This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple search terms - Log files

Hi:

This is probably been answered but couldn't find it.

In a search of something like log files, is it possible to search for two terms, such as an IP address and a port number - like search for log entries with both a specific IP address and a port number, like search for 3.4.5.17 and 35352?

Also, possible to exclude things, like all log files with 2.3.4.17 as an IP address, except for those with port 35352?

I don't know if there's some syntax or not.

THANKS,

John s.

This thread was automatically locked due to age.

0 BarryG over 11 years ago

Hi, this is all possible with GREP on the shell, but I don't believe it's possible from the web interface.

Respond if you want grep examples.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 11 years ago

Just as you can use REGEX with grep, you also can on the 'Search Log Files' tab.

John, you could use, for example: srcip="3.4.5.17".*dstport="35352"

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 jskain over 11 years ago

That works like a charm. Thanks. I've got to learn more about regex. In the back of my mind I kind of wondered if that would work. I keep finding out more neat things about this box.

John s.

Homage Maximus Grandis Professorem Astaro
Cancel
Vote Up 0 Vote Down

Cancel