Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
WesEvernden
Participant

R80.30 Log Query syntax - tcp(syn)

Hi,

The log query  tcp (syn)   returns my out of state log entries. What I would like to know is how this filter works so I can use the same technique for other advance queries. 

For example, in plain language: all out of state where TCP flags is not (FIN or RST)

I am using R80.30 SmartConsole. We don't have SmartEvent.

Thanks,

-Wes

 

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

I'm not familiar with that syntax.
When I try it in demo mode, I get lots of drops that aren't "out of state."
However, if you do tcp(!syn) then you get drops that are "out of state."
I don't think the relevant log fields are fully indexed, thus it's not clear how you'd pull out the entries that are not FIN or RST.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events