Shadow Log Filter (Service)
You can filter data in
Shadow Log Viewer (Service) so that only records that meet certain conditions are displayed in the list.
To open the
Filter dialog box, choose
Filter from the shortcut menu of
Shadow Log Viewer or click
on the toolbar.
There is no big difference between defining Audit Log Filter and Shadow Log Filter, so first read the
Audit Log Filter (Service) section of this manual.
To set up a filter, select the Enable filter check box on the respective tab depending upon whether to configure include or exclude conditions.
Note: The mark next to the tab name turns green if the filter on that tab is enabled. Otherwise, the mark is gray. |
When the filter is enabled, you can define its condition by entering values into the following fields:
•Success - Specifies whether to filter the successfully logged data.
•Incomplete - Specifies whether to filter the data that was logged incompletely.
•Failed - Specifies whether to filter the logged data checked by Content-Aware Rules and whose transmission was blocked.
•File name - The text that matches a value in the Shadow Log Viewer’s File Name column. This field is case-insensitive.
•Source - The text that matches a value in the Shadow Log Viewer’s Source column. This field is case-insensitive.
•Action - The text that matches a value in the Shadow Log Viewer’s Action column. This field is case-insensitive.
•User - The text that matches a value in the Shadow Log Viewer’s User column. This field is case-insensitive.
•Process - The text that matches a value in the Shadow Log Viewer’s Process column. This field is case-insensitive.
•PID - The number that matches a value in the Shadow Log Viewer’s PID column. To enter multiple numbers, separate them with a semicolon (;).
•Reason - The text that matches a value in the Shadow Log Viewer’s Reason column. This field is case-insensitive.
•Protected - The text that matches a value in the Shadow Log Viewer’s Protected column.
•Information - The text that matches a value in the Shadow Log Viewer’s Information column. This field is case-insensitive.
•File type - The text that matches a value in the Shadow Log’s Viewer File Type column. This field is case-insensitive.
•File size - The number or the range of numbers that matches a value in the Shadow Log Viewer’s File Size column.
•From - The beginning of the range of records to filter. Select First Record to filter records from the earliest one in the log. Select Records On to filter records made no earlier than a specific date and time.
•To - The end of the range of records to filter. Select Last Record to filter records up to the latest one in the log. Select Records On to filter records made no later than a specific date and time.
Note: To assist with configuring a filter, string setting fields store previous entries and suggest matches for what is being typed. Previous entries are also available on the drop-down list of options for the setting field. |
When configuring a filter, consider the following:
•Filter conditions are combined by AND logic, that is, a given record matches the filter if it matches each of the filter conditions. Clear the fields that are not to be used in the filter conditions.
•Filter string fields may include wildcards, such as an asterisk (*) or a question mark (?). An asterisk represents zero or more characters; a question mark represents any single character.
•A filter string field may include multiple values separated by a semicolon (;). In this case, the values are combined by OR logic, that is, a given record matches the filter condition on a particular field if it matches at least one of the values specified in that field.
•The Clear button in the Filter dialog box provides the option to remove all the defined filter conditions and start setting up a new filter from scratch.
•The Save and Load buttons in the Filter dialog box are used to save the filter conditions to a file and to load previously saved filter conditions from a file.
