Displaying Firewall Logs
To display Firewall logs, select 11. Display Log from the Reporting menu (STRFW > 41) as shown in Creating and Running Firewall Queries and Reports.
The Display Firewall Log (DSPFWLOG) screen appears:
| Display Firewall Log (DSPFWLOG) Type choices, press Enter. Display last n minutes . . . . . *BYTIME Number, *BYTIME Starting date and time: Starting date . . . . . . . . *CURRENT Date, *CURRENT, *YESTERDAY... Starting time . . . . . . . . 000000 Time Ending date and time: Ending date . . . . . . . . . *CURRENT Date, *CURRENT, *YESTERDAY... Ending time . . . . . . . . . 235959 Time User*,<GrpPrf,'%GRP','%<GRP' . . *ALL Object . . . . . . . . . . . . . *ALL Name, generic*, *ALL Library . . . . . . . . . . . *ALL Name, generic*, *ALL, *SYS... Object Type . . . . . . . . . . *ALL *ALL, *FILE, *LIB, *DTAQ... IPv4 (generic*) or IPv6 . . . . *ALL Prefix length for IPv6 . . . . . *ALL 1-128, *ALL Type . . . . . . . . . . . . . . *ALL *SELECT, *NATIVE, *IFS... Allowed . . . . . . . . . . . . *ALL *YES, *NO, *ALL More... F3=Exit F4=Prompt F5=Refresh F10=Additional parameters F12=Cancel F13=How to use this display F24=More keys |
NOTE: This screen also appears in other areas of Firewall. In most of them, one or more fields are filled in with values relevant to the option that called the screen. Some omit fields that are not relevant.
The screen includes the following fields:
Display last minutes
To view activity in the immediate past, enter a number corresponding to the number of minutes that you would like to check. For example, to check activity in the past 120 minutes, enter 120 in this field. This value would override starting and ending date and time fields.
Starting date and time
Starting date
The day or date on which the included data begins.
Allowed values include:
- *CURRENT: The current date
- *YESTERDAY: Yesterday's date
- *WEEKSTR: The first day of the current week. By default, this is Sunday.
- *PRVWEEKS: The first day of the previous week
- *MONTHSTR: The first day of the current month
- *PRVMONTHS: The first day of the previous month
- *YEARSTR: The first day of the current year
- *PRVYEARS: The first day of the previous year
- *MON: Monday
- *TUE: Tuesday
- *WED: Wednesday
- *THU: Thursday
- *FRI: Friday
- *SAT: Saturday
- *SUN: Sunday
Starting time
The time on the Starting date at which the included data begins, in HHMMSS format.
Ending date
The day or date on which the included data ends.
Allowed values are the same as for Starting date.
Ending time
The time on the Starting date at which the included data ends, in HHMMSS format.
User*,<GrpPrf,'%GRP','%<GRP'
The user or group requesting the activity. The values can have several forms:
- User*: A user name or generic* name
- <GrpPrf: A group profile, preceded by the '<' character
- '%GRP': A group name, preceded by the '%' character and surrounded by single quotation marks
- '%<GRP': A group, including the group profile and its users, preceded by the string '<%' and surrounded by single quotation marks
- *ALL: All users
Object
The object on which the activity requests to operate. This can be the name of the specific object, a generic name ending in an asterisk ("*"), or *ALL for all objects.
Library
The library containing the object on which the activity requests to operate. This can be the name of the specific library, a generic name ending in an asterisk ("*"), or *ALL for all libraries.
Object Type
The type of object on which the activity requests to operate. Possible values include:
- *ALL: All objects
- *FILE: Files
- *LIB: Libraries
- *DTAQ: Data queues
- *PRTF: Printer files
- *PGM: Programs
- *CMD: Commands
IPv4 (generic*) or IPv6
An IPv4 or IPv6 address on ehich activity requests to operate.
Prefix length for IPv6
If the request is filtered by IPv6 address, the prefix length for the addresses. This can be an integer from 1-128 or *ALL to include all values.
Type
The type of object on which the activity requests to operate. To see a set of possible values, press the F4 key.
Allowed
Specifies whether the data set includes rejected activity, accepted activity, or both.
- *YES: Include only accepted activity
- *NO: Include only rejected activity
- *ALL: Include both accepted and rejected activity
Mode of Operation
Whether to look for information from specific operation modes or for all modes. Possible values are:
- *FYI: Firewall ran under FYI Simulation Mode as shown in Running Firewall in FYI Simulation mode.
- *REAL: Running actively, not in FYI Simulation Mode.
- *ALL: Running in either mode.
Job name
Specific or generic* job names that produced the records
User
Specific or generic* names of users whose jobs produced the records.
Number
The job number.
Number of records to process
Collect no more than this number of records. If set to *NOMAX, collect all the relevant records.
Recalculate and Display
You can recalculate the logs based on the current Firewall settings rather than what was in effect at the time. Possible values are:
- *YES: Recalculate the transactions showing whether they would be accepted or rejected under the current rules.
- *DIFFONLY: Recalculate the transactions, but only display the results that would be different.
- *SAMEONLY: Recalculate the transactions, but only display the results that would remain the same.
- *NO: Display the original results.
Output
The destination for the output. Possible values are:
- *: The current screen
- *PRINT: The default printer
- *PRINT1 through *PRINT9: A printer defined within iSecurity Base Configuration. For details see the original source file SMZ8/GRSOURCE GSSPCPRT.
- *OUTFILE: An outfile on the system.