This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Joe_Kanaszka
Advisor
‎2025-06-24 01:22 PM
Jump to solution

Can't seem to add more than 3 filters in Smart Log

Hey all - 

 

I'm trying to dynamically add filters in Smart Log to filter some traffic.  I'll right click on an entry and the service I'm filtering and click "add to filter" & "OR NOT snmp", and so on...until I reach the 4th filter. 

It doesn't filter...

So in this example:

NOT service:https OR NOT service:domain-udp OR NOT service:igmp OR NOT service:snmp

 

So in the above filter, traffic with snmp as a service is still showing.

 

Any ideas?

0 Kudos
1 Solution

Accepted Solutions
JozkoMrkvicka
Authority
Authority
‎2025-06-24 11:59 PM
Jump to solution

Try this syntax (including brackets):

NOT (service:https OR service:domain-udp OR service:igmp OR service:snmp)

Kind regards,
Jozko Mrkvicka

View solution in original post

(1)
8 Replies
the_rock
Legend
Legend
‎2025-06-24 02:15 PM
Jump to solution

Hey brother,

Are you saying that filter does NOT work?

Andy

garrod
Contributor
‎2025-06-24 11:06 PM
Jump to solution

Hi,

Open TAC case or RFE, this command is not working in my R81.20 as well, Enhancement required for R&D Team

 

They able to work with

source:1.1.1.1 NOT destination:2.2.2.2 NOT destination: 3.3.3.3

or

source:1.1.1.1 OR destination:2.2.2.2 OR destination: 3.3.3.3

 

combing NOT and OR will not work

the_rock
Legend
Legend
‎2025-06-25 03:11 AM
In response to garrod
Jump to solution

That makes sense. I will confirm in my lab as well.

Andy

JozkoMrkvicka
Authority
Authority
‎2025-06-24 11:59 PM
Jump to solution

Try this syntax (including brackets):

NOT (service:https OR service:domain-udp OR service:igmp OR service:snmp)

Kind regards,
Jozko Mrkvicka
(1)
G_W_Albrecht
Legend Legend
Legend
‎2025-06-25 01:07 AM
In response to JozkoMrkvicka
Jump to solution

Right, same as my versions above - everything except service1, service 2. service3, service4

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
the_rock
Legend
Legend
‎2025-06-25 04:15 AM
In response to JozkoMrkvicka
Jump to solution

Thats it!

0 Kudos
Joe_Kanaszka
Advisor
‎2025-06-25 08:00 AM
In response to JozkoMrkvicka
Jump to solution

This works -

Thank you Jozko!

G_W_Albrecht
Legend Legend
Legend
‎2025-06-25 12:10 AM
Jump to solution

Logically, OR does not make any sense here: NOT service1 is everything except service1, including service2. NOT service2 includes service1, but not service2.

So either use:

NOT service:https AND NOT service:domain-udp AND NOT service:tunnel_test AND NOT service:igmp

When you use queries with more than one criteria value, an AND is implied automatically, so there is no need to add it.

NOT service:https NOT service:domain-udp NOT service:tunnel_test NOT service:igmp

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events