09-07-2021 10:07 PM - edited 09-28-2021 12:08 AM
Like the title says, is there a way to run a filter for a period of time, pull out a list of IPs, sort them, remove the duplicates with a count, and sort them by most popular?
This is a common omegle thing to do with syslog data, say you have a very permissive rule and you want to see what source IPs are being used by that rule. You could awk print the source IP column and filter it accordingly. How are you folks working with data like this?
09-27-2021 06:36 AM
@jackd I presume you are referring to the traffic log query engine on the farewell/Panorama and yes, it is not very advanced and distinct or uniq function are definitely missing.
We use external SIME solution with advanced queries capabilities, but for a small tasks I would export the logs and use Unix or some script to query them. You can also use the firewall local reporting engine to generate something similar. For example you can create a report on only unique source IPs hit count over a period of time, but this also has its limitation.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!