Log filter issues



  • How can create a shell command to get output like that created by the shell menu 10) Filter Log command?

    Often when troubleshooting I want to see only very specific types of traffic.  (Sometimes there are 2 or 3 very noisy traffic streams that I don't want to see crowding out the stuff I do need to see.

    My ultimate goal is pipe this output to a python script with filters to make my own diagnostic tools.

    Jan 20 14:24:59 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,22738,0,DF,17,udp,58,192.168.1.10,192.168.1.1,39085,53,38
    Jan 20 14:24:59 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,22763,0,DF,17,udp,58,192.168.1.10,192.168.1.1,28735,53,38
    Jan 20 14:24:59 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,22764,0,DF,17,udp,58,192.168.1.10,192.168.1.1,23200,53,38
    Jan 20 14:25:07 guardian filterlog: 5,16777216,,1000000103,em1,match,block,in,4,0x0,,64,972,0,DF,6,tcp,60,192.168.1.10,127.0.0.1,46128,8081,0,S,1879826604,,29200,,mss;sackOK;TS;nop;wscale
    Jan 20 14:25:07 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,23255,0,DF,17,udp,58,192.168.1.10,192.168.1.1,28466,53,38
    Jan 20 14:25:07 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,23256,0,DF,17,udp,58,192.168.1.10,192.168.1.1,53000,53,38
    Jan 20 14:25:07 guardian filterlog: 5,16777216,,1000000103,em1,match,block,in,4,0x0,,64,11021,0,DF,6,tcp,60,192.168.1.10,127.0.0.1,46130,8081,0,S,1898760366,,29200,,mss;sackOK;TS;nop;wscale
    Jan 20 14:25:09 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,23631,0,DF,17,udp,58,192.168.1.10,192.168.1.1,28145,53,38
    Jan 20 14:25:09 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,23632,0,DF,17,udp,58,192.168.1.10,192.168.1.1,20585,53,38
    Jan 20 14:25:10 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,23688,0,DF,17,udp,58,192.168.1.10,192.168.1.1,29046,53,38
    Jan 20 14:25:10 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,23689,0,DF,17,udp,58,192.168.1.10,192.168.1.1,55639,53,38
    Jan 20 14:25:17 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,25197,0,DF,17,udp,58,192.168.1.10,192.168.1.1,37113,53,38
    Jan 20 14:25:17 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,25198,0,DF,17,udp,58,192.168.1.10,192.168.1.1,33959,53,38
    Jan 20 14:25:19 guardian filterlog: 66,16777216,,1000002642,em1,match,pass,in,4,0x0,,64,25291,0,DF,17,udp,328,192.168.1.10,192.168.1.1,68,67,308
    Jan 20 14:25:19 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,25312,0,DF,17,udp,58,192.168.1.10,192.168.1.1,56079,53,38
    Jan 20 14:25:19 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,25313,0,DF,17,udp,58,192.168.1.10,192.168.1.1,7411,53,38
    Jan 20 14:25:19 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,25343,0,DF,17,udp,58,192.168.1.10,192.168.1.1,42206,53,38
    Jan 20 14:25:19 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,25344,0,DF,17,udp,58,192.168.1.10,192.168.1.1,45558,53,38
    Jan 20 14:25:28 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,26571,0,DF,17,udp,58,192.168.1.10,192.168.1.1,50514,53,38
    Jan 20 14:25:28 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,26572,0,DF,17,udp,58,192.168.1.10,192.168.1.1,61492,53,38
    Jan 20 14:25:30 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,26610,0,DF,17,udp,58,192.168.1.10,192.168.1.1,13576,53,38
    Jan 20 14:25:30 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,26611,0,DF,17,udp,58,192.168.1.10,192.168.1.1,21392,53,38
    Jan 20 14:25:30 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,26614,0,DF,17,udp,58,192.168.1.10,192.168.1.1,35421,53,38
    Jan 20 14:25:30 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,26615,0,DF,17,udp,58,192.168.1.10,192.168.1.1,51175,53,38
    Jan 20 14:25:35 guardian filterlog: 72,16777216,,1000002665,lo0,match,pass,out,4,0x0,,64,10636,0,none,17,udp,40,127.0.0.1,127.0.0.1,47825,123,20
    Jan 20 14:25:35 guardian filterlog: 68,16777216,,1000002661,lo0,match,pass,in,4,0x0,,64,10636,0,none,17,udp,40,127.0.0.1,127.0.0.1,47825,123,20
    Jan 20 14:25:38 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,27043,0,DF,17,udp,58,192.168.1.10,192.168.1.1,39443,53,38
    Jan 20 14:25:38 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,27044,0,DF,17,udp,58,192.168.1.10,192.168.1.1,53848,53,38
    Jan 20 14:25:40 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,27187,0,DF,17,udp,58,192.168.1.10,192.168.1.1,19420,53,38
    Jan 20 14:25:40 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,27188,0,DF,17,udp,58,192.168.1.10,192.168.1.1,36849,53,38
    Jan 20 14:25:40 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,27191,0,DF,17,udp,58,192.168.1.10,192.168.1.1,36873,53,38
    Jan 20 14:25:40 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,27192,0,DF,17,udp,58,192.168.1.10,192.168.1.1,55697,53,38
    Jan 20 14:25:48 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,28280,0,DF,17,udp,58,192.168.1.10,192.168.1.1,57118,53,38
    Jan 20 14:25:48 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,28281,0,DF,17,udp,58,192.168.1.10,192.168.1.1,34196,53,38
    Jan 20 14:25:50 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,28470,0,DF,17,udp,58,192.168.1.10,192.168.1.1,50886,53,38
    Jan 20 14:25:50 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,28471,0,DF,17,udp,58,192.168.1.10,192.168.1.1,11355,53,38
    Jan 20 14:25:50 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,28473,0,DF,17,udp,58,192.168.1.10,192.168.1.1,30303,53,38
    Jan 20 14:25:50 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,28474,0,DF,17,udp,58,192.168.1.10,192.168.1.1,65395,53,38
    Jan 20 14:25:56 guardian filterlog: 72,16777216,,1000002665,lo0,match,pass,out,4,0x0,,64,56216,0,none,17,udp,40,127.0.0.1,127.0.0.1,38987,123,20
    Jan 20 14:25:56 guardian filterlog: 68,16777216,,1000002661,lo0,match,pass,in,4,0x0,,64,56216,0,none,17,udp,40,127.0.0.1,127.0.0.1,38987,123,20
    Jan 20 14:25:56 guardian filterlog: 72,16777216,,1000002665,lo0,match,pass,out,4,0x0,,64,32501,0,none,17,udp,40,127.0.0.1,127.0.0.1,19873,123,20
    Jan 20 14:25:56 guardian filterlog: 68,16777216,,1000002661,lo0,match,pass,in,4,0x0,,64,32501,0,none,17,udp,40,127.0.0.1,127.0.0.1,19873,123,20
    Jan 20 14:25:58 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,30184,0,DF,17,udp,58,192.168.1.10,192.168.1.1,28551,53,38
    Jan 20 14:25:58 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,30185,0,DF,17,udp,58,192.168.1.10,192.168.1.1,2082,53,38
    Jan 20 14:25:59 guardian filterlog: 75,16777216,,10000,em1,match,pass,in,4,0x0,,64,5069,0,DF,6,tcp,60,192.168.1.10,192.168.1.1,37404,80,0,S,3977725826,,29200,,mss;sackOK;TS;nop;wscale
    Jan 20 14:25:59 guardian filterlog: 75,16777216,,10000,em1,match,pass,in,4,0x0,,64,57780,0,DF,6,tcp,60,192.168.1.10,192.168.1.1,37406,80,0,S,315078116,,29200,,mss;sackOK;TS;nop;wscale
    Jan 20 14:26:00 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,30520,0,DF,17,udp,58,192.168.1.10,192.168.1.1,49805,53,38
    Jan 20 14:26:00 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,30521,0,DF,17,udp,58,192.168.1.10,192.168.1.1,55419,53,38
    Jan 20 14:26:00 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,30536,0,DF,17,udp,58,192.168.1.10,192.168.1.1,56292,53,38
    Jan 20 14:26:00 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,30537,0,DF,17,udp,58,192.168.1.10,192.168.1.1,4086,53,38
    Jan 20 14:26:05 guardian filterlog: 5,16777216,,1000000103,em0,match,block,in,4,0x0,,64,0,0,DF,17,udp,241,192.168.100.2,192.168.100.255,138,138,221
    Jan 20 14:26:05 guardian filterlog: 5,16777216,,1000000103,em0,match,block,in,4,0x0,,64,0,0,DF,17,udp,243,192.168.100.2,192.168.100.255,138,138,223
    Jan 20 14:26:05 guardian filterlog: 5,16777216,,1000000103,em0,match,block,in,4,0x0,,64,0,0,DF,17,udp,241,192.168.0.2,192.168.0.255,138,138,221
    Jan 20 14:26:05 guardian filterlog: 5,16777216,,1000000103,em0,match,block,in,4,0x0,,64,0,0,DF,17,udp,243,192.168.0.2,192.168.0.255,138,138,223
    Jan 20 14:26:09 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,32472,0,DF,17,udp,58,192.168.1.10,192.168.1.1,16552,53,38
    Jan 20 14:26:09 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,32473,0,DF,17,udp,58,192.168.1.10,192.168.1.1,42792,53,38
    Jan 20 14:26:10 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,32562,0,DF,17,udp,58,192.168.1.10,192.168.1.1,27708,53,38
    Jan 20 14:26:10 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,32563,0,DF,17,udp,58,192.168.1.10,192.168.1.1,16536,53,38
    Jan 20 14:26:10 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,32592,0,DF,17,udp,58,192.168.1.10,192.168.1.1,48330,53,38
    Jan 20 14:26:10 guardian filterlog: 100,16777216,,1468341693,em1,match,pass,in,4,0x0,,64,32593,0,DF,17,udp,58,192.168.1.10,192.168.1.1,44528,53,38
    
    

    I don't know if I am the only one that has this issue or if it would be widely useful feature, but I would love to see some way of creating a custom filter profile for the log displays.  I may not want to turn off logging because it may prevent me from noticing or troubleshoot a problem when it occurs, but often my dashboard (and log displays) on the GUI fill up with garbage.  (See below)

            Act 	Time 	IF 	Source 		Destination
    	Jan 20 14:41 	WAN 	192.168.0.12 	224.0.0.22	
    	Jan 20 14:41 	WAN 	192.168.0.1 	224.0.0.1	
    	Jan 20 14:39 	WAN 	192.168.0.12 	224.0.0.22	
    	Jan 20 14:39 	WAN 	192.168.0.1 	224.0.0.1	
    	Jan 20 14:38 	WAN 	192.168.0.2 	192.168.0.255:138
    	Jan 20 14:38 	WAN 	192.168.0.2 	192.168.0.255:138
    	Jan 20 14:38 	WAN 	192.168.100.2 	192.168.100.255:138
    	Jan 20 14:38 	WAN 	192.168.100.2 	192.168.100.255:138
    	Jan 20 14:37 	WAN 	192.168.0.12 	224.0.0.22	
    	Jan 20 14:37 	WAN 	192.168.0.1 	224.0.0.1	
    	Jan 20 14:35 	WAN 	192.168.0.12 	224.0.0.22	
    	Jan 20 14:35 	WAN 	192.168.0.1 	224.0.0.1	
    	Jan 20 14:32 	WAN 	192.168.0.12 	224.0.0.22	
    	Jan 20 14:32 	WAN 	192.168.0.1 	224.0.0.1	
    	Jan 20 14:30 	WAN 	192.168.0.12 	224.0.0.22	
    	Jan 20 14:30 	WAN 	192.168.0.1 	224.0.0.1	
    	Jan 20 14:28 	WAN 	192.168.0.12 	224.0.0.22	
    	Jan 20 14:28 	WAN 	192.168.0.1 	224.0.0.1	
    	Jan 20 14:26 	WAN 	192.168.0.12 	224.0.0.22	
    	Jan 20 14:26 	WAN 	192.168.0.1 	224.0.0.1
    
    

    Until I finish testing, I'm in a double NAT situation, so I'm stuck with all this crap on the port… I can easily filter it, but I can't get it off my dashboard without turning off logging that I need for testing.

    Any input is much appreciated


Log in to reply