mail addresses of recipients to whom you want to send the log report.

The Add Recipients page appears.

  • Recipients—Enter or select one or more e-mail addresses of users to whom you want to send the report.

    By default, you can search by first name and select registered users. You can also enter external e-mail addresses (e-mail addresses that are not registered with CSO).

  • Subject—Enter the subject line for the e-mail that is sent with the generated report. The maximum length allowed is 2048 characters.

  • Comment—Enter the text to be included in the body of the e-mail that is sent with the generated report.

    The maximum length allowed is 2048 characters.

Table 2 displays the additional fields that appear on the Create Log Report Definition page when you select one or more filters.

Table 2: Additional Fields on the Create Log Report Definition Page

Section

Section number in the log report for a selected filter.

Click Delete Section to remove the section and the corresponding filter.

Section Title

Name of the section in the log report.

The section title is based on the selected filter.

Section Description

Description for the section in the log report.

Group By

Criteria, such as Nested Application, based on which logs are aggregated.

You can select a maximum of two data criteria from the Group By drop-down list.

Time Span (Last)

Duration for which the report is to be generated.

The default time span is 3 hours.

You can specify the duration in minutes, hours, days, weeks, months, or specify a custom duration.

If you select Custom, the Custom Time Range Selection page appears. You must specify the From date and time, and To date and time (in MM/DD/YYYY and HH:MM:SS formats).

Filter By

Filter criteria (such as filtering applications based on http and https protocols) based on which the log report is to be generated.

You can use AND, OR, Equal to (=), and Not Equal to (!=) logical operators as values to generate the report.

For example: If you want to generate a report with the event category as antivirus and event name as AV_VIRUS_Detected_MT, then the value must be:

Event Category = antivirus AND Event Name = AV_VIRUS_DETECTED_MT

Chart

Type of chart to graphically present data on the report.

The available options are Bar (default), Comparison Bar, Timeline, Grid, Grouped Grid, Donut, and Bubble chart.

Number of Top Logs

Specify the number of records that you want to retrieve and display for each section in the report.

Range: 1 through 20.

Default: 10.

Related Documentation