Thread Info
  • Locked Locked
  • Replies 7 replies
  • Subscribers 4 subscribers
  • Views 15178 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Searching log files (multiple word search)

markcasey

Is it possible to perform multiple word searches?

For example, I want to search the content filter for the words "facebook.com" and "fbcdn.net". Is there a specific syntax or format I'm meant to use or does it simply use the exact term I enter into the search box? (so I'm limited to a single search term)

I'm essentially wanting something where I can enter "facebook.com OR fbcdn.net" and it then lists out all entries. At the moment I'd have to do two separate searches to do that.



This thread was automatically locked due to age.
Parents

  • Hi

    This question is from 2008 but i'm facing the same issue with multi searches in the logs for my WebFilter.

    I'm trying to look for a bunch of Indicator of Compromise (IOC) domains for the past year.

    I tried the suggesting here https://www.sophos.com/en-us/support/knowledgebase/117278.aspx 

    (term1 | google.com)
    term1 | google.com
    term1 OR google.com

    Nothing worked, is multiple word search possible if not. is there a grep or zgrep command that can search the compressed archives?

  • in reply to NewImage

    I would have thought that the first option would work on the 'Search Log Files' tab.  You can grep with that by enclosing it with ' like '(term1 | google.com)'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • in reply to BAlfson

    Hmm nope, 9.355-1

    Logging & Reporting -> View Log Files -> Search Log Files ->

    Select log file to search: Web Filtering

    Search term: 

    • '(term1 | google.com)' - Nothing
    • '(term1|google.com)' - Nothing
    • (term1 | google.com) - Nothing
    • (term1|google.com) - Nothing
    • '(google.com)' - Nothing
    • term1|google.com - Nothing
    • 'term1|google.com' - Nothing
    • `term1|google.com` - Nothing
    • google.com - Works :)
Reply
  • in reply to BAlfson

    Hmm nope, 9.355-1

    Logging & Reporting -> View Log Files -> Search Log Files ->

    Select log file to search: Web Filtering

    Search term: 

    • '(term1 | google.com)' - Nothing
    • '(term1|google.com)' - Nothing
    • (term1 | google.com) - Nothing
    • (term1|google.com) - Nothing
    • '(google.com)' - Nothing
    • term1|google.com - Nothing
    • 'term1|google.com' - Nothing
    • `term1|google.com` - Nothing
    • google.com - Works :)
Children
Unfiltered HTML