Search Device Log Messages (Dimension)

From the Dimension Log Search page for a Firebox, you can run a search to refine the log messages that appear for the selected Firebox. You can run simple or complex search queries to find specific details in your Firebox log messages.

There are four types of search queries that you can specify when you run a search:

  • ANY of these words — Search results include log messages with any of the words you specify.
  • ALL of these words — Search results only include log messages with all of the words you specified.
  • EXACT match of this phrase — Search results only include log messages with the exact phrase you specified.
  • NONE of these words — Search results only include log messages without any of the words you specified.

For each search query, you must specify at least one of these query types. Search queries are not case sensitive. For example, if you search for User1, the search results might include log messages with the text user1 as well as User1. For a simple search, specify one search query type. For a complex search with an AND operator, specify text to search on in more than one search query type in a single search query block. You can also use the OR operator to add another search query block and specify additional search queries. This is useful when you want to find log messages that include more than one type of event or type of log message.

After you run a search, you can export the search results to a file that you can save for later use outside of Log Manager.

You can start a search from two different places in Log Manager: the main Log Manager navigation menu or from the log messages page for a device.

Run a Search from the Log Search Page

From the main Log Search page, you can select the device, time range, and log type to search for. When you specify the parameters for your search queries, you can select to search for any details included in the log messages.

The Log Search page for your device includes one search query block by default. To run a simple search, specify the text to search on in one text box in the default search query block. To run a complex search with an AND operator, specify text to search on in more than one text box in a single search query block. To run a complex search that includes an OR operator, add another search query block. You can add up to nine search query blocks to your search, with a maximum of four AND operators per block.

To run a search from the Log Search page:

  1. Select Home > Devices.
    The Devices page opens.

Screen shot of the Devices page

  1. Select a Firebox.
    If the Firebox has only a logging connection to Dimension, the Executive Dashboard page appears.
    If the Firebox has a management connection to Dimension, the Device Summary page appears.
  2. From the Start and End drop-down calendars, select the start and end date and time for the log messages, then click Apply.
  3. Select Log Search.
    The Log Search page opens for the selected device.

Screen shot of the Log Search page

  1. To select the type of log messages to include in the search, at the top of the page, click a log type button:
    • — Traffic
    • — Alarm
    • — Event
    • — Diagnostic
    • — Statistic
    • — All
  2. To select the type of search query to run, from the drop-down list, select an option:
    • ANY of these words
    • ALL of these words
    • EXACT match of this phrase
    • NONE of these words
  3. In the adjacent text box, type the text to search for.
  4. To add an AND operator to your search, click .
    Another query block appears.
  5. From the drop-down list, select an option:
    • ANY of these words
    • ALL of these words
    • EXACT match of this phrase
    • NONE of these words
  6. In the adjacent text box, type the text to search for.
  7. To add an OR operator to your search, click the OR icon.
    Another search query block appears.
  8. In the new search query block, type the text to search on.
  9. To remove a search query block from your search, click the Delete Search Block button.
  10. Click the Search icon.
    The amount of time it takes the search to compete depends on the number of log messages for the device and the parameters of your search.
    A progress bar appears at the bottom of the search query parameters section of the page to indicate the status of the search.

Screen shot of the Log Search page with a search in progress

The log messages page for the device is updated to include only those log messages that match the search query parameters you specified.

  1. To cancel a search, click Cancel.

Screen shot of the Log Search results

When the search is complete, the number of records included in the search results appears in the search parameter section.

  1. To remove all search query results, click Clear.
    All log messages are removed from the search results section.

Run a Search from Log Manager

If you are on the log messages page for a Firebox in Log Manager, you can use the Search text box to start a search..

From the log messages page for your Firebox:

  1. In the Search text box, type the text to search for.
  2. Click the Search button.
    The Search page appears with the device you specified in the breadcrumbs navigation and the text you specified in the ANY of these words text box.
  3. Follow the instructions in the previous section, Run a Search from the Log Search Page, to complete your search query and run the search.

Export Search Results

After your search is complete, you can export your search results to a CSV file that you can download in a ZIP file. The ZIP file includes a text file with the search parameters.

From the Log Search page:

  1. In the search parameters section, click Export.
    The Save As dialog box opens.
  2. Specify a name for the file and a location to save the file on your computer.
  3. Click Save.

Related Topics

View Log Messages (Dimension)