How to use Packet Filter option for live logs?

Hello Bob, Thanks for the reply.

I had already tried same way earlier and now checked again, but still I am getting all logs and not filtered. Is there any specific way to enter filter?

As show in below screenshot, I've entered 4.2.2.2 and hit entered, but still it is showing all other logs

you get only new data filtered.
Some old unfiltered data are displayed at the start mostly.

Hello Dirk,

Prior setting up 4.2.2.2 as filter, I had reload the live logs which was not having any logs after it. How exactly after setting filter as 4.2.2.2, it is still showing 8.8.8.8 and other logs

Only 2-5 sec after setting the filter you should get unfiltered data.

... except the buffer is full and your browser loads these data at the moment

if you set the filter at 10:00:25 you should not get unfiltered data with timestamp after 10:00:30

I would try another browser first.

Hello Dirk,

Thanks for the update, you are right it takes some time to get filter displayed, but I've notice below points as well during my testing which is quite abnormal :-

1) If I set Filter as 1.1.1.1 and try to continuously ping 1.1.1.1 then sometime I am getting entry in firewall live logs (That too only 1 entry) and some time I am not getting entry i.e. If I am doing 10 ping there should 10 echo request and reply which is not their in my case ( ICMP Helper is disabled and Firewall is managing ICMP traffic )

2) Another noticeable thing, If I try to access 1.1.1.1 website then I am getting only SYN request and not complete flow, What should be reason for it? (Web Proxy is disable)

One of the unwritten rules here is "one topic per thread" - that's to make it easier for future members to find an answer to a question that's already been answered.  Using an appropriate title, please ask your second question in the appropriate forum.

Cheers - Bob

Hello Bob,

I think it is already in same discussion about the question which I had asked earlier and nothing new. Please help me to understand if I am asking something new in this thread. Just to add more on it, Original question was regarding Packet Filter option and query which I've posted later is regarding same that I tried to add filter as suggested by you and Dirk but facing some challenge so would like to get clarity.

1. Possible the SG see/handle multiple ping requests as one session...

2. You only see the first packet of a handshake. (it is also green, if the destination device don't exist )
The foll handshake you only see within tcpdump

dirkkotte said:

handle

Thanks for the update. Does anyone else has any update regarding my thread query? Do we have any list of filters option which we can use ?

You can use REGEX - REGular EXpressions in the 'Filter' box.

Cheers - Bob

You can use REGEX - REGular EXpressions in the 'Filter' box.

Cheers - Bob