Palo Alto Networks’te CLI’den Raporlar Nasıl Görüntülenir ve Silinir?

Detaylar

Raporları görüntülemek için aşağıdaki CLI komutları kullanılır:

> show report (tab to view list)
> custom      custom

> directory-listing   directory-listing
> id          By id
> jobs        All jobs
> predefined  predefined

Veritabanlarını gösteren özel rapor örnek çıktıları için:

> show report custom database equal (tab to view list)
appstat  appstat
threat    threat
thsum    thsum
traffic  traffic
trsum    trsum

Özel trafik raporunu gösteren örnek çıktı için:

> show report custom database equal traffic (enter)
<?xml version="1.0"?>
<report reportname="" logtype="traffic">
<result logtype="traffic" start="2010/03/28 14:07:45" end="2010/03/29 14:07:44
" generated-at="2010/03/29 14:07:48" range="Sunday, March 28, 2010">
<entry>
<src>10.30.14.97</src>
<resolved-src>10.30.14.97</resolved-src>
<dst>10.16.0.69</dst>
<resolved-dst>10.16.0.69</resolved-dst>
</entry>
<entry>
<src>10.16.0.180</src>
<resolved-src>10.16.0.180</resolved-src>
<dst>10.0.0.246</dst>
<resolved-dst>10.0.0.246</resolved-dst>
</entry>
<entry>
<src>10.16.0.57</src>
<resolved-src>10.16.0.57</resolved-src>
<dst>10.0.0.246</dst>
<resolved-dst>10.0.0.246</resolved-dst>
</entry>
<entry>

Önceden tanımlanmış rapor veritabanını gösteren örnek çıktı için:

> show report predefined name equal (tab to view list)
top-applications            top-applications
top-attackers                top-attackers
top-attackers-by-countries  top-attackers-by-countries
top-attacks                  top-attacks
top-connections              top-connections
top-denied-applications      top-denied-applications
top-denied-destinations      top-denied-destinations
top-denied-sources          top-denied-sources
top-destination-countries    top-destination-countries
top-destinations            top-destinations
--- output truncated ----

“top-attackers.” adında önceden tanımlanmış detaylı bilgi veren örnek çıktı için;

> show report predefined name equal top-attackers (enter)
<?xml version="1.0"?>
<report reportname="top-attackers" logtype="thsum">
<result name="Top attackers" logtype="thsum" start="2010/03/28 00:00:00" end="2010/03/28 23:59:59" generated-at="2010/03/29 15:00:09" range="Sunday, March 28, 2010">
<entry>
<src>10.16.0.200</src>
<resolved-src>10.16.0.200</resolved-src>
<srcuser></srcuser>
<count>840</count>
</entry>
<entry>
<src>74.125.19.106</src>
<resolved-src>74.125.19.106</resolved-src>
<srcuser></srcuser>
<count>794</count>
</entry>
<entry>
<src>74.125.19.104</src>
<resolved-src>74.125.19.104</resolved-src>
<srcuser></srcuser>
<count>524</count>
</entry>
etc...

CLI raporlarını silmek için aşağıdaki komutları kullanabilirsiniz:

> delete report (tab to view list)
> custom      custom
> predefined  predefined
> summary      summary

Silinebilir durumdaki önceden tanımlanmış rapor türleri çıktısını göstermek için:

admin@archeo_falcon_secondary> delete report predefined scope <shared or vsys_number> report-name (tab to view list, then choose report type to delete)
bandwidth-trend                2010/03/29 02:02:07      36.0K
hruser-top-applications        2010/03/29 02:02:21      36.0K
hruser-top-threats              2010/03/29 02:02:22      36.0K
hruser-top-url-categories      2010/03/29 02:02:19      36.0K
risk-trend                      2010/03/29 02:02:07      36.0K
spyware-infected-hosts          2010/03/29 02:02:06      36.0K
threat-trend                    2010/03/29 02:02:10      36.0K
top-application-categories      2010/03/29 02:02:06      36.0K
top-applications                2010/03/29 02:02:13      36.0K
top-attackers                  2010/03/29 02:02:11      36.0K
top-attackers-by-countries      2010/03/29 02:02:11      36.0K
top-attacks                    2010/03/29 02:02:14      36.0K
top-blocked-url-categories      2010/03/29 02:02:14      36.0K
top-blocked-url-user-behavior  2010/03/29 02:02:14      36.0K
top-blocked-url-users          2010/03/29 02:02:14      36.0K
top-blocked-websites            2010/03/29 02:02:14      36.0K
top-connections                2010/03/29 02:02:13      36.0K
top-denied-applications        2010/03/29 02:02:14      36.0K
top-denied-destinations        2010/03/29 02:02:14      36.0K
top-denied-sources              2010/03/29 02:02:14      36.0K
top-destination-countries      2010/03/29 02:02:12      36.0K
top-destinations                2010/03/29 02:02:12      36.0K
top-egress-interfaces          2010/03/29 02:02:13      36.0K

Silinebilir durumdaki özel rapor adları liste çıktısını göstermek için:

> delete report custom scope <shared or vsys_number> report-name (tab to view list, then choose report name to delete)
"Dave Top URL users"            2008/05/09 01:02:44        4.0K
"Destination Ports"            2010/03/29 02:02:18      20.0K
"Doms Regression Threat"        2010/03/29 02:02:18      20.0K
"Lee Test"                      2008/05/09 01:02:25        4.0K
"Lee Traffic Report"            2010/03/29 02:02:16      36.0K
"Mchan Report"                  2010/03/28 02:02:26      12.0K
"Mike Test"                    2010/03/29 02:02:16      36.0K
"My Custom Report"              2010/03/29 02:02:16      36.0K

Aşağıdaki komut “ending-“ten sonra belirtilen tarihine kadar olan önceden tanımlanmış .pdf dosyaları grubunu silecektir:

> delete report summary scope <shared or vsys_number> report-name predefined file-name 86400s-ending-20080514
Successfully removed '86400s-ending-20080514'

Aşağıdaki komut tüm .pdf dosyaları siler:

> delete report summary scope <shared or vsys_number> report-name wtam-pdf file-name *.pdf
Successfully removed '*.pdf'

Bir Cevap Yazın