Report by protocol, settings
|Contents Previous Next|
To create a protocol-specific report, you have to select a corresponding report type on the first step in the Report Wizard and select a protocol(s) to be included into the report on the second step:
As the description states, different ways of specifying the protocol and port are supported.
This step also enables you to configure the data presentation mode: a separate part for each element or all elements in one part. The remaining steps of the wizard are completed in a regular manner.
The protocol list can be changed in the Protocol Editor window that can be opened using the Settings | Protocols editor command.
This window also enables you to view the list of available protocols, add new protocols, as well as to modify and delete existing ones. The list of protocols is shown in the editor window as a table. Each row corresponds to one protocol and includes the port number, the type of the protocol (TCP/UDP), the name of the protocol, the name of the port and a list of additional ports. The table can be sorted using any of the five columns. To change the sorting order, click the header of the necessary column. The grey color indicates pre-installed protocols. By default, their editing is prohibited, but you can always enable it using the Allow editing of predefined protocols option. To restore the parameters of a pre-installed protocol, press the Default button (it appears only after a predefined protocol is modified) in the Edit protocol window.
A list of proxy server rules can be specified for each protocol. This protocol will be stored in database if a rule of proxy server in log file record will be equal to one in that list.
Protocols are detected using several fields, including the port number (the Port number column) and a text identifier (the Port number column, can be semi-colon delimited). Some protocols can use several ports or a single port for TCP and UPD simultaneously. In this case, additional ports are specified in the Additional ports column in the tcp|udp:port format, the values are divided by a semi-colon.
To create a new protocol, press the Create button. A new window called New protocol will open and will allow you to specify the port and protocol numbers, the names of the port and protocol, as well as the list of additional port numbers.
To finish the protocol creation process and add it to the general program list, press ÎÊ. To cancel protocol creation and close the window, press Cancel.
To edit a protocol, select a row in the table and press the Edit window or simply double-click a protocol with the left mouse button. The Edit protocol window will open. It will be completely identical to the New protocol window. You can change the port and protocol number, the port and protocol names, as well as the list of additional port numbers. To finish editing the protocol and save changes, press ÎÊ. To cancel changes and close the window, press Cancel.
Additional port numbers can be defined by a port number (it will be interpreted as a port for UDP and TCP), a TCP port in the tcp:port_number format or as a port for the UDP protocol in the udp:port_number format. When the program starts importing data, it will search for the port from the log among all main and additional ports of all protocols. However, it will be the main port that will be saved to the database.
To delete a protocol, select it and press the Delete button. All the changes will be saved to the database only after you press the Save button in the protocol editor.
All the changes (except for names) made in the protocol editor do not affect the information in the database and are only applied on the import stage.