| Home Prev |  InControl 3.19.01 Administration Guide
|
Next |
|---|
The Query Filter is part of the Log Explorer and provides another means of performing simple queries on the ILA database.
The advantage of the Query Filter is that the administrator has direct access to the Log Query Language (LQL) statements which are the intermediate stage for log database query processing. LQL is described further in Section 23.6, Log Query Language (LQL).
The Query Filter feature is started by pressing the Search Criteria button in the Log Explorer tab.
The Query Filter dialog then appears for specifying search criteria and a choice can be made about which firewalls are of interest.
A specific time interval in the past can also be specified.
Most importantly, the individual filtering criteria for the selected firewalls and selected time period are now entered. In the example, below, the source interface, IP and port is specified along with the destination interface.
The Require All Filters to Match checkbox at the bottom of the Query Filter dialog decides if all the specified values need to match (a logical AND between matches) or any need to match (a logical OR).
Pressing the OK button now sends the query to the ILA server and a list of matching log messages is returned. It may be advisable to keep the message output limit to the default of 1000 in case the filter needs to be narrowed. Lists of output messages that are too large can make further analysis difficult.
Adding More Filter Parameters
The basic filter parameters shown in the Filters tab of this dialog have been chosen as the most typical choices when filtering log messages.However, the Additional Filters tab provides the option of adding further criteria to the search. By selecting that tab and then selecting Add, a new dialog appears and a particular log message filtering parameter can be selected from the full list.
A set of logical operators can then be used to precisely define what is being searched for. This allows the definition of more complex criteria. For example, the criteria below is the destip not being equal to the value 2.2.2.2.
This additional filter is combined with any selections made in the previous Filters tab to form the final query.
Filtering the Resulting Message List
When the list of log messages matching a query is displayed, a particular column of data can be filtered further by right-clicking on it. In the example below, the right-click was over the Message ID (the context menu below appears to the right of the actual cursor position).
With this menu it is now possible to sort or filter in various ways based on the Message ID. In addition, the following two options are available:
Filter Similar - This will display all log messages that have the same values as the selected log message, except for the time and name fields. With this option, more than just the Message ID is used for filtering.
Filter on Message ID - This will show only those log messages with the same value as the selected message, in this case all messages with the same Message ID of 0700014.
