Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to use regex in pfsense firewall logs (GUI)

    General pfSense Questions
    5
    8
    2374
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • czar666
      czar666 last edited by

      pfSense: 2.3.2-RELEASE-p1

      How can I filter two ports in the firewall logs? I just can't figure it out.
      Go to Status > System Logs > Firewall > Normal view > Advanced Log Filter to try. Like on the picture, I want to filter out every IP using ports 5223 and 993. But no result. I looked up in the regex doc, tried multiple combinations but nothing works. When I put one value, then there is no problem.


      2.4.5-RELEASE-p1 (amd64)
      built on Tue Jun 02 17:51:17 EDT 2020
      FreeBSD 11.3-STABLE

      CPU: AMD Embedded G series GX-412TC
      1 GHz quad Jaguar core with 64 bit
      32K data + 32K instruction cache per core
      shared 2MB L2 cache.
      DRAM: 2 GB DDR3-1333 DRAM

      1 Reply Last reply Reply Quote 0
      • N
        NOYB last edited by

        Remove the space.

        What that is actualy filtering on is "5223 "|" 993"

        1 Reply Last reply Reply Quote 0
        • czar666
          czar666 last edited by

          Well thank you very much NOYB! Quick and efficient!

          2.4.5-RELEASE-p1 (amd64)
          built on Tue Jun 02 17:51:17 EDT 2020
          FreeBSD 11.3-STABLE

          CPU: AMD Embedded G series GX-412TC
          1 GHz quad Jaguar core with 64 bit
          32K data + 32K instruction cache per core
          shared 2MB L2 cache.
          DRAM: 2 GB DDR3-1333 DRAM

          1 Reply Last reply Reply Quote 0
          • N
            NOYB last edited by

            You're welcome.
            It's an area of the system I'm very familiar with.  ;)

            1 Reply Last reply Reply Quote 0
            • P
              pizzaman last edited by

              !(5223|993) In the source and/or destination ports.

              1 Reply Last reply Reply Quote 0
              • P
                PM_13 last edited by

                So I am trying to filter on source IP 192.168.20.2 and it keeps pulling logs for IP ending with 2, 20, 222 etc.

                I tried using "192.168.20.2" with double quotes like the example above (for ports) but its not working for me.

                Any pointers will be appreciated!

                bingo600 1 Reply Last reply Reply Quote 0
                • bingo600
                  bingo600 LAYER 8 @PM_13 last edited by bingo600

                  @pm_13 said in How to use regex in pfsense firewall logs (GUI):

                  So I am trying to filter on source IP 192.168.20.2 and it keeps pulling logs for IP ending with 2, 20, 222 etc.

                  I tried using "192.168.20.2" with double quotes like the example above (for ports) but its not working for me.

                  Any pointers will be appreciated!

                  Beware : regex is part of the Darkmagic(tm) toolbox.

                  I'm no regex guru , but i think the "dots" are seen as an "any occurance" wildcard.

                  A guess: Try to "escape" the dots with a backslash.

                  Ie. 192\.168\.20\.2
                  

                  /Bingo

                  If you find my answer useful - Please give the post a 👍 - "thumbs up"

                  pfSense+ 22.01 (ZFS)

                  QOTOM-Q355G4 Quad Lan.
                  CPU  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                  LAN  : 4 x Intel 211, Disk  : 250G EVO870 Sata SSD

                  P 1 Reply Last reply Reply Quote 1
                  • P
                    PM_13 @bingo600 last edited by

                    @bingo600 said in How to use regex in pfsense firewall logs (GUI):

                    192.168.20.2

                    You are spot on and worked like a charm 😂
                    Thanks a lot!!

                    1 Reply Last reply Reply Quote 1
                    • First post
                      Last post