Creating and Running Firewall Queries and Reports
Firewall includes powerful tools for creating and viewing queries, reports, and logs. Many of these tools are also available within other iSecurity products, giving a consistent experience in using them.
Among Firewall's unique capabilities, it can test rule sets in "What if?" mode against existing logs, to see how they would respond to actual recorded events that your system has experienced.
To work with these features, select 41. Log, Queries, What-if from the Firewall Main Menu.
The Reporting screen appears:
| GSRPTMNU Reporting Firewall System: S520 Query Wizard Report Scheduler 1. Work with Queries 51. Work with Report Scheduler 2. Run a Query 52. Run a Report Group Log Other reports 11. Display Log 61. Activity Statistics 12. Select from Menu 62. User Activity Statistics 65. Product Settings Re-run Log on current rules 21. Display Log (What if) Network reporting SYSTEM() 22. Select from Menu (What if) 71. Network Description 25. How to work with What if 75. Current Job CntAdm Messages Reporting Aids 76. All Jobs CntAdm Messages 31. Time Groups 35. Group Items for Selection Selection or command ===> F3=Exit F4=Prompt F9=Retrieve F12=Cancel F13=Information Assistant F16=AS/400 main menu |
To work with queries:
To create and modify queries,
select 1. Work with Queries. The Work with Queries screen appears, as shown in Adding and Modifying Queries.
To run existing queries,
select 2. Run a Query. The Run Firewall Query (RUNFWQRY) screen appears, as shown in Running Queries.
To work with logs:
To display the Firewall log,
select 11. Display Log. The Display Firewall Log (DSPFWLOG) screen appears, as shown in Displaying Firewall Logs.
To display filtered logs for specific subjects,
select 12. Select from Menu. The Logs by Subjects screen appears. Each item on that screen runs the Display Firewall Log (DSPFWLOG) screen, with different presets selected to filter or organize the output by that item.
To run "What if" tests on the Firewall log,
select 21. Display Log (What if). The Display Firewall Log (DSPFWLOG) screen appears, with the Recalculate and display field set to *YES. From this screen, you can select a time period in the past and other parameters. Firewall processes the log from that time with the current security settings, so you can see how the current rules would respond to access requests that had happened during that time.
To run "What if" tests for specific subjects,
select 22. Select from Menu (What if). Each item on that screen runs the Display Firewall Log (DSPFWLOG) screen, with different presets selected to filter or organize the output by that item, and the Recalculate and display field set to *YES. From that screen, you can select a time period in the past and other parameters. Firewall processes the log from that time with the current security settings, so you can see how the current rules would respond to access requests corresponding to that item that had happened during that time.
To work with groups
To create and modify time groups,
select 31. Time Groups. The Define Time Groups screen appears, as shown in Defining Time Groups. Using time groups, you can define sets of time-based filters, such as the days and times of work shifts, to use in queries.
To create and modify groups of users,
To create and modify classes of groups of users and other objects,
select 35. Group Items for Selection. The Work with Classes of Groups screen opens, as shown in Defining Groups of Items.
To work with reports
To run groups of reports,
select 52. Run a Report Group. The Run Report Group (RUNRPTGRP) screen appears, as shown in Running Report Groups On Demand.
To schedule reports to run,
select 51. Work with Report Scheduler. The Work with Report Scheduler screen appears, as shown in Scheduling Reports.
To run reports on all users' activity,
select 61. Activity Statistics. The Display User Activity (DSPFWUSRA) screen appears, as shown in Displaying Firewall Activity by Server, with the User field set to *ALL.
To run reports on a single user's activity,
select 62. User Activity Statistics. The Display User Activity (DSPFWUSRA) screen appears, as shown in Displaying Firewall Activity by Server, with the User field empty.
To run reports on servers,
select 65. Product Settings. The Definition Reporting - By Subject screen appears, as shown in Running Reports on Servers.
To view other network and system information,
To ping and test DDM connections for network systems,
select 71. Network Description. The standard Display Network Systems screen appears.
To view Central Administration messages for current jobs,
select 75. Current Job CntAdm Messages. The Display Messages screen appears, showing the job log for the current job.
To view Central Administration messages for all jobs,
select 76. All Jobs CntAdm Messages. The Display Messages screen appears, showing the job log for all jobs.
To exit the screen, press the F3 or F12 key.