Mailreport filter syntax
-
Hello all,
i've been trying to get some notifications sent out from my pfsense box, and installed "mailreport"
it works fine, sending a daily email with System logs, and i can even narrow the results sent by using e.g "snort" so the message includes only relevant to snort rows.
the question is, can i narrow down the results even further? for e.g i need the rows that both have:
1. a certain IP, coming from snort
2. current date, coming from snort
etc.i tried filters like:
snort && 192.168.1.1
snort, 192.168.1.1
snort, 'date +%b'
etc etc.but if i put anything more than just "snort" the results are blank.
Any ideas on the syntax i could potentially use for filtering the logs??
-
The current date wouldn't be possible but if you want to filter in a couple ways you can, update to the most recent version of the mailreport package and this should work:
1. To do term1 and term2: term1.*term2|term2.*term1
2. To do term1 or term2: term1|term2 -
good stuff, thanks a lot!
now i'll go find a way to get a pfblocker report in the mail too!
