Logging filter issues?

Paul_Hagyard · ‎2016-04-07

The logging filters seem broken.

If I right click on interface eth1 (say) and select "add to filter" it adds "eth1" when it needs to add "interface:eth1".
If I right click on the rule column (e.g. 48) of a (recent) log entry and select "add to filter" it adds "rule:48" and finds no results. It appears to be incorrectly looking for the rule UUID, as using rule:UUID_number works. However, "rule" should use the number, and "rule_uid" should use the UUID_number...
It would be nice (it's not in the old SmartLog GUI either) if adding src/dst and typing would search for the text anywhere in the defined objects, not just from the start. eg: typing src:web001 should be able to find the object "y-s-web001"

Shahaf_Alfasi · ‎2016-04-13

Hi Paul,

1. Not all fields are indexed therefore if field is indexed the search will be on the field (<field name>:<field value>) if not search will be free text search.

2. Are you using R80 GA? the rule_id issue is known and should be fixed in GA

3. I'll forward your request and we'll consider it as RFE for next versions

Tal_Paz-Fridman · ‎2016-04-14

Hi Paul,

1| Regarding the Interface filter - I also ran into this issue. I have documented this issue so that it will be fixed by R&D.

2| Regarding the Rule number filter - I have tested this on several environments and it works properly for me.

Thanks for the inputs

Tal

Are you a member of CheckMates?

Logging filter issues?