Note: When exporting query results, you must set the results to an analysis mode not including Real-Time. The results can export for Last Hour or date/time range.
Procedure:
- Log in to the SMS from a client.
- On the top Navigation menu click Events.
- Select Inspection Events or Firewall Events from the left navigational tree.
- Configure and run an attack event query.
- Select an analysis mode not including Real-Time. The results can export for Last Hour or date/time range.
- On the menu bar, click File > Export Query Results. A Save dialog box displays.
- Select Export to Local File or Export to SMS.
- Enter the desired file name. If you are exporting the query to a local file, click Browse to select the directory in which you want to save the file.
- For Results Limit, enter an integer to limit the number of results that are exported. Enter 0 if you do not want to impose a limit.
- Select a Field Delimiter from the drop-down menu.
- Click Export.
The system saves the query results to a comma- or tab-delimited.csv file. If the query is exported to the SMS Web server, the report will be visible in the Reports section of the SMS Web home page from which you downloaded the SMS client installer.
Note: You cannot export queries when the Real-Time option is selected in the IPS Events screen.
Reference: SMS User Guide