Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ytlpsnet
New Contributor

Created on ‎11-03-2016 11:15 PM

How to search traffic log with multiple source ip addresses (more than 100 ip addresses)?

Is there any way that i can search for more than 100 ip addresses? What i do the searching in analyzer as below:

 

srcip=1.1.1.1 or srcip=2.2.2.2 or srcip=3.3.3.3

 

And this way will allow maximum 30 ip addresses to key into search field, so is there any way to search more 100 ip addresses at once?

39103
0 Kudos
8 REPLIES 8
ytlpsnet
New Contributor

Created on ‎11-04-2016 03:03 AM

I know there is enable column filter option, once you enabled it then you can filter only 1 ip address, i need more than that...

18752
0 Kudos
abelio
SuperUser
SuperUser
In response to ytlpsnet

Created on ‎11-04-2016 08:01 AM

Hi,

You can use wildcard i.e, see attached screenshot

regards




/ Abel

regards / Abel
18752
0 Kudos
emnoc
Esteemed Contributor III
In response to abelio

Created on ‎11-04-2016 10:20 AM

or even no range of address

 

vd=soc01 srcip=10.1.1.20-10.1.1.26

 

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
18752
0 Kudos
Jim_FH
New Contributor III
In response to emnoc

Created on ‎11-04-2016 11:12 AM

Both suggestions above (Wild card and the IP range) are better that what I would have done :), but I would add that you can search by CIDR notation as well:

 

srcip=10.1.1.0/24

 

for example.

 

18752
0 Kudos
ytlpsnet
New Contributor
In response to Jim_FH

Created on ‎11-06-2016 04:41 PM

James.F.Holmes wrote:

Both suggestions above (Wild card and the IP range) are better that what I would have done :), but I would add that you can search by CIDR notation as well:

 

srcip=10.1.1.0/24

 

for example.

 

my source ip addresses are not under the same range...so i can't use wildcard or CIDR...all ip address is unique...

18752
0 Kudos
awasfi_FTNT
Staff
Staff
In response to ytlpsnet

Created on ‎11-09-2016 11:32 PM

Hello,

 

It's easier to run a report filtered by the source IP addresses using comma separator.

You can add multiple IP addresses to the same srcip filter, however I'm not sure how many IP addresses the filter will accept. If the filter accepts lets say 50 IP addresses then add two srcip filters and split the IP list between them.

 

Regards,

AWASFI
18752
0 Kudos
ytlpsnet
New Contributor
In response to awasfi_FTNT

Created on ‎11-09-2016 11:52 PM

awasfi wrote:

Hello,

 

It's easier to run a report filtered by the source IP addresses using comma separator.

You can add multiple IP addresses to the same srcip filter, however I'm not sure how many IP addresses the filter will accept. If the filter accepts lets say 50 IP addresses then add two srcip filters and split the IP list between them.

 

Regards,

comma separator is not working if you are refer to this...

 

sourceip.JPG
Preview file
19 KB
18752
0 Kudos
awasfi_FTNT
Staff
Staff
In response to ytlpsnet

Created on ‎11-10-2016 01:26 AM

Hello,

 

I mean use one of the default report or your custom report to get the information you want by filtering the report itself by the source IP addresses (Advanced settings tab):

http://help.fortinet.com/fa/faz50hlp/52/5-2-9/index.htm#FortiAnalyzer_529_Administration_Guide/1000_...

 

Regards,

AWASFI
18752
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.