SIEM, Vulnerability Scanning, Server Monitoring and Compliance Training for IT Professionals
Table of Contents

Text Log Reports

Text Log Reports enable you to scan the consolidated log database for specific entries. This report is typically used by compliance and audit professionals to audit application logs such as IIS logs.

Text Log Reports optionally use Regular Expressions to parse log entries, extract values, validate subject and target accounts in Active Directory (when applicable), then finally filter entries using Text Log Filters. This report is supported on all locales.

How to create a Text Log Report

  • From the Menu Bar select File | New. The Create New Object View displays.
  • From the Create New Object View, expand Reports.
  • Expand Report | Log Consolidation Reports then select Text Log Report. The Properties View displays.
Note
Unlicensed report types appear in gray text. If you would like to create a report that is not currently licensed, please contact Corner Bowl Software to upgrade your license.
Important
Since a server can contain multiple different types of text log monitors (e.g. W3C, CSV and plain text), each log you would like ot include in the report must be explicily assigned.

The Options Tab

  • Use the Filters drop-down to select all of the filters you would like to apply to the report.
Important
To target specific columns (e.g. New Logon Account Name), create a Complex Text Log Filter then, create a new Attribute Value Pair Criteria, specify the column's key (e.g. TARGET_ACCOUNT_NAME) then, specify the account name or regular expression to target.
Sample W3C IIS 400-500 Error Filter
Sample W3C IIS 400-500 Error Filter
Assign Report Filters Controls
Assign Report Filters Controls
  • Once a filter is assigned, use the Include entries that pass drop-down to select the filter method.
    The following filter options are available:
OptionDescription
AllInclude each entry that passes all assigned filters.
AnyInclude each entry that passes any filter.
NoneInclude each entry that does not pass any of the filters.
IgnoreInclude all entries.
  • Use the Apply filter frequency rules to display the Latest or Oldest entry when it occurs more than X times every X periods.
Note
A unique instance of these settings is attached to each assigned filter. Select the Filter to apply each instance's settings.
Sample W3C IIS log Report Properties View
Sample W3C IIS log Report Properties View
  • Use the Select distinct count controls to define a composite key to select a distinct count of entries that match your composite key. For example, generate a report that displays the number of each unique event type, Information, Warning, Critical, Audit Success and Audit Failure or the number of unique entries keyed by Event ID and Source on each assigned host).
Sample Select Distinct Count Controls
Sample Select Distinct Count Controls
  • Use the Query by controls to optimize SQL statements. For example, if the column you want to search for was added using a regular expression column defnition, specify the column key and the value to search for. Once executed, only rows that match your search criteria are returned from the database engine.
Sample Select Clause to Optimize SQL Table Scans
Sample Select Clause to Optimize SQL Table Scans

Related Topics

Reports