Gecko
Datacollector

Data View

The View page is the page where you can follow the log records from your data source live. On this page, you can see and filter your current and past log records.

What Is Data View ? πŸ€·β€β™‚οΈ

On the Data View page, you can access all types of logs received from your security device. This interface allows both real-time and historical search and filtering across all log types.

To view a specific log type, the corresponding traffic must first be detected and logged by your security device. For instance, if you want to determine how many hours a user working remotely via VPN was connected on a given day, VPN traffic logging must be enabled on your security device.

Manage Data View πŸ‘¨β€πŸ’Ό

After logging in to the Logger Web UI, the Default View page welcomes you. On this page you can add a new Workspace, edit, delete and clone existing ones. The Workspace designs you create appear in the Workspaces section in the left menu.

Filters πŸ”‘

  • Source: Select the data sources you are adding here.
  • Type: The log types sent appear here. Select the log type you want to review. Log types are directly proportional to the security settings and configuration of your device. For example; when you want to examine the web log, your security device needs to capture this web traffic beforehand.
  • Column: Your device sends many log columns. Log columns can contain a lot of data. By default there are 11 log columns. You can add or remove these log columns. After adding and removing columns, the DataView table will take shape. Log columns will vary according to the brand of your device. You can examine what the column names mean in the documents on the official website of the device brand.
In the following section, you can access the log field description documents of some brands;
Fortigate: docs.fortinet.com...
Sophos: docs.sophos.com...
Palo Alto: docs.paloaltonetworks.com...
  • Aggregate: The Aggregate operation sums the values of the columns you have selected and groups the fields. You can see the result of this operation in the DataView table.

Tab πŸ“‘

You can search multiple logs at the same time in separate tabs.

Search In Two Date Ranges ↔️

Specifically shows the data between the two dates you selected.

Date Filtering πŸ—“οΈ

You can search for logs between two dates using the Start date and End date properties. You can also use predefined time intervals such as Today so far, This Week, This Year.

Time Filtering πŸ•°οΈ

Using the top bar you can add filters based on hours and seconds. This way you can see all the data in a given time range. Click and drag the mouse to use the top bar.

Live πŸ”„

You can review instant logs by activating the Live option.

Log Filter Types πŸ”‘

You can search all log columns and use log filters. Examples of the use of some of these are as follows;

  • No Filter: Shows all records without any filtering applied.
  • Contains: Displays records that include the specified text.
  • Not Contains: Shows records that don't include the specified text.
  • Equal: Displays records that exactly match the specified value.
  • Not Equal: Shows records that don't match the specified value.
  • Starts With: Displays records beginning with the specified text.
  • End With: Shows records ending with the specified text.
  • Is Null: Displays records where the field is empty/null.
  • IsNot Null: Shows records where the field has a value/is not null.

How To Use ? πŸ€”

Go to Datacollector > Data View > Default View to make various edits to the Data View page.

Add Workspace βž•

Follow the steps below to add a new Workspace;

  • Click on the three dots in the top left corner of the page.
  • Then click the Add New Workspace button.
  • Fill in the information on the page that appears and click the Add button.
Click on the three dots in the top left corner to edit, clone and delete dashboards.

Data Search (Unfiltered&Single Day) πŸ”Ž

To test data search with filters, follow the steps below;

  • If you want to analyze the logs of a device, select that device in the source section under the Filters menu.
  • Select the log type you want to analyze from the Types section.
  • Select the log columns you want to see in the table or leave them as default.
  • Optionally enable the aggregate option and then press the search button in the top right corner.

Data Search (Filtered&Many Days) πŸ”Ž

The operations we have done so far only return data for one day and do not do any filtering. To filter data for a specific day or to filter and search for data between two dates, follow the steps below;

  • Enter what you want to search for in any column in the table. Ex: For the srcip column, enter 192.168.100.100.
  • Then select a column filter. Ex: Equal. This way you can see traffic with source ip address 192.168.100.100.
  • Finally, select a specific date from the columncalendar in the top left corner. Or you can search between two dates by selecting Custom from the columndate filter menu.
  • Then then press the search button in the top right corner.

Dashboard

On the Dashboard page, you can add many objects such as real-time system resource monitoring, bandwidth monitoring, threat level monitoring.

Management

This topic provides information on how to add a data source to the Logger software.