Filtering 'Configuration Changes' Logs
Comodo Internet Security allows you to create custom views of all logged events according to user defined criteria. You can use the following types of filters:
Preset Time Filters
Clicking on the handle at the bottom enables you to filter the log entries for a selected time period:
- Today - Displays all logged events for today.
- Current Week - Displays all logged events during the current week. (The current week is calculated from the Sunday to Saturday that holds the current date.)
- Current Month - Displays all logged events during the month that holds the current date.
- Entire Period - Displays every event logged since Comodo Internet Security was installed. (If you have cleared the log history since installation, this option shows all logs created since that clearance).
- Custom Filter – Enables you to select a custom period by choosing the 'From' and 'To' dates under 'Please Select Period'.
Advanced Filters
You can further refine the displayed events according to specific filters. Following are available filters for 'Configuration Changes' logs and their meanings:
-
Action: Displays only the selected type of configuration change(s) like change in options, addition of objects, strings and so on.
-
Modifier: Displays only the configuration changes effected by the selected entity like the user, response to Antivirus, Firewall or Defense+ Alerts and so on.
-
Name: Displays only the configuration change with the name entered as search criteria.
-
Object: Displays only the configuration changes on addition or removal of selected objects.
To configure Advanced Filters for Configuration Changes Logs
-
Click the funnel button from the title bar or right click inside the log viewer module and choose 'Show Advanced Filter' from the context sensitive menu.
-
Select the filter from the 'Advanced Filter' drop-down and click 'Add' to apply the filter.
You can chose the category of filter from the 'Advanced Filter' drop-down. Each of these categories can be further refined by either selecting or deselecting specific filter parameters or by the user typing a filter string in the field provided.Following are the options available in the 'Add' drop down menu:
-
Action: The 'Action' option allows you to filter the log entries based on the actions executed like change in options, addition of objects, strings and so on. Selecting the 'Action' option displays a drop-down box and a set of specific filter parameters that can be selected or deselected.
-
Select 'Equal' or 'Not Equal' option from the drop-down box. 'Not Equal' will invert your selected choice.
-
Now select the checkboxes of the specific filter parameters to refine your search. The parameters available are:
- Object Added
- Object Changed
- Object Removed
- Option Changed
- String Added
- String Removed
For example, if you choose Equal in the drop-down and select 'Object Added' checkbox, then, only the log entries with the value 'Object Added' in the 'Action' column will be displayed.
-
Modifier: The 'Modifier' option allows you to filter the log entries based on the entity that is responsible for the configuration change. It can be the user or the response given to an alert. Selecting the 'Modifier' option displays a drop-down box and a set of specific filter parameters that can be selected or deselected.
-
Select 'Equal' or 'Not Equal' option from the drop-down box. 'Not Equal' will invert your selected choice.
-
Now select the checkboxes of the specific entities that has effected the change, to refine your search. The parameters available are:
- User
- Auto Learn
- Antivirus Alert
- Firewall Alert
- Defense+ Alert
- Behavior Blocker Alert
For example, if you have chosen Equal in the drop-down and selected 'Antivrius Alert ' checkbox, then, only the log entries related to the configuration changes effected by responses to Antivirus Alerts will be displayed.
-
Name: The 'Name' option allows you to filter the log entries by entering the name of the parameter changed. Selecting the 'Name' option displays a drop-down field and text entry field.
-
Select 'Contains' or 'Does Not Contain' option from the drop-down menu.
-
Enter the name of the change, partly or fully as filter criteria in the text box.
For example, if you choose 'Contains' option from the drop-down and enter the phrase 'surfer.exe' in the text field, then only the log entries containing the surfer.exe in the name column will be displayed.
-
Object: The 'Object' option enables you to filter the log entries related to the objects modified during the configuration change. Selecting the 'Object' option displays a drop down menu and the objects of CIS configuration, that can be selected or deselected.
-
Select 'Equal' or 'Not Equal' option from the drop down menu. 'Not Equal' will invert your selected choice.
-
Now select the check-boxes of the specific objects as filter parameters to refine your search. Scroll down the window to see all the parameters options.
For example, if you have chosen 'Equal' from the drop-down and selected 'Firewall: Mode ' checkbox, only the log entries related to the change of Firewall mode will be displayed.
Note: More than one filter can be added in the 'Advanced Filter' pane. After adding one filter type, select the next filter type and click 'Add'. You can also remove a filter type by clicking the 'X' button at the top right of the filter pane. |
- Click 'Apply' for the filters to be applied to the Configuration Changes log viewer. Only those entries selected based on your set filter criteria will be displayed in the log viewer.
- For clearing all the filters, open 'Advanced Filter' pane and remove all the filters one-by-one by clicking the 'X' button at the top right of each filter pane and click 'Apply'.