With this procedure, TLC queries the log messages in the Audit Logger File Store, normalizes the messages specified by the query criteria, and presents the results in a report. To normalize each log message, TLC uses the Normalization Rules assigned to each Asset Group containing the Asset that represents the message's Log Source (see Assigning Normalization Rules to Asset Groups), as well as any rules assigned to the Asset itself (see Table 48). When TLC presents the report, you can modify the report's appearance, save the report in a variety of file formats, and email the report to specified recipients.
To schedule an Audit Logger report, see Working with the Task Scheduler.
To compile a report of Audit Logger data:
1. | In the side bar, select Events >Audit Logger. |
2. | In the Audit Logger, select the Query tab. |
3. | To populate the main pane with the query criteria of an existing report, expand the Report group in the left pane and select the report. |
To define criteria for a new report:
a. | From the Output drop-down, select Report. |
TLC presents some query-criteria tabs in the lower half of the Query Criteria tab, and adds Report Class and Report drop-downs.
b. | From the Report Class drop-down, select a classification. |
c. | From the Report drop-down, select the type of Report to be run. |
Note |
The Report Class determines which report types are available from the Report drop-down. |
---|
d. | Enter your other criteria for the query. |
For default criteria, see Table 75.
For guidance in completing the query-criteria tabs, see Table 82.
4. | Click Start. |
TLC presents the compiled Report in the Query Results - Report tab.
With the buttons along the top of the Report tab, you can review, print, re-format, save, and email the Report. For more information, see Working with Report Output.
Tip |
If the query results seem inaccurate or invalid, and you're unable to resolve the issue, you can save the query results in a log file and then forward the file to Tripwire Support for troubleshooting. For more information, see Troubleshooting an Audit Logger Query. |
---|