Blog

You are currently viewing Palo Alto Networks’te CLI’den Raporlar Nasıl Görüntülenir ve Silinir?

Palo Alto Networks’te CLI’den Raporlar Nasıl Görüntülenir ve Silinir?

Detaylar

Raporları görüntülemek için aşağıdaki CLI komutları kullanılır:

> show report (tab to view list)
> custom      custom

> directory-listing   directory-listing
> id          By id
> jobs        All jobs
> predefined  predefined

Veritabanlarını gösteren özel rapor örnek çıktıları için:

> show report custom database equal (tab to view list)
appstat  appstat
threat    threat
thsum    thsum
traffic  traffic
trsum    trsum

Özel trafik raporunu gösteren örnek çıktı için:

> show report custom database equal traffic (enter)
<?xml version="1.0"?>
<report reportname="" logtype="traffic">
<result logtype="traffic" start="2010/03/28 14:07:45" end="2010/03/29 14:07:44
" generated-at="2010/03/29 14:07:48" range="Sunday, March 28, 2010">
<entry>
<src>10.30.14.97</src>
<resolved-src>10.30.14.97</resolved-src>
<dst>10.16.0.69</dst>
<resolved-dst>10.16.0.69</resolved-dst>
</entry>
<entry>
<src>10.16.0.180</src>
<resolved-src>10.16.0.180</resolved-src>
<dst>10.0.0.246</dst>
<resolved-dst>10.0.0.246</resolved-dst>
</entry>
<entry>
<src>10.16.0.57</src>
<resolved-src>10.16.0.57</resolved-src>
<dst>10.0.0.246</dst>
<resolved-dst>10.0.0.246</resolved-dst>
</entry>
<entry>

Önceden tanımlanmış rapor veritabanını gösteren örnek çıktı için:

> show report predefined name equal (tab to view list)
top-applications            top-applications
top-attackers                top-attackers
top-attackers-by-countries  top-attackers-by-countries
top-attacks                  top-attacks
top-connections              top-connections
top-denied-applications      top-denied-applications
top-denied-destinations      top-denied-destinations
top-denied-sources          top-denied-sources
top-destination-countries    top-destination-countries
top-destinations            top-destinations
--- output truncated ----

“top-attackers.” adında önceden tanımlanmış detaylı bilgi veren örnek çıktı için;

> show report predefined name equal top-attackers (enter)
<?xml version="1.0"?>
<report reportname="top-attackers" logtype="thsum">
<result name="Top attackers" logtype="thsum" start="2010/03/28 00:00:00" end="2010/03/28 23:59:59" generated-at="2010/03/29 15:00:09" range="Sunday, March 28, 2010">
<entry>
<src>10.16.0.200</src>
<resolved-src>10.16.0.200</resolved-src>
<srcuser></srcuser>
<count>840</count>
</entry>
<entry>
<src>74.125.19.106</src>
<resolved-src>74.125.19.106</resolved-src>
<srcuser></srcuser>
<count>794</count>
</entry>
<entry>
<src>74.125.19.104</src>
<resolved-src>74.125.19.104</resolved-src>
<srcuser></srcuser>
<count>524</count>
</entry>
etc...

CLI raporlarını silmek için aşağıdaki komutları kullanabilirsiniz:

> delete report (tab to view list)
> custom      custom
> predefined  predefined
> summary      summary

Silinebilir durumdaki önceden tanımlanmış rapor türleri çıktısını göstermek için:

admin@archeo_falcon_secondary> delete report predefined scope <shared or vsys_number> report-name (tab to view list, then choose report type to delete)
bandwidth-trend                2010/03/29 02:02:07      36.0K
hruser-top-applications        2010/03/29 02:02:21      36.0K
hruser-top-threats              2010/03/29 02:02:22      36.0K
hruser-top-url-categories      2010/03/29 02:02:19      36.0K
risk-trend                      2010/03/29 02:02:07      36.0K
spyware-infected-hosts          2010/03/29 02:02:06      36.0K
threat-trend                    2010/03/29 02:02:10      36.0K
top-application-categories      2010/03/29 02:02:06      36.0K
top-applications                2010/03/29 02:02:13      36.0K
top-attackers                  2010/03/29 02:02:11      36.0K
top-attackers-by-countries      2010/03/29 02:02:11      36.0K
top-attacks                    2010/03/29 02:02:14      36.0K
top-blocked-url-categories      2010/03/29 02:02:14      36.0K
top-blocked-url-user-behavior  2010/03/29 02:02:14      36.0K
top-blocked-url-users          2010/03/29 02:02:14      36.0K
top-blocked-websites            2010/03/29 02:02:14      36.0K
top-connections                2010/03/29 02:02:13      36.0K
top-denied-applications        2010/03/29 02:02:14      36.0K
top-denied-destinations        2010/03/29 02:02:14      36.0K
top-denied-sources              2010/03/29 02:02:14      36.0K
top-destination-countries      2010/03/29 02:02:12      36.0K
top-destinations                2010/03/29 02:02:12      36.0K
top-egress-interfaces          2010/03/29 02:02:13      36.0K

Silinebilir durumdaki özel rapor adları liste çıktısını göstermek için:

> delete report custom scope <shared or vsys_number> report-name (tab to view list, then choose report name to delete)
"Dave Top URL users"            2008/05/09 01:02:44        4.0K
"Destination Ports"            2010/03/29 02:02:18      20.0K
"Doms Regression Threat"        2010/03/29 02:02:18      20.0K
"Lee Test"                      2008/05/09 01:02:25        4.0K
"Lee Traffic Report"            2010/03/29 02:02:16      36.0K
"Mchan Report"                  2010/03/28 02:02:26      12.0K
"Mike Test"                    2010/03/29 02:02:16      36.0K
"My Custom Report"              2010/03/29 02:02:16      36.0K

Aşağıdaki komut “ending-“ten sonra belirtilen tarihine kadar olan önceden tanımlanmış .pdf dosyaları grubunu silecektir:

> delete report summary scope <shared or vsys_number> report-name predefined file-name 86400s-ending-20080514
Successfully removed '86400s-ending-20080514'

Aşağıdaki komut tüm .pdf dosyaları siler:

> delete report summary scope <shared or vsys_number> report-name wtam-pdf file-name *.pdf
Successfully removed '*.pdf'

Tags: , , , , , , , , ,

Bir yanıt yazın

Bu site, istenmeyenleri azaltmak için Akismet kullanıyor. Yorum verilerinizin nasıl işlendiği hakkında daha fazla bilgi edinin.