How to View and Delete Reports from the CLI
Resolution
Details
The following CLI commands can be used to view the report jobs
> show report (tab to view list)
> custom custom
> directory-listing directory-listing
> id By id
> jobs All jobs
> predefined predefined
Sample output showing the databases available for custom reports
> show report custom database equal (tab to view list)
appstat appstat
threat threat
thsum thsum
traffic traffic
trsum trsum
Sample output showing the custom traffic report
> show report custom database equal traffic (enter)
<?xml version="1.0"?>
<report reportname="" logtype="traffic">
<result logtype="traffic" start="2010/03/28 14:07:45" end="2010/03/29 14:07:44
" generated-at="2010/03/29 14:07:48" range="Sunday, March 28, 2010">
<entry>
<src>10.30.14.97</src>
<resolved-src>10.30.14.97</resolved-src>
<dst>10.16.0.69</dst>
<resolved-dst>10.16.0.69</resolved-dst>
</entry>
<entry>
<src>10.16.0.180</src>
<resolved-src>10.16.0.180</resolved-src>
<dst>10.0.0.246</dst>
<resolved-dst>10.0.0.246</resolved-dst>
</entry>
<entry>
<src>10.16.0.57</src>
<resolved-src>10.16.0.57</resolved-src>
<dst>10.0.0.246</dst>
<resolved-dst>10.0.0.246</resolved-dst>
</entry>
<entry>
Sample output showing the predefined report database
> show report predefined name equal (tab to view list)
top-applications top-applications
top-attackers top-attackers
top-attackers-by-countries top-attackers-by-countries
top-attacks top-attacks
top-connections top-connections
top-denied-applications top-denied-applications
top-denied-destinations top-denied-destinations
top-denied-sources top-denied-sources
top-destination-countries top-destination-countries
top-destinations top-destinations
--- output truncated ----
Sample output showing detailed info for predefined report 'top-attackers'
> show report predefined name equal top-attackers (enter)
<?xml version="1.0"?>
<report reportname="top-attackers" logtype="thsum">
<result name="Top attackers" logtype="thsum" start="2010/03/28 00:00:00" end="2010/03/28 23:59:59" generated-at="2010/03/29 15:00:09" range="Sunday, March 28, 2010">
<entry>
<src>10.16.0.200</src>
<resolved-src>10.16.0.200</resolved-src>
<srcuser></srcuser>
<count>840</count>
</entry>
<entry>
<src>74.125.19.106</src>
<resolved-src>74.125.19.106</resolved-src>
<srcuser></srcuser>
<count>794</count>
</entry>
<entry>
<src>74.125.19.104</src>
<resolved-src>74.125.19.104</resolved-src>
<srcuser></srcuser>
<count>524</count>
</entry>
etc...
Use the following CLI commands to delete reports
> delete report (tab to view list)
> custom custom
> predefined predefined
> summary summary
Sample output showing list of predefined report types available to delete
admin@archeo_falcon_secondary> delete report predefined scope <shared or vsys_number> report-name (tab to view list, then choose report type to delete)
bandwidth-trend 2010/03/29 02:02:07 36.0K
hruser-top-applications 2010/03/29 02:02:21 36.0K
hruser-top-threats 2010/03/29 02:02:22 36.0K
hruser-top-url-categories 2010/03/29 02:02:19 36.0K
risk-trend 2010/03/29 02:02:07 36.0K
spyware-infected-hosts 2010/03/29 02:02:06 36.0K
threat-trend 2010/03/29 02:02:10 36.0K
top-application-categories 2010/03/29 02:02:06 36.0K
top-applications 2010/03/29 02:02:13 36.0K
top-attackers 2010/03/29 02:02:11 36.0K
top-attackers-by-countries 2010/03/29 02:02:11 36.0K
top-attacks 2010/03/29 02:02:14 36.0K
top-blocked-url-categories 2010/03/29 02:02:14 36.0K
top-blocked-url-user-behavior 2010/03/29 02:02:14 36.0K
top-blocked-url-users 2010/03/29 02:02:14 36.0K
top-blocked-websites 2010/03/29 02:02:14 36.0K
top-connections 2010/03/29 02:02:13 36.0K
top-denied-applications 2010/03/29 02:02:14 36.0K
top-denied-destinations 2010/03/29 02:02:14 36.0K
top-denied-sources 2010/03/29 02:02:14 36.0K
top-destination-countries 2010/03/29 02:02:12 36.0K
top-destinations 2010/03/29 02:02:12 36.0K
top-egress-interfaces 2010/03/29 02:02:13 36.0K
Sample output showing list of custom report names available to delete
> delete report custom scope <shared or vsys_number> report-name (tab to view list, then choose report name to delete)
"Dave Top URL users" 2008/05/09 01:02:44 4.0K
"Destination Ports" 2010/03/29 02:02:18 20.0K
"Doms Regression Threat" 2010/03/29 02:02:18 20.0K
"Lee Test" 2008/05/09 01:02:25 4.0K
"Lee Traffic Report" 2010/03/29 02:02:16 36.0K
"Mchan Report" 2010/03/28 02:02:26 12.0K
"Mike Test" 2010/03/29 02:02:16 36.0K
"My Custom Report" 2010/03/29 02:02:16 36.0K
The following command deletes a group of predfined .pdf files through the date indicated after 'ending'
> delete report summary scope <shared or vsys_number> report-name predefined file-name 86400s-ending-20080514
Successfully removed '86400s-ending-20080514'
The following command will delete all .pdf files:
> delete report summary scope <shared or vsys_number> report-name wtam-pdf file-name *.pdf
Successfully removed '*.pdf'
owner: panagent