Creating and Running Firewall Queries and Reports

Firewall includes powerful tools for creating and viewing queries, reports, and logs. Many of these tools are also available within other iSecurity products, giving a consistent experience in using them.

Among Firewall's unique capabilities, it can test rule sets in "What if?" mode against existing logs, to see how they would respond to actual recorded events that your system has experienced.

To work with these features, select 41. Log, Queries, What-if from the Firewall Main Menu.

The Reporting screen appears:

​ GSRPTMNU​                        ​  Reporting ​                         ​ Firewall​                                                              ​ System:​  ​ RLDEV   ​  ​ Query Wizard                        ​   ​ Report Scheduler              ​          ​  1. Work with Queries             ​     ​ 51. Work with Report Scheduler    ​      ​  2. Run a Query                 ​       ​ 52. Run a Report Group            ​                                                                                       ​ Log              ​                      ​ Other reports                 ​          ​ 11. Display Log                 ​       ​ 61. Activity Statistics          ​       ​ 12. Select from Menu            ​       ​ 62. User Activity Statistics     ​                                               ​ 65. Product Settings            ​                                                                                         ​ Reporting Aids​                         ​ What-If Analysis on Current Rules​       ​ 31. Time Groups​                        ​ 71. Display Log          (ReCalc)​       ​ 35. Group Items for Selection​          ​ 72. Select from Menu     (ReCalc)​                                               ​ 75. What is "What-If Analysis"​                                                                                                                                                                                                                                                             ​ Selection or command                  ​                                          ​ ===>​                                                                                                                                                           ​  ​ F3=Exit   F4=Prompt   F9=Retrieve   F12=Cancel                                ​  ​ F13=Information Assistant  F16=System main menu                                 ​                                                                               ​  ​

To work with queries:

To create and modify queries,

select 1. Work with Queries. The Work with Queries screen appears, as shown in Adding and Modifying Queries.

To run existing queries,

select 2. Run a Query. The Run Firewall Query (RUNFWQRY) screen appears, as shown in Running Queries.

To work with logs:

To display the Firewall log,

select 11. Display Log. The Display Firewall Log (DSPFWLOG) screen appears, as shown in Displaying Firewall Logs.

To display filtered logs for specific subjects,

select 12. Select from Menu. The Logs by Subjects screen appears. Each item on that screen runs the Display Firewall Log (DSPFWLOG) screen, with different presets selected to filter or organize the output by that item.

To work with groups

To create and modify time groups,

select 31. Time Groups. The Define Time Groups screen appears, as shown in Defining Time Groups. Using time groups, you can define sets of time-based filters, such as the days and times of work shifts, to use in queries.

To create and modify groups of users,

within Firewall, open the Work with User Security screen (SCRFW > 3 > 1) as shown in Setting Firewall Rules for Users and Groups.

To create and modify classes of groups of users and other objects,

select 35. Group Items for Selection. The Work with Classes of Groups screen opens, as shown in Defining Groups of Items.

To work with reports

To run groups of reports,

select 52. Run a Report Group. The Run Report Group (RUNRPTGRP) screen appears, as shown in Running Report Groups On Demand.

To schedule reports to run,

select 51. Work with Report Scheduler. The Work with Report Scheduler screen appears, as shown in Scheduling Reports.

To run reports on all users' activity,

select 61. Activity Statistics. The Display User Activity (DSPFWUSRA) screen appears, as shown in Displaying Firewall Activity by Server, with the User field set to *ALL.

To run reports on a single user's activity,

select 62. User Activity Statistics. The Display User Activity (DSPFWUSRA) screen appears, as shown in Displaying Firewall Activity by Server, with the User field empty.

To run reports on servers,

select 65. Product Settings. The Definition Reporting - By Subject screen appears, as shown in Running Predefined Reports.

To run "What if" tests on the Firewall log,

select 71. Display Log (ReCalc). The Display Firewall Log (DSPFWLOG) screen appears, with the Recalculate and display field set to *YES. From this screen, you can select a time period in the past and other parameters. Firewall processes the log from that time with the current security settings, so you can see how the current rules would respond to access requests that had happened during that time.

To run "What if" tests for specific subjects,

select 72. Select from Menu (ReCalc). Each item on that screen runs the Display Firewall Log (DSPFWLOG) screen, with different presets selected to filter or organize the output by that item, and the Recalculate and display field set to *YES. From that screen, you can select a time period in the past and other parameters. Firewall processes the log from that time with the current security settings, so you can see how the current rules would respond to access requests corresponding to that item that had happened during that time.