<![CDATA[Firewall log: exact IP match]]>Good evening community.
Since I've tried several ways with no positive result, I'm here to ask for a question.

On the "Advanced log filter" section:

b6f8468c-e1bb-4efb-89ce-afdbd04585c6-image.png

I'd like to retrieve matches for a specific IP, for example 192.168.174.1.

By putting 192.168.174.1 as Source IP Address:

f5a58b88-ca99-4856-8c3b-f4ca3adfe9c3-image.png

this is an example of the results:

c336c125-8930-4cba-8484-f245f7775cbc-image.png

which means of course that the last octect, "1", is threated as "contains" instead of "equals" value.

I'd like to understand how to obtain the results only related to 192.168.174.1, already tried:

192.168.174.1 (KO, same behaviour)
/\b192.168.174.1\b/ (KO, no logs to display)
^192.168.174.1$ (KO, no logs to display)

Any ideas?
Thank you for your support,
regards.
Giuseppe

]]>https://forum.netgate.com/topic/195904/firewall-log-exact-ip-matchRSS for NodeTue, 10 Mar 2026 01:06:49 GMTWed, 08 Jan 2025 15:55:54 GMT60<![CDATA[Reply to Firewall log: exact IP match on Mon, 13 Jan 2025 14:53:53 GMT]]>@jimp

Hi Jimp, I didn't post previous screen for security reasons, entries were present ;)
In any case, I tried your command for multiple grep matches and it works!
Thank you a lot!
Have a nice day.
Giuseppe

78ba2865-93fc-4e26-9605-e8e244f76a15-image.png

]]>https://forum.netgate.com/post/1202523https://forum.netgate.com/post/1202523Mon, 13 Jan 2025 14:53:53 GMT<![CDATA[Reply to Firewall log: exact IP match on Mon, 13 Jan 2025 14:01:27 GMT]]>What you posted there would work but maybe just didn't have any matches at the time you were watching. It's all just text output there, string parsing, nothing that would stop multiple grep commands from working.

To be more efficient, if you want to match lines with both strings, you should make one pattern that has both in the correct order:

: tail -f /var/log/filter.log | filterparser.php | grep 'block.*x\.x\.x\.x'

If you want to match multiple patterns (e.g. all blocks or all matches of that IP address) then you would use egrep or grep -e along with a pattern like '(block|x\.x\.x\.x|y\.y\.y\.y)' and it will match any of those patterns rather than requiring them all.

]]>https://forum.netgate.com/post/1202507https://forum.netgate.com/post/1202507Mon, 13 Jan 2025 14:01:27 GMT<![CDATA[Reply to Firewall log: exact IP match on Mon, 13 Jan 2025 09:19:48 GMT]]>@jimp
It works, thank you for your help!

Just a little more question if possibile:

To see logs in command line (realtime) I use:
tail -f /var/log/filter.log | filterparser.php | grep -w [ip address]

I noticed however that this command allows only 1 grep.

Is there a way to increase to at least 2 grep?
For example it should be useful to add:

tail -f /var/log/filter.log | filterparser.php | grep -w [ip address] | grep block

but as you may see there are no results.

2276fff5-5d2c-4eb1-a031-6ba5b4421212-image.png

Thanks,
Giuseppe

]]>https://forum.netgate.com/post/1202480https://forum.netgate.com/post/1202480Mon, 13 Jan 2025 09:19:48 GMT<![CDATA[Reply to Firewall log: exact IP match on Wed, 08 Jan 2025 18:24:37 GMT]]>They are regex fields, so 192\.168\.174\.1$ should exactly match the .1 address and only the .1 address. It works for me here, with or without the starting anchor (^). In this case you shouldn't need the start anchor but for an address with 1-2 numbers in the first octet, it could be necessary.

If that doesn't find anything then there may not be any matching logs for that one address at the time you searched.

]]>https://forum.netgate.com/post/1202044https://forum.netgate.com/post/1202044Wed, 08 Jan 2025 18:24:37 GMT