Thread Info
  • Locked Locked
  • Replies 7 replies
  • Subscribers 4 subscribers
  • Views 15168 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Searching log files (multiple word search)

markcasey

Is it possible to perform multiple word searches?

For example, I want to search the content filter for the words "facebook.com" and "fbcdn.net". Is there a specific syntax or format I'm meant to use or does it simply use the exact term I enter into the search box? (so I'm limited to a single search term)

I'm essentially wanting something where I can enter "facebook.com OR fbcdn.net" and it then lists out all entries. At the moment I'd have to do two separate searches to do that.



This thread was automatically locked due to age.
  • Good question, Mark.  I wonder if something like this is available in the Report Manager...

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA

  • Hi

    This question is from 2008 but i'm facing the same issue with multi searches in the logs for my WebFilter.

    I'm trying to look for a bunch of Indicator of Compromise (IOC) domains for the past year.

    I tried the suggesting here https://www.sophos.com/en-us/support/knowledgebase/117278.aspx 

    (term1 | google.com)
    term1 | google.com
    term1 OR google.com

    Nothing worked, is multiple word search possible if not. is there a grep or zgrep command that can search the compressed archives?

  • in reply to NewImage

    Just doing some Googleing, if it can't be done from inside the web interface, navigate to /var/log/http/ then the year you want to search, and month, and do a 

    find -name \*.log.gz -print0 | xargs -0 zgrep "term1\|term2"    That is a \ followed by a | between the terms, no spaces

    Yeah that works, I just tried it with about 70 sites in the search, it takes about 35 seconds to search 1 month worth of archives of about 15MB each.

  • in reply to NewImage

    I would have thought that the first option would work on the 'Search Log Files' tab.  You can grep with that by enclosing it with ' like '(term1 | google.com)'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • in reply to BAlfson

    Hmm nope, 9.355-1

    Logging & Reporting -> View Log Files -> Search Log Files ->

    Select log file to search: Web Filtering

    Search term: 

    • '(term1 | google.com)' - Nothing
    • '(term1|google.com)' - Nothing
    • (term1 | google.com) - Nothing
    • (term1|google.com) - Nothing
    • '(google.com)' - Nothing
    • term1|google.com - Nothing
    • 'term1|google.com' - Nothing
    • `term1|google.com` - Nothing
    • google.com - Works :)
  • in reply to NewImage

    Just wondering if you found something that worked?

  • in reply to AZSysAdmin

    Nope I gave up, the command line worked well, I had it searching for 80 strings at a time with no issues.

Unfiltered HTML