Filter Descriptions and Configuration

Select Action Filter

ID: select-action

This filter specification can be used to select only the firewall events that were permitted or denied.

Parameters

action_match

This parameter contains the action that should selected:

denied

Select only denied events.

permitted

Select only permitted events.

-

This is also a possible action when we can't determine from the log information if this event was denied or permitted.

Defaults to denied.

Select Source IP Filter

ID: select-from-ip

This filter specification can be used to select the packets coming from a particular host.

Parameters

ip-range

This parameter contains the regular expression that will be used to select packets coming from particular hosts. Only packets sent from a host matching that regexp will be included in the subreports. The match is done on the client IP address (not its hostname).

Defaults to .*.

Select Destination IP Filter

ID: select-to-ip

This filter specification can be used to select packets sent to a particular host.

Parameters

ip-range

This parameter contains the regular expression that will be used to select the packets sent to a particular host. Only packets sent to a host matching that regexp will be included in the subreports. The match is done on the host's IP address (not its hostname).

Defaults to .*.