Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
jberg712
Contributor

Searching for logs by country

Hi,

I'm trying to do some queries on the traffic to outbound to other countries.  I can't seem to do a query string that would show traffic by country.  Actually what i'm trying to do is look at the traffic that's NOT in the US.  We're looking at enhancing our GeoProtect policy, but i'm not able to figure out how to do so.  

One thing i've done is turned on Debug for SmartLog and I can see all the fields in the xml format and the dst_country is always coming up as "other".  Is this an issue or this something that can be fixed so this field can be used in searches?  Or is there a better way to search for traffic going to other countries and omit the ones I don't want to see?

Jonathan

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

We don’t log the actual country, if I recall.
What you see in SmartView is generated from a local IP to Country mapping.

Your best bet is to create an ordered layer that will generate a log if not in the US (or whatever countries you wish to exclude).
It should be after all your other layers. 
You can then see what log entries match that rule.

0 Kudos
jberg712
Contributor

So then would I need to know the IP range for the US and omit that in the destination?  or rather put that and do a negate cell to omit it?

0 Kudos
Sorin_Gogean
Advisor

You can search the logs based on country like in the screenshots:

Untitled.pngUntitled.png

 

 

0 Kudos