General Information on Report Utilities

You can use the report utility function to assist you in generating reports from the log and archive files. The purpose of report utilities is to generate tabulated files of administrative information. Tabulated means files are organized and formatted for easy mapping to relational database tables. These tables assist the firewall administrator to analyze:

Using the utilities and the firewall log, the administrator can create a regular text file of the messages. Additionally, tabulated files can be generated and imported into tables in a relational database system, such as DB2/6000. The administrator can then use the Structured Query Language (SQL), or other tools like IBM's Visualizer or Query Management Facility to query the data and generate reports.

AIX su logs, generated by the su (switch user) command, can be imported into the database in a similar fashion.

Report Utilities are installed as part of firewall install. They can also be separately installed and run on a non-firewall AIX host. The configuration client can be used to run them on a firewall. On a non-firewall, you will use SMIT or command line.

For report utilities to function properly, it is important that only local4 messages appear in their input files. No other facility should be directed to the same file as local4, so set syslog accordingly.

(Do not try to use report utilities on any log files from previous firewall releases.)

Further Information

Report Utilities (User's Guide)
Using Report Utilities (Reference)

Log Archive Filename

The log archive filename is the archive file that contains compressed log files. Enter the archive filename that you created using Log Facilities in the Log Archive Filename field. Enter the absolute path name to the archive file. If you want to view a log file that is not archived, leave this field blank.

Report Type

Select the Report Type. To view the expanded log message text, select Text Log. To create tabulated files for DB2 usage, select Table Log. If you import the resulting files into DB2, you can perform SQL queries on the log data. Refer to the IBM Firewall Reference for more information.

Log Filename (Report Utilities)

The log filename is any one of the compressed archived log files or other valid local4 logs or the name of a su log file. If you made an entry in the log archive filename field, you can select the button in the Log Filename field to choose which log to work with. If you do not enter a log archive filename in step 1, the log file name you enter here must be the name of a valid, uncompressed firewall log file or a su file log. You must specify a full path.

Log Type (Report_Utilities)

Select the log type, either firewall or AIX su.

Path and Filename for Output Text

Enter the Path and Filename for Output Text.

Append To Table Files

Select Yes to append the results of a table log request to existing tabulated files or No to replace the existing files.

Message Filter

Enter an AIX 'regular expression' in the Message Filter field. This is used to filter the set of messages for which you want to see the full text. The 'regular expression' must be one that is suitable for use with a 'grep' command. If it is not, you will get unexpected results or error messages. If you leave this field empty, all messages in the log will be placed in the Output Text file. The following are examples:
Regular Expression       What it Does
 
   ICA0                 shows log monitor threshold alert messages
   ICA3                 shows Socks messages (#ICA3000 - 3999)
   ICA[23]              shows proxy and Socks messages
   ICA2010              only shows occurences of the ICA2010 message

OK

Press the "OK" button to save changes and close the window.

Cancel

Press the "Cancel" button to close the window without saving any changes.