|
|
Firewall Analyzer archives the logs received from each device, and zips them in regular intervals. The Archived Files page files that have been archived for each device, along with options to load the file to search, and delete the file.
The Archived Files page lists the files that have been zipped for each device, along with the archived time, file size, and archiving status.
To load an archived file for search, click the Load to Search link against the device for which you need to see archived data. Once the file is fully loaded, you can search for data in the archives, and view specific information.
Click the 
icon against an archived file to delete it. Once deleted, the archived
data cannot be retrieved.
Once the archive is fully loaded, click the Report link to search for specific data in the archive. In the popup window that opens, enter the criteria for the data, such as the firewall, user name, protocol, etc. You can enter a maximum of three criteria.
Choose the time interval for which you want to see the data that meets all the criteria. Click Generate Report to view the records that match the criteria that you have specified.
Click the 
Archive Settings link to change the archiving
intervals or to disable archiving. In the popup window that opens, uncheck
the Enable Archiving checkbox to disable file archiving.
The archiving options available are described below:
| Attribute | Default Value | Description |
|---|---|---|
| File Creation Interval | 12 hours | The time interval after which a log file is created for each device from which logs are collected. |
| Zip Creation Interval | 24 hours | The time interval after which log files created for each device, are zipped to save disk space. |
The Log retention time can be configured from the Retain logs for : drop down list. The list options are:
By default the Archive Location for the firewall logs in Firewall Analyzer is <Firewall Analyzer Home>\server\default\archive, you can change this location by enabling the Change Raw Logs Archive Location and providing the location of your choice.
By default the Indexing Location for the firewall logs in Firewall Analyzer is <Firewall Analyzer Home>\server\default\indexes, you can change this location by enabling the Change Raw Logs Indexing Location and providing the location of your choice.
Click Zip Now to create a zipped file with the currently available log files. Click Save to save the archiving options, if you have changed them. Click Close to close the Archive Settings box.
Note: The currently active log files (i.e., logs not yet archived) will be stored in the <Firewall Analyzer Home>\server\default\archive\localhost\hot directory. The archived log files (i.e., logs archived as according to the arcive settings) will be stored in the <Firewall Analyzer Home>\server\default\archive\localhost\cold directory. The archived log files loaded into database for analysis will be stored in the Warm directory. The log files will be stored in the <Firewall Analyzer Home>\server\default\archive\localhost\warm directory for 1 day and after that the log files will be purged.
|
|