Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 928 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall Log Search Doesn't Work

busthead

Not sure what I'm doing wrong. I see "Country blocked" entries in the Live Log for today but when I search for them, I get no results. I've tried all iterations of the search term with and without quotes:



This thread was automatically locked due to age.
Parents
  • FormerMember
    +1 FormerMember

    Hi ,

    Thanks for reaching out to the Community! 

    Could you please change the search term to "GEOIP" and let me know if that works for you? 

    Thanks,

  • 0 in reply to FormerMember

    Yes, that works.

    That said, poor design for the Live Log to differ from Archived Logs. Just causes confusion.

  • FormerMember
    0 FormerMember in reply to busthead

    Hi ,

    The country blocking is the simplified term used in log viewer, in the backend it’s called GEOIP. 

    Looking into packet filter logs from the backend gave me the hint to use search term as "GEOIP". :) 

    Reference log entry:

    2021:04:13-00:55:31 h_patel-1 ulogd[7453]: id="2021" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (GEOIP)" action="drop" fwrule="60019" initf="eth0" outitf="eth1" srcmac="00:1a:8c:a9:77:3b" dstmac="00:1a:8c:f0:ef:00" srcip="192.xxx.xx.x" dstip="124.xxx.xx.x." proto="17" length="76" tos="0x10" prec="0x00" ttl="63" srcport="39473" dstport="123"

    I'm glad that it worked for you. 

    Thanks,

Reply
  • FormerMember
    0 FormerMember in reply to busthead

    Hi ,

    The country blocking is the simplified term used in log viewer, in the backend it’s called GEOIP. 

    Looking into packet filter logs from the backend gave me the hint to use search term as "GEOIP". :) 

    Reference log entry:

    2021:04:13-00:55:31 h_patel-1 ulogd[7453]: id="2021" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (GEOIP)" action="drop" fwrule="60019" initf="eth0" outitf="eth1" srcmac="00:1a:8c:a9:77:3b" dstmac="00:1a:8c:f0:ef:00" srcip="192.xxx.xx.x" dstip="124.xxx.xx.x." proto="17" length="76" tos="0x10" prec="0x00" ttl="63" srcport="39473" dstport="123"

    I'm glad that it worked for you. 

    Thanks,

Children
No Data
Unfiltered HTML