Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ryan_Ryan
Advisor

Smartlog Query Syntaxes

Hi all,

 

can someone advise how I can get the most out of smartlog query bar, In smartview tracker I could add  a source filter for example: 172.16.0.0/12 in smart log i can add src:172.16.* but that is not good for specific subnet masks.

 

The other thing I miss is being able to add a filter for any non empty field, ie src:172.16.0.0/12 AND source username NOT blank

 

 

thanks!

 

 

0 Kudos
5 Replies
Tal_Paz-Fridman
Employee
Employee

Hi Ryan

You can refer to the Online Help which includes several examples:

https://sc1.checkpoint.com/documents/R80.30/SmartConsole_OLH/EN/html_frameset.htm?topic=zfFmGvPiAIUa...

 

It is also included in the Logging and Monitoring R80.30 Administration Guide:

https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_LoggingAndMonitoring_AdminGu...

 

HTH

Tal

Ryan_Ryan
Advisor

Thanks, unfortunately then it seems impossible as the documentation only shows suffixing with an asterisk.

 

I would have thought be able to search for a specific network would have been a fairly common requirement!

 

 

0 Kudos
Matthias_Kring
Contributor

 

As to the Networl 172.16.0.0/12, you can create a Network Object for this. Then use the Network object as query item.

For example:

2019-06-06_075211.jpg

 

2019-06-06_075439.jpg

 

0 Kudos
Dror_Aharony
Employee Alumnus
Employee Alumnus

Hi Ryan,

Searching for subnet suffix is possible, just as you wrote:

Try: src:172.16.0.0/12  or src:172.16.0.0/16

*I'll check the documentation.

 

Regarding Non-empty values, searching with * should work.

Try field:* (src_user_name:*)

 

0 Kudos
Ryan_Ryan
Advisor

thank you!!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events