After you define a saved query, it appears in the Queries list and can be run again and again against different databases.
NOTE: Novell® Audit Report (LReport) is recommended for queries that take a considerable amount of time or have a large result set. The iManager plug-in should be used for smaller subset queries, and you should use filters to limit the scope of the query. Results vary depending on the processing power and memory available on the servers where the Secure Logging Server and the database are installed.
To define a saved query:
In the Name field, specify a name for the query.
The query name appears in the Queries list and in the query results title.
In the Select Fields list, select the event field(s) you want to query. To query all event fields, select All.
To select multiple fields:
On Windows*, Ctrl+click to select each field.
On Macintosh*, Command+click to select each field.
On Linux*, simply click the fields you want to select.
On all platforms, Shift+click to select a contiguous range of fields.
Define the query statement.
Create the query using the Query Builder, or type the query statement in the Query SQL Statement window.
Select Translate Column Titles if you want to label the column headings in the query results page with the field titles defined in the log schema.
We recommend that you only select this option for queries that return one type of event. If you select this option for queries that return multiple types of events, Novell Audit Report labels the column headings with the field titles from the last event returned in the query.
IMPORTANT: For this option to work, you must import each application's log schema. For information, see Product Events.
When finished, click OK.
The query now appears in the Queries list. Saved queries are stored in the User object you use to log in to iManager; therefore, they are not available to other users on the system.
You can edit any saved query, including the predefined queries included with the Novell Audit iManager plug in. To edit a saved query:
Select the check box next to the query you want to edit.
Click Edit.
Modify the query fields.
When finished, click OK.
If you are unfamiliar with the SQL query language, you can use the Query Builder to help you define basic saved queries. The Query Builder simplifies the process of creating a query by allowing you to choose from lists of predefined parameters. The Query Builder then constructs the query statement from the parameters you select.
Because the Query Builder can provide only a limited set of parameters, the queries it creates are very simple. However, it is the easiest way to create saved queries and it is capable of creating most base-level queries.
The following provides a description of the options in the Query Builder.
Query Option |
Description |
Event Field |
The event field you want to query. For more information on the event fields, see Event Structure.
|
Condition |
The condition under which the logging server applies the Value to the Event Field. Depending on the Event Field, you can select the following conditions from the drop-down list box:
|
Value |
The value for the designated event field. The query statement applies the Value to the designated Event Field under the defined conditions. If an event matches the criteria, it is returned in the query results.
|
Operator |
To narrow the query results, you can define values for multiple event fields. Using standard And, Or, and End operators, you can define multiple event conditions. The conditions are accumulative; that is, the logging server applies the first, then the second, then the third, etc., to progressively narrow the results.
|
Arrows
|
The down-arrow moves a query from the Query Builder into the Query SQL Statement window. iManager builds an SQL query statement from the parameters you defined in the Query Builder. The up-arrow moves an SQL query statement from the Query SQL Statement window to the Query Builder. If the query statement includes clauses that are outside the scope of the Query Builder, iManager returns the error SQL statement is too complex to use builder.
|
You can type a query statement directly into the Query SQL statement window. For basic information on building SQL queries, see the Novell Audit Administration Guide.
You do not need to include a FROM clause in your query statement. iManager dynamically builds the FROM clause using the table specified in the database definition you select when you run the query. However, if the query statement does include a FROM clause, iManager queries the table defined in the query statement. For basic information on building SQL query statements, see the Novell Audit Administration Guide.
The following macros can be used in the SQL Statement:
HexToDec[hex#] - Converts a number from hexidecimal to decimal for a query
IP[192.168.0.5] - Enables you to use an IP address in a query
[table] - Inserts the actual table name during the query
A trademark symbol (®, , etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For information on trademarks, see Legal Notices.