Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ziggurat
Participant

SmartLog TLS filter

Hi guys

 

Hope someone can help. I'm looking to setup a filter on SmartLog that shows me all TLS 1.0 traffic but not TLS 1.2 traffic.


Is this filter correct?

Service:tls1.0 OR NOT Service:tls1.2

 

I tried AND instead of OR but that didn't work. When try just one or the other, the results seem to be same.

 

Many thanks

 

5 Replies
PhoneBoy
Admin
Admin

It seems like searching for service:TLS1.0 would show you only TLSv1.0 logs.
Is that not the case?

ziggurat
Participant

That's what I expected too, but when applied filter "Service:tls1.0" the log seemed to show the same traffic as filter "Service:tls1.2" - I began to wonder whether "Service:tls1.0" will show all traffic passing on 1.0 upwards.

 

I could be totally wrong but output seems the same with either filter. It's a head scratcher...

 

 

0 Kudos
PhoneBoy
Admin
Admin

Maybe @Dan_Zada or someone on his team knows, but this may not be supported.

ziggurat
Participant

Many thanks, I'll continue fiddling around with the filter. Who knows, maybe I'll stumble across the solution 🙂

0 Kudos
Mufaaa
Explorer

Hi, 
Did you find any solution to filter TLS version on SmartLog?
thanks

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events