Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Inverted search: Services>Suricata>Alerts>Alert Log View Filter

    Scheduled Pinned Locked Moved
    IDS/IPS
    2
    3
    162
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SandMouse
      last edited by

      Is there a way to use an inverted search with the Alert Log View Filter? I have for instance a lot of "Active Threat Intelligence Poor Reputation IP group #" among other warnings. I want to omit them from my search results. Any suggestions?

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by bmeeks

        The filter expressions should be evaluated as regular expression (regex). The use of that syntax would let you accomplish your goal. I believe you are wanting to filter on the Description field.

        Regex is the bane of my existence! I never have been successful commiting much of its syntax to memory, and everytime I need to do anything with regex I must head off to Google for examples.

        S 1 Reply Last reply Reply Quote 1
        • S
          SandMouse @bmeeks
          last edited by

          @bmeeks Thank you. Excellent suggestions. My head was too much in a GUI mode. Never would have thought of a regexe. I'll stretch my Google-Fu and see if I can come up with a nice one-liner. Cheers.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post