Mailreport filter syntax

st4t1c · Jan 24, 2014, 4:27 PM

Hello all,

i've been trying to get some notifications sent out from my pfsense box, and installed "mailreport"

it works fine, sending a daily email with System logs, and i can even narrow the results sent by using e.g "snort" so the message includes only relevant to snort rows.

the question is, can i narrow down the results even further? for e.g i need the rows that both have:

1. a certain IP, coming from snort
2. current date, coming from snort
etc.

i tried filters like:

snort && 192.168.1.1
snort, 192.168.1.1
snort, 'date +%b'
etc etc.

but if i put anything more than just "snort" the results are blank.

Any ideas on the syntax i could potentially use for filtering the logs??

jimp · Jan 30, 2014, 9:12 PM

The current date wouldn't be possible but if you want to filter in a couple ways you can, update to the most recent version of the mailreport package and this should work:

1. To do term1 and term2: term1.*term2|term2.*term1
2. To do term1 or term2: term1|term2

st4t1c · Jan 31, 2014, 12:28 PM

good stuff, thanks a lot!

now i'll go find a way to get a pfblocker report in the mail too!