How to View and Delete Reports from the CLI

Details

The following CLI commands can be used to view the report jobs

> show report (tab to view list)
> custom      custom

> directory-listing   directory-listing
> id          By id
> jobs        All jobs
> predefined  predefined

Sample output showing the databases available for custom reports

> show report custom database equal (tab to view list)
  appstat  appstat
  threat    threat
  thsum    thsum
  traffic  traffic
  trsum    trsum

Sample output showing the custom traffic report

> show report custom database equal traffic (enter)
<?xml version="1.0"?>
<report reportname="" logtype="traffic">
  <result logtype="traffic" start="2010/03/28 14:07:45" end="2010/03/29 14:07:44
" generated-at="2010/03/29 14:07:48" range="Sunday, March 28, 2010">
    <entry>
      <src>10.30.14.97</src>
      <resolved-src>10.30.14.97</resolved-src>
      <dst>10.16.0.69</dst>
      <resolved-dst>10.16.0.69</resolved-dst>
    </entry>
    <entry>
      <src>10.16.0.180</src>
      <resolved-src>10.16.0.180</resolved-src>
      <dst>10.0.0.246</dst>
      <resolved-dst>10.0.0.246</resolved-dst>
    </entry>
    <entry>
      <src>10.16.0.57</src>
      <resolved-src>10.16.0.57</resolved-src>
      <dst>10.0.0.246</dst>
      <resolved-dst>10.0.0.246</resolved-dst>
    </entry>
    <entry>

Sample output showing the predefined report database

> show report predefined name equal (tab to view list)
  top-applications            top-applications
  top-attackers                top-attackers
  top-attackers-by-countries  top-attackers-by-countries
  top-attacks                  top-attacks
  top-connections              top-connections
  top-denied-applications      top-denied-applications
  top-denied-destinations      top-denied-destinations
  top-denied-sources          top-denied-sources
  top-destination-countries    top-destination-countries
  top-destinations            top-destinations

--- output truncated ----

Sample output showing detailed info for predefined report 'top-attackers'

> show report predefined name equal top-attackers (enter)
<?xml version="1.0"?>
<report reportname="top-attackers" logtype="thsum">
  <result name="Top attackers" logtype="thsum" start="2010/03/28 00:00:00" end="2010/03/28 23:59:59" generated-at="2010/03/29 15:00:09" range="Sunday, March 28, 2010">
    <entry>
      <src>10.16.0.200</src>
      <resolved-src>10.16.0.200</resolved-src>
      <srcuser></srcuser>
      <count>840</count>
    </entry>
    <entry>
      <src>74.125.19.106</src>
      <resolved-src>74.125.19.106</resolved-src>
      <srcuser></srcuser>
      <count>794</count>
    </entry>
    <entry>
      <src>74.125.19.104</src>
      <resolved-src>74.125.19.104</resolved-src>
      <srcuser></srcuser>
      <count>524</count>
    </entry>
    etc...

Use the following CLI commands to delete reports

> delete report (tab to view list)
> custom      custom
> predefined  predefined
> summary      summary

Sample output showing list of predefined report types available to delete

admin@archeo_falcon_secondary> delete report predefined scope <shared or vsys_number> report-name (tab to view list, then choose report type to delete)
  bandwidth-trend                2010/03/29 02:02:07      36.0K
  hruser-top-applications        2010/03/29 02:02:21      36.0K
  hruser-top-threats              2010/03/29 02:02:22      36.0K
  hruser-top-url-categories      2010/03/29 02:02:19      36.0K
  risk-trend                      2010/03/29 02:02:07      36.0K
  spyware-infected-hosts          2010/03/29 02:02:06      36.0K
  threat-trend                    2010/03/29 02:02:10      36.0K
  top-application-categories      2010/03/29 02:02:06      36.0K
  top-applications                2010/03/29 02:02:13      36.0K
  top-attackers                  2010/03/29 02:02:11      36.0K
  top-attackers-by-countries      2010/03/29 02:02:11      36.0K
  top-attacks                    2010/03/29 02:02:14      36.0K
  top-blocked-url-categories      2010/03/29 02:02:14      36.0K
  top-blocked-url-user-behavior  2010/03/29 02:02:14      36.0K
  top-blocked-url-users          2010/03/29 02:02:14      36.0K
  top-blocked-websites            2010/03/29 02:02:14      36.0K
  top-connections                2010/03/29 02:02:13      36.0K
  top-denied-applications        2010/03/29 02:02:14      36.0K
  top-denied-destinations        2010/03/29 02:02:14      36.0K
  top-denied-sources              2010/03/29 02:02:14      36.0K
  top-destination-countries      2010/03/29 02:02:12      36.0K
  top-destinations                2010/03/29 02:02:12      36.0K
  top-egress-interfaces          2010/03/29 02:02:13      36.0K

Sample output showing list of custom report names available to delete

> delete report custom scope <shared or vsys_number> report-name (tab to view list, then choose report name to delete)
  "Dave Top URL users"            2008/05/09 01:02:44        4.0K
  "Destination Ports"            2010/03/29 02:02:18      20.0K
  "Doms Regression Threat"        2010/03/29 02:02:18      20.0K
  "Lee Test"                      2008/05/09 01:02:25        4.0K
  "Lee Traffic Report"            2010/03/29 02:02:16      36.0K
  "Mchan Report"                  2010/03/28 02:02:26      12.0K
  "Mike Test"                    2010/03/29 02:02:16      36.0K
  "My Custom Report"              2010/03/29 02:02:16      36.0K

The following command deletes a group of predfined .pdf files through the date indicated after 'ending'

> delete report summary scope <shared or vsys_number> report-name predefined file-name 86400s-ending-20080514

Successfully removed '86400s-ending-20080514'

The following command will delete all .pdf files:

> delete report summary scope <shared or vsys_number> report-name wtam-pdf file-name *.pdf

Successfully removed '*.pdf'

owner: panagent