13.2.2. Report rules

A report rule defines the parameters of generated reports and also the schedule of the report launches and report delivery types for users. Provide the following parameters when creating a new report rule:

Name

Description

On

Enable or disable a report.

Name

Name of the rule.

Description

Optional field for the rule description.

Report language

Select a language that will be used in the report.

Time range

A time range for which the report will be generated.

Limit records

Limits the number of records to be displayed in reports for which the number of top records is limited, e.g. only TOP-20 of users who failed authentication in the console.

Group by limit (when applicable)

Limits the number of records to be displayed in reports for which the number of grouped records is limited, e.g. only TOP-10 of users in each category, i.e. not more than 10 users per category. This restriction is applicable only to the report templates with grouping.

Users

Select the users or user groups for which the report will be generated. When this field is empty, the report will be generated for all users.

Templates

The list of templates to be used for report building. Make sure to add at least one template.

Schedule

Select a report generation schedule. Possible options:

  • Daily

  • Weekly

  • Monthly

  • Every ... hours

  • Every ... minutes

  • Advanced

If Advanced is selected, use the crontab-like format in which a string contains of six fields separated with spaces. Make sure to specify the fields as follows: (minutes: 0-59) (hours: 0-23) (days of month: 0-31) (month: 0-12) (day of week: 0-6, 0-Sunday). Each of the five fields can be specified in the following way:

  • Asterisk (*)- denotes the whole range (from the first element to the last one)

  • Hyphen (-) - denotes a numeric range. For example, "5-7" stands for 5, 6 and 7

  • Lists. These are numbers (or ranges) separated with commas. Example: "1,5,10,11" or "1-11,19-23"

An asterisk or range with increment. It is used for denoting missed elements in ranges. A step must be specified after a backslash. For example, "2-10/2" stands for "2,4,6,8,10", and the statement "*/2" in the "hours" field means "every two hours"

Delivery

You can set up optional sending of generated reports to recipients by SMTP. Make sure to set up the following:

  • An SMTP profile to be used for sending reports. For more details on how to set up SMTP profiles, please refer to Notification profiles.

  • Email sender --- name of the message sender

  • Email subject --- subject string of the message

  • Email body --- body of the message

  • Recipients --- list of message recipients. Make sure to add all recipients to the lists of the Email addresses library.

Important! The report creation process may take a long time to complete and may consume a lot of computing resources. It is especially important to pay attention to the workload when generating reports for a large time period.

Important! Note that you can run a report rule even without enabling it or configuring its schedule. In the manual mode, you can run any report (even a disabled one) by adding the necessary rule to the list of rules and clicking Run now. The output reports will be available in the Generated reports section.