Thread Info
  • Locked Locked
  • Replies 7 replies
  • Subscribers 4 subscribers
  • Views 15177 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Searching log files (multiple word search)

markcasey

Is it possible to perform multiple word searches?

For example, I want to search the content filter for the words "facebook.com" and "fbcdn.net". Is there a specific syntax or format I'm meant to use or does it simply use the exact term I enter into the search box? (so I'm limited to a single search term)

I'm essentially wanting something where I can enter "facebook.com OR fbcdn.net" and it then lists out all entries. At the moment I'd have to do two separate searches to do that.



This thread was automatically locked due to age.
Parents

  • Hi

    This question is from 2008 but i'm facing the same issue with multi searches in the logs for my WebFilter.

    I'm trying to look for a bunch of Indicator of Compromise (IOC) domains for the past year.

    I tried the suggesting here https://www.sophos.com/en-us/support/knowledgebase/117278.aspx 

    (term1 | google.com)
    term1 | google.com
    term1 OR google.com

    Nothing worked, is multiple word search possible if not. is there a grep or zgrep command that can search the compressed archives?

  • in reply to NewImage

    Just doing some Googleing, if it can't be done from inside the web interface, navigate to /var/log/http/ then the year you want to search, and month, and do a 

    find -name \*.log.gz -print0 | xargs -0 zgrep "term1\|term2"    That is a \ followed by a | between the terms, no spaces

    Yeah that works, I just tried it with about 70 sites in the search, it takes about 35 seconds to search 1 month worth of archives of about 15MB each.

Reply
  • in reply to NewImage

    Just doing some Googleing, if it can't be done from inside the web interface, navigate to /var/log/http/ then the year you want to search, and month, and do a 

    find -name \*.log.gz -print0 | xargs -0 zgrep "term1\|term2"    That is a \ followed by a | between the terms, no spaces

    Yeah that works, I just tried it with about 70 sites in the search, it takes about 35 seconds to search 1 month worth of archives of about 15MB each.

Children
No Data
Unfiltered HTML