cp_log_export syslog config Filter FilterConfigura...

Support_Effia · ‎2021-06-30

Hi,

I want to use the file FilterConfiguration.xml and only export log from only one GW.

For that I want to use the filed name origin_sic_name

My file is look like that:

<filters>
        <filterGroup operator="and">
                <field name="action" operator="and">
                </field>
                <field name="origin" operator="and">
                </field>
                <field name="product" operator="and">
                </field>
        </filterGroup>
        <filterGroup operator="and">
                <filed name="origin_sic_name" operator="and">
                        <value operation="eq">CN=NAMEOFFW</value>
                </filed>
        </filterGroup>
</filters>

But it do not work and export all logs from our smartLog...

Can you help me please?

Regards.

PhoneBoy · ‎2021-07-02

I'm guessing the SIC name will be the full DN as listed in the SIC status of the relevant gateway object.
Why use that versus origin with the just the simple gateway object name?

genisis__ · ‎2021-07-03

I've done something like this where I exported only ThreatPrevention logs for specific gateways.

cp_log_export set name <LogServer> domain-server <DMS1> filter-blade-in "TP" filter-origin-in "a.a.a.a,b.b.b.b,c.c.c.c"
Note: The above adds entries into $EXPORTERDIR/targets/<name>/conf/FilterConfiguration.xml

Are you a member of CheckMates?

cp_log_export syslog config Filter FilterConfiguration.xml