Live Logs - What filters?

Question

Curious as to what syntax can actually be provided in the "Filter:" field.
Sorry if this has been answered before, but I can't seem to find any info or guide on using the filter field.

If I try something like "Packet filter rule #1", the log just stalemates.
IP address filters work fine. Is this the only option we have with these logs? Would be nice to filter by specific firewall rules, port numbers, or allowed or dropped traffic.

Thanks,
-bt

This thread was automatically locked due to age.

BAlfson · Answer

Hi, and welcome to the User BB!

The syntax to use is REGEX. If you look in the actual Firewall log file, you will see that your filter term needs to be fwrule="1" instead of Packet filter rule #1.

Also, when posting a line from the firewall log, use the line from the full Firewall log file. Unlike the other Live Logs, the Firewall Live Log omits the details needed to analyze a problem.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA

BAlfson · Answer

This is the first I've seen your post, btank. You want Packetfilter logfiles on the Sophos UTM - Sophos Community . 
 I don't know of a way to use operators in the searches done from within WebAdmin. If you need to use them, you'll have to go to the command line. 
 Cheers - Bob