Creating a Data Set on IFS Objects with the Rule Wizard
To create a data set for examining activity and developing rules for outgoing activity based on IFS objects on which it requests to operate, select 41. Create Working Data Set from the IFS Security screen (STRFW > 5).
The Summarize IFS Objects Log (CPRIFSSEC) screen appears. From this screen, you can construct the command line command that creates the data set.
| Summarize IFS objects Log (CPRIFSSEC) Type choices, press Enter. File System ("⁄" for root dir) *ALL Directory⁄File name contains . . *ALL User . . . . . . . . . . . . . . *ALL Name, *ALL Group by . . . . . . . . . . . . *DFT *DFT, *USER, *GRPPRF... Allowed . . . . . . . . . . . . *ALL *YES, *NO, *ALL Starting date and time: Starting date . . . . . . . . *CURRENT Date, *CURRENT, *YESTERDAY... Starting time . . . . . . . . 000000 Time Ending date and time: Ending date . . . . . . . . . *CURRENT Date, *CURRENT, *YESTERDAY... Ending time . . . . . . . . . 235959 Time Number of records to process . . *NOMAX Number, *NOMAX Server ID . . . . . . . . . . . *ALL *ALL, *FILSRV, *FTPSRV... More... F3=Exit F4=Prompt F5=Refresh F12=Cancel F13=How to use this display F24=More keys |
The screen contains the following fields. Fields that have values other than the defaults are preceded by the ">" character:
File System ("/" for root dir)
The file system or root directory containing the objects, or *ALL for all file systems and directories. To see a list of existing file systems, press the F4 key.
Directory/File name contains
The path to the object, beneath the file system or root directory shown in the previous field, or *ALL for all file systems beneath the one specified in the previous field. If it ends in an asterisk ("*"), it refers to all the files and folders within that directory. If it ends in a slash ("/"), it refers to the directory itself.
User, <GrpPrf or '%GROUP'
The user or group requesting the activity. This can be a user name, a generic* name, a group name, a group profile, or *ALL for all users.
Group by
How the result are grouped in the data set. Possible values include:
- *DFT: The default grouping of data within rule wizards, as set in the Wizard Group by parameter in the Firewall General Definitions screen.
- *USER: Grouped by the user name.
- *GRPPRF: If a user is a member of a single group, the user's activity is included under the group.
Otherwise, the activity is shown under the username.
- *USRGRP: If the user is a member of multiple groups, the user's activity is included under the first of those groups.
Otherwise, the activity is shown under the username.
- *GROUP: If the user is a member of a single group, the user's activity is included under that group.
Otherwise, if the user is a member of multiple groups, the user's activity is listed under the first of those groups.
Otherwise (if the user is not a member of any groups), the activity is shown under the username.
- *ALLGRP: If the user is a member of a single group plus up to fifteen supplemental groups. The user's activity is shown for each of those groups.
- *ALL: If the user is a member of a single group plus up to fifteen supplemental groups. The user's activity is shown for each of those groups.
Otherwise, if the user is a member of multiple groups, the user's activity is listed under the first of those groups.
Otherwise (if the user is not a member of any groups), the activity is shown under the username.
- *ALLUSRGRP: If the user is a member of more than one %group, the user's activity is shown for each of those %groups.
Allowed
Specifies whether the data set includes rejected activity, accepted activity, or both.
- *YES: Include only accepted activity
- *NO: Include only rejected activity
- *ALL: Include both accepted and rejected activity
Starting date and time
Starting date
The day or date on which the included data begins.
Allowed values include:
- *CURRENT: The current date
- *YESTERDAY: Yesterday's date
- *WEEKSTR: The first day of the current week. By default, this is Sunday.
- *PRVWEEKS: The first day of the previous week
- *MONTHSTR: The first day of the current month
- *PRVMONTHS: The first day of the previous month
- *YEARSTR: The first day of the current year
- *PRVYEARS: The first day of the previous year
- *MON: Monday
- *TUE: Tuesday
- *WED: Wednesday
- *THU: Thursday
- *FRI: Friday
- *SAT: Saturday
- *SUN: Sunday
Starting time
The time on the Starting date at which the included data begins, in HHMMSS format.
Ending date
The day or date on which the included data ends.
Allowed values are the same as for Starting date.
Ending time
The time on the Starting date at which the included data ends, in HHMMSS format.
Number of records to process
Collect no more than this number of records. If set to *NOMAX, collect all the relevant records.
Server ID
The server that the activity is attempting to access. To see a list of possible values, press the F4 key.
To list and select possible values for many of the fields, place the cursor within the field and press the F4 key.
To reset the values on the screen to their default values, press the F5 key.