Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    System log filter not filtering properly

    General pfSense Questions
    3
    7
    2.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      firewalluser
      last edited by

      The filter in the system log is not filtering properly.

      If I filter on 192.168.1.2, I see entries in the log for 192.168.1.2, 192.168.1.20 and 192.168.1.200.

      I tried using '192.168.1.2 ' ie a space after the 2, no joy, same is seen in ports filter, ie put a 5 in the port filter and it shows all ports with a 5 in it.

      2.2-RC (amd64)
      built on Fri Jan 16 11:53:08 CST 2015

      Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

      Asch Conformity, mainly the blind leading the blind.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        That works exactly as it should. Kindly read the linked PCRE manual to get exact match…

        1 Reply Last reply Reply Quote 0
        • F
          firewalluser
          last edited by

          Working as programmed and working as the user expects are two different things.

          Anyway having been through the http://php.net/manual/en/language.expressions.php and looking at the page source I see the ip address fields fields are text, so looking at this section
          "A very common type of expressions are comparison expressions. These expressions evaluate to either FALSE or TRUE. PHP supports > (bigger than), >= (bigger than or equal to), == (equal), != (not equal), < (smaller than) and <= (smaller than or equal to). The language also supports a set of strict equivalence operators: === (equal to and same type) and !== (not equal to or not same type). These expressions are most commonly used inside conditional execution, such as if statements."

          I'm wouldnt expect an equal or greater/less than to be used ie <= or >=, but I would expect an equal or not equal to be used, ie == or !==

          so I'm still  known the wiser as to how 192.168.100.200 is equal to 192.168.100.2 for example.

          The only thing I've learnt is php also supports ternary conditional operators.

          Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

          Asch Conformity, mainly the blind leading the blind.

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            I already linked the proper docs, which - btw - are linked from the logs page as well.  http://php.net/manual/en/language.expressions.php is totally irrelevant.

            1 Reply Last reply Reply Quote 0
            • F
              firewalluser
              last edited by

              Yeah I know theres a link just below the filter section, the thing is this is working more like an instring/substring function which has different behaviours.

              I'm sure this worked differently in v1.x, I'll have to go check.

              Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

              Asch Conformity, mainly the blind leading the blind.

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                It's working as it always has on 2.1.x and 2.2.

                When you filter, it's filtering not on an IP address as a distinct object, but matching the string.

                Think of it as "192.168.100.2", or ".192.168.100.2." to be more regex-like.

                If you want it to match only what you enter, anchor it and escape it in proper regex style. "^192.168.100.2$"

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 1
                • F
                  firewalluser
                  last edited by

                  Thats my bad, I should have realised it was regex cant remember last time I called it "regular expressions" so I was trying logical expression ie =+-<>&

                  The thing that threw me, is there are only 35 chars for the ip addresses which isnt enough space for ipv6.

                  Anyway for anyone else interested in how regex works, the link has some good examples to explain.
                  http://www.proftpd.org/docs/howto/Regex.html

                  or a quick overview can be seen below.

                  ^ caret matches the start of a string, eg ^192 will match all entries that start with 192, ^10 will match all entries that start with 10, although not relevant on this page, but in other applications ^&foo will match all entries that start with &foo and ^@domain will match all entries that start with @domain

                  $ dollar sign is similar but the opposite to caret in that its used to match the end of a string, eg 10$ will match all entries that finish with 10, @domain$ will match all entries that finish with @domain.

                  . period matches any single character eg 1.2 will match the 3 digit numbers  112, 122, 132, all the way up to 192, s.f will match any 3 letter word that starts with s and ends with f, eg saf, sbf, scf, sdf and so on.

                  open and closed square brackets will match any one or more entries containing the numbers, characters & symbols encapsulated in the square brackets. EG [192] will find all entries that have 1 and/or 9 and/or 2, [abc] will match all entries that contain a and/or b and/or c.

                  Numerics in square brackets can also contain a range eg [0-9] will match all entries that one or more of the numbers in the range specified inside the square brackets.

                  | Vertical pipe/bar is an either or operator eg ^192|21$ will match either all entries that start with 192 or all entries that finish with 21.

                  \ Backslash is used to prevent the special meaning of operators eg . will make . (period/fullstop) behave like a period/fullstop and not a single char match, hence the . in the example Jimp provided. ^ will prevent the caret operating as a match the start of a string eg ^foo will find all entries that contain ^foo.

                  ? question mark will match once or not at all, eg 19?2 will return 192 and 12 only, he?llo will return hello or hllo

                  • asterisk will match as many times as possible or not at all eg 192* will return 192, 19, 1922, 19222 and so on.
                  • will match at least once 192+ will return 192,1912, 1922, 1932 and so on.

                  *, +, ? are acted upon first, followed by any concatenations and then finally |

                  fwiw.

                  Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

                  Asch Conformity, mainly the blind leading the blind.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.