Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nflnetwork29
Advisor

possible to filter logs by geo location policy

can i create log filter that only shows traffic blocked "dropped" because of Geo-location inbound enforcement?

Log server is R81.10 

0 Kudos
7 Replies
CE_SE
Employee
Employee

You can simply use the search field for the specific country your looking for if you're tracking that specific rule. 

 

 

 

 

 

0 Kudos
the_rock
Champion
Champion

You can do something like this in log search:

src_country: "Israel"

You can apply same logic to dst country

dst_country: "China"

0 Kudos
nflnetwork29
Advisor

hmmm not working for me 

0 Kudos
the_rock
Champion
Champion

Not sure what to tell you then...I just did 3 filters on customer's environment and did below:

src_country: "Canada"

dst_country: "Canada"

dst_country: "China"

All 3 worked fine...can you attach a screenshot?

0 Kudos
CE_SE
Employee
Employee

I agree using the above search method is successful. 

 

the_rock
Champion
Champion

Well, works the same way, with or without the quotes : - )

0 Kudos
Amir_Senn
Employee
Employee

If you're using the new Geo Policy (In Access Control policy) I suggest you filter by rule name.

If you're not using the new Geo Policy I suggest to move to the new. It's better and future features would be available for it.

Here's how:

1) Go to Access Control policy

2) Add a new rule and in the source/destination you can click on the "+" , Import -> Updateable Objects... (see attached picture).

3) In the object, search for "GEO Locations", and further select the countries you wish to use in the rule. You can use multiple countries per rule.

4) Define action and in the track put the desired log level.

5) Install policy.

Kind regards, Amir Senn
0 Kudos