Running An Advanced Search - Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010 Administration Manual

Hide thumbs Also See for SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010:

Installation manual (38 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

page of 168

/ 168
Contents
Table of Contents
Bookmarks

Table of Contents

3 Select a time period for the search. Most of the time settings are self-explanatory, and the

default is Last 30 Days.

Custom allows you to select a start date and time and an end date and time for the query.

The start date should be lower than the end date, and the time is based on the machine's

local time.

Whenever searches both online and archive data in the data directory.

4 Click Search.

All fields in the index are searched for the specified text. A spinning icon

search is taking place.

The event summary displays the search results on the search dashboard pane.

5.1.2 Running an Advanced Search

An advanced search can search for a value in a specific event field or fields. The advanced search

criteria are based on the short names for each event field and the search logic for the index. To know

about the field names, their descriptions, the short names that are used in advanced searches, and to

know whether the fields are visible in the basic and detailed event views, see

Fields," on page

149.

NOTE: To perform a search, click the search tips link to use the tag names defined in the table.

To search for a value in a specific field, use the short name of the field, a colon, and the value. For

example, to search for an authentication attempt to Sentinel Log Manager by user2, use the

following text in the search field:

evt:authentication AND sun:user2

Other advanced searches could include the product name, severity, source IP, and the event type. For

example:

pn:NMAS AND sev:5

five.)

sip:123.45.67.89 AND evt:"Set Password"

123.45.67.89 and an event of 'Set Password'.)

Multiple advanced search criteria can be combined by using the following bit operators:

AND (should be capitalized)

OR (should be capitalized)

NOT (should be capitalized and cannot be used as the only search criterion)

The following special characters should be escaped by using a \ symbol:

+ - && || ! ( ) { } [ ] ^ " ~ * ? : \

(This search is for events with the product name NMAS and severity

Table C-1, "Event

(This search is for the source IP of

indicates that the

Searching

Table of Contents

This manual is also suitable for:

Sentinel log manager 1.0.0.5

Running An Advanced Search - Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010 Administration Manual

5.1.2 Running an Advanced Search

Related Manuals for Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010

Related Content for Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010

This manual is also suitable for:

Table of Contents