This article applies to:

• Firewall Suite 4.X

Question:

Procedure:

You can use filters to make Firewall Suite reporting more focused. Use filters to to include or exclude activity to any specific directory that appears within the log file.

By default, all directories, starting with the root, are included. The root is indicated by a slash (/).

To create an Exclude filter:

1. Highlight the profile and click Edit.

2. Click the Filters tab.

3. Click Add.

4. Select Exclude and click Next.

5. Give the filter a name which will make the filter identifiable at a glance and click Next.

6. Click the Exclude activity based upon radio button and check the Directory or URL box.

7. Enter the name of the directory you want to exclude from the report. Use quotation marks to surround the text if the directory contains spaces or commas. Click Next.
   
   
   • Also Exclude Subdirectories - There is a check box to exclude all subdirectories. The box is checked by default.
   • Case Sensitive - There is also a check box for case sensitivity. By default, this box is not checked.

     Note: Most servers do not use a case-sensitive file naming structure. Some (such as UNIX) do.

8. The following screen shot provides a summary of the filter options just configured.

9. Click Finish. The following window will then appear, and you may continue with the remaining configuration of the profile.
   
   

Examples - The following examples show how directories can be filtered:

• Single Directory:

  /images

  Specifies that the directory "/images" is filtered and all subdirectories thereof, if "Include Subdirectories" is checked.
  
  

• Long Directory Names:

  "/image files"

  Specifies the long directory "/image files". Quotation marks are required when a directory has spaces or a comma.
  
  

• Multiple directories:

  "/image files" /intranet /graphics

  Specifies the directories "/image files", "/intranet", and "/graphics".
  
  

• Wildcards:

  /image*

  Specifies any first-level directory whose name begins with image, such as "/image bitmaps", "/image1" and "/image2", but not "/intranet/image bitmaps".
  
  

  /*graphics

  Specifies any first-level directory whose name ends in "graphics", such as "/bitmap graphics", but not "/intranet/bitmap graphics".
  
  

  "/*/graphics"

  Specifies all second-level directories named "/graphics", such as "/home/graphics" and "/intranet/graphics", but not "/home/sales/graphics". Directories such as "/home/graphics/logos", are specified by this example only if "Include Subdirectories" is checked.

  /graphics /*/graphics /*/*/graphics

  Specifies all first, second and third level directories named "graphics", such as "/graphics", "/home/graphics", and "/home/sales/graphics". Subdirectories of these directories, such as "/home/graphics/logos", and "/home/sales/graphics/logos/specials" are included or excluded only if "Include/Exclude Subdirectories" is checked.

  /*graphics*/

  Specifies all first level directories with names containing graphics, such as "/graphics", "/graphics files", and "/bitmap graphics".

Notes:

For this change to affect previously analyzed log files or earlier reports it is necessary to reanalyze the log files. Otherwise, this change will only affect reports that are generated after the point in which the filter was added.

This article was previously published as:

NETIQKB1013