Symantec 10268947 User Guide - Page 119

Reports and Queries 119 About querying flows Viewing exported flows Query Exported Flows enables you to search against flow data that has been logged to the disk database. This enables flow data to be saved when a certain condition is triggered. The result is that a new event appears in the Network Security console with a link to the actual flow data. The search dialog allows the user to search across all the flows that have been exported. To query exported flows 1 In the Network Security console, click Flows > View Exported Flows. 2 Choose one of the following tabs: ■ Match Source and Destination: This will make a more focused query on specific source and destination IPs. ■ Match Source or Destination: This will make a broader query on either a source IP or a destination IP. 3 In Match Source and Destination, you can display only flows that pertain to specific source and destination IPs. To make this more focused query, enter data in the following fields: ■ Source IP: Numeric IP address ■ Port: Valid port number 4 In Match Source or Destination, you can display flows that pertain to either a source IP or a destination IP. To make this broader query, enter data in the following fields: ■ Source or Destination IP: Numeric IP address ■ Port: Valid port number Note: The Network Security console displays the flow data in table format, one page at a time. You can sort the table by clicking the heading of any column. This sort, however, applies only to the page currently displayed, which may be only a portion of the entire report. At the top of the display, a prompt indicates how many flows are currently displayed, out of the total report. 5 Do one of the following: ■ Click Start Query to run a flow query based on the parameters that you configured. ■ Click Next Results to view the next page of a query that was too large to display in its entirety. ■ Click Clear to stop the active query and remove the results from display.