- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
I would like to run a query (something like NOT action:drop) on a list of unique IP addresses. I've looked through documentation and tried IP's with a space between, with "AND" (no quote marks) between. Neither worked.
Any advice is appreciated.
Log = single line of traffic.
Unique IP of either src/dst (usually).
try OR instead of AND (implicit AND) & let me know if this works out for you.
src:(X OR Y OR Z) NOT action:Drop.
or
src:X OR src:Y OR src:Z NOT action:Drop.
When you use queries with more than one criteria value, an AND is implied automatically, so there is no need to add it. Enter OR or other boolean operators if needed.
http://downloads.checkpoint.com/dc/download.htm?ID=65843
Hi resu,
Can you please share the exact queries that fail to find your desired results and exact R80.10 JHF-version?
Version: R80.10
Build: SmartConsole 991140013
I would like to query a list of unique IP addresses. So two (possible) queries might look like this (separated by a space, since the AND is implicit):
Query 1:
IP1 IP2 IP3
Query 2:
IP2 IP2 IP3 NOT action:drop
if both these queries fail (even without the NOT), only free-text IPs, then it's already fixed in the latest JHF.
for R80.10 only, you need to write either a src or dst. as a complete IP free-text wasn't supported.
Also, I think what you're looking for is an OR, not an AND here. (as you'll probably never have 3 unique IPs in the same log).
example: (src:X OR dst:X) OR (src:Y OR dst:Y)
then you can add: AND action:Drop.
Best to install the latest JHF anyway.
Apologies. I may have misunderstood how you define "log".
Does "log" mean a single line item of traffic? I was thinking of that as an "entry" or "record" but am happy to be corrected.
If "log" means a collection of rows of traffic events, then I would say that I see multiple IP's in a log all the time.
I'm using R80.30
Log = single line of traffic.
Unique IP of either src/dst (usually).
try OR instead of AND (implicit AND) & let me know if this works out for you.
src:(X OR Y OR Z) NOT action:Drop.
or
src:X OR src:Y OR src:Z NOT action:Drop.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 66 | |
| 22 | |
| 7 | |
| 6 | |
| 5 | |
| 4 | |
| 4 | |
| 3 | |
| 2 | |
| 2 |
Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY