Hello. I would like to find specific traffic log by using CLI ( for example src IP, dst IP, dst Port, time...)
I found command 'fw log' but I can't use filter.
( also I have to use AND condition)
I tried to use grep command and pipe command. It did not work.
gw-18ee86> fw log -n -h
fw log [-f|-t] [-x start_pos] [-y end_pos] [-z] [-n] [-p] [-l] [-o] [-g] [-c action] [-h host] [-s starttime] [-e endtime] [-b starttime endtime] [-k (alert_type|all)] [-a] [-u unification_scheme_file] [-m (initial|semi|raw)] [logfile]
-f - Only in case of active log file - Upon reaching end of file, wait for new records and print them as well.
-t - Same as -f flag, only start at end of file.
-x - Start printing at the specified position.
-y - End printing at the specified position.
-z - Continue printing the next records, in case of an error. Default is to stop printing
-n - No IP resolving. Default is to resolve all IPs.
-p - No port resolving. Default is to resolve all ports.
-q - Show log header fields names.
-i - Show log Uid.
-l - Show date and time per log record. Default is to show the date above the relevant records, and then the time per log record.
-o - Show detailed log chains - all the log segments a log record consists of.
-g - Not delimited style. Default is ':' after field name and ';' after field value.
-c - Selection by action, e.g., accept, drop, reject, etc.
-h - Selection by origin, given as IP or name.
-s - Selection by start time. See format below. All records after the given time will be selected.
-e - Selection by end time. See format below. All records before the given time will be selected.
-b - Selection by time range. See format below. Start and End time are expected after the flag.
-k - Selection by specific alert type. Default is 'all' for any alert type.
-a - Select account records only. Default is print all records.
-u - Unification scheme file name. Default is log_unification_scheme.C.
-m - Unification mode: initial-order, semi-unified, or raw. Default is 'initial'.
logfile - Log file name. Default is the active log file, fw.log.
I use AWS Instance(R80.10) standalone model.