Perimeter report advanced configuration functions
Various parameters that affect the Perimeter report function are accessed via the Advanced towards the top of the Audit Report screen. These parameters allow the operator to tune the report, either to increase performance or make special accommodations for the report.
BMC Defender Server comes pre-configured with parameters, so end users do not necessarily need to access the Advanced settings, or make changes. The Advanced settings for this report are as follows:
Report Data Source | This drop-down menu allows the operator to select the source of the report messages. By default, the report scans All Messages for the selected Span Days value. However, the operator can speed up the report scan operation by selecting some other range of messages, such as Packet Dropped Message, or some thread that has been constructed especially for the purpose of reporting on system devices. This speeds up the reporting operation by permitting the report generator to skip non-pertinent data. |
Match Message Expr | This text field is a match qualifier that can be used to limit the number of messages that are actually scanned. For a perimeter address to be reported on, the address must match the expression supplied here, by default ( * ) asterisk to match all messages, but possibly some other value such as a list macro called @@standard_messages@@ or an expression such as not @@special_messages@@. This value might speed up certain reporting operations. |
Report Span Days | This select menu allows the operator to specify the number of days that the report can span. Normally, a report spans the current day or the previous day. The operator can set this value to permit the report to span multiple days. The report scanning operation across messages terminates when the Span Days value is reached, or the Span Max Data Records value is reached. |
Span Max Data Records | This text field is an integer number, by default one million, that is the maximum number of messages to scan during the reporting operation. The value is useful to prevent the report from taking too long to execute. The value can (and probably should) be set higher if the Report Span Days is a value other than 1-Day. The report scanning operation across messages terminates when the Span Days value is reached or the Span Max Data Records value is reached. |
DSN Name | This value, if selected, is an ODBC Data Source Name, configured in the Windows Control Panel, and configured in the Reports > ODBC tab of the system. This value instructs the report generator to load data into the relational database table specified as follows. This provides a simple method of supporting third-party report writers. To update a relational database with the report information, the DSN Name must specify a valid ODBC Data Source Name, and the Database Table Name must point to a valid database table name. If both values are specified, the report generator creates a table in the database that contains all perimeter activity data. |
Database Table Name | This text field, along with the DSN Name value as specified, causes the report generator to update an ODBC capable database with the report information. The table name specified here is dropped (if it exists) and then recreated. |
Update Database Raw Message Data | This select menu enables the special function of loading ALL data into a relational database table, furnishing a direct mechanism to track firewall data with an ODBC capable database (in addition to all the other functions herein). The operator must set this switch to Yes, and specify the name of the Raw Message Database Table Name as follows. |
Raw Message Database Table Name | This text value is used only if the Update Database Raw Message Data switch is set to Yes. The operator specifies the name of a relational database table that is created, and then populated by the report viewer with message data. |
Max Raw Message Size | This integer number is used only in conjunction with the Update Database Raw Message Data. The value indicates the maximum size of a message and truncates the message to this value prior to inserting the value into the Raw Message Database Table Name (if one is specified). This can be used to limit the size required by this particular database table and reduce system loading. |
Restore Default Reports | This option, at the bottom of the screen, can be used to restore the installation default report viewers. This item is mainly useful for restoring the default reports on the system if they should become deleted or modified. |
Each item herein controls some aspect of the reporting process and is applied to the report generation function. Although BMC Defender Server comes pre-configured with reasonable values, the administrator might want to review these default settings and make adjustments suitable to the policies of a particular site.
Related topic