This article applies to:

• Firewall Suite 4.X

Question:

Procedure:

If you wish to create a report, which includes activity from a single IP address or computer name, complete the following steps.

1. Determine the IP address of the activity you wish to include.

2. Edit an existing profile or a new one may be created. Within that profile, access the Filters tab.

3. Delete the Include Everything filter.

4. Create a new Include filter and enter a meaningful description.

5. Select Include Activity Based Upon and check Users(IP) or Internal User Address or External User Address.

6. Select Next.  

7. Enter the IP address or computer name (Fully Qualilfied Domain Name or FQDN, such as machine.example.com) of the specific user, and then select Next, followed by Finish.

8. If a new profile is being created, complete the creation, or if an existing profile is being edited, save the profile and start the analysis of the log file.

Different types of ranges can be entered for this filter.  For example:

204.245.240.0-63
Specifies all numeric IP addresses from 204.245.240.0 through 204.245.240.63

204.245.240.0-204.245.240.64
Specifies all numeric IP addresses from 204.245.240.0 through 204.245.240.64

204.245.240.64/26
CIDR notation.  Specifies all addresses of this classless subnet: 204.245.240.64 - 204.245.240.127.

111.92.76.0/26
CIDR notation.  Specifies all subnet addresses from 111.92.76.0 through 111.92.76.63.

*.WebTrends.com
Specifies only those addresses that have a sub-domain that appears to the left of this domain (such as., www.WebTrends.com, ftp.WebTrends.com, etc.) This would not include addresses without a sub-domain.

*WebTrends.com
Any address that includes the specified domain, with or without a sub-domain  (such as., www.WebTrends.com, ftp.WebTrends.com, or WebTrends.com).

Notes:

This article was previously published as:

NETIQKB3892