You have to schedule a report to see the report results. You can schedule a report to run immediately, once, or at a specified time. All Sentinel reports come with a sample report. When you schedule a report, the report runs at the scheduled time and the report results are saved in a PDF format. When you schedule to run a report immediately, it searches the events related to the report’s query from midnight till the time that you ran the report. Sentinel displays the results in the Sentinel console and also stores the results as a PDF.
NOTE:The report results in the PDF are different than the results in reports run immediately. The report results in the PDF are for the time range that you specified while scheduling a report. When you run a report immediately, the report includes events from midnight to the time you ran the report.
You can schedule a report using the desired parameters, such as a From and a To date, and save the report results with a name of your choice. After the report runs, you can view it in the Sentinel console or in PDF. For more information on viewing the reports results, see Section 11.5, Viewing Events.
Because the reports run asynchronously, you can simultaneously perform other tasks in the application while you run reports. If the Sentinel server was restarted while a report was processing, you can either cancel or restart the report. If you restart the report, it runs with the same parameters that were used the first time. If the report was scheduled with a relative time setting, such as , the time period for rerunning the report is based on the current date and time and not the date and time when the report was initially scheduled.
Use the following procedure to schedule a report:
Log in to the Sentinel Web interface as a user with the Manage Reports permission.
In the panel, select the report you want to schedule, then click .
You can schedule the report to run immediately or schedule it to run later, either once or on a recurring basis. For scheduled reports, choose a frequency and specify a time () for the report to run except if you select . The report runs based on the time settings of the Sentinel server.
Now: This is the default. It runs the report immediately.
Once: Runs the report once at the specified date and time.
Daily: Runs the report once a day at the specified time.
Weekly: Runs the report once a week on the same day at the specified time.
Monthly: Runs the report on the same day of the month every month, starting at the specified date and time. For example, if the start date and time is May 26, 2010 4:00:00 p.m., the report runs on the 26th day of the month at 4:00:00 p.m. every month.
Specify a unique name to identify the report results. By default, the name of the report is Report 1. Next time you schedule a report for the same report definition, the name of the report by default displays Report2.
(Conditional) If Sentinel is configured for distributed search, click the link in the section to select the source machines on which the reports can be run. For more information on distributed search, see Searching and Reporting Events in a Distributed Environment
in the NetIQ Sentinel 7.1 Administration Guide.
Displays the additional criteria that you specified in Additional Criteria. You can combine more than one criteria with And or Or operator.
To schedule a report, specify other parameters that are similar to . For more information, see Section 11.2, Creating Reports.
(Conditional) For user-defined reports, you can specify the number of results stored in the field. By default, Sentinel stores 1000 results. The number you specify here overrides the number you specified in the parameter on the Create Report screen.
Click .