How to use regex in pfsense firewall logs (GUI)
-
pfSense: 2.3.2-RELEASE-p1
How can I filter two ports in the firewall logs? I just can't figure it out.
Go to Status > System Logs > Firewall > Normal view > Advanced Log Filter to try. Like on the picture, I want to filter out every IP using ports 5223 and 993. But no result. I looked up in the regex doc, tried multiple combinations but nothing works. When I put one value, then there is no problem.
-
Remove the space.
What that is actualy filtering on is "5223 "|" 993"
-
Well thank you very much NOYB! Quick and efficient!
-
You're welcome.
It's an area of the system I'm very familiar with. ;) -
!(5223|993) In the source and/or destination ports.
-
So I am trying to filter on source IP 192.168.20.2 and it keeps pulling logs for IP ending with 2, 20, 222 etc.
I tried using "192.168.20.2" with double quotes like the example above (for ports) but its not working for me.
Any pointers will be appreciated!
-
@pm_13 said in How to use regex in pfsense firewall logs (GUI):
So I am trying to filter on source IP 192.168.20.2 and it keeps pulling logs for IP ending with 2, 20, 222 etc.
I tried using "192.168.20.2" with double quotes like the example above (for ports) but its not working for me.
Any pointers will be appreciated!
Beware : regex is part of the Darkmagic(tm) toolbox.
I'm no regex guru , but i think the "dots" are seen as an "any occurance" wildcard.
A guess: Try to "escape" the dots with a backslash.
Ie. 192\.168\.20\.2
/Bingo
-
@bingo600 said in How to use regex in pfsense firewall logs (GUI):
192.168.20.2
You are spot on and worked like a charm
Thanks a lot!!