Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ytlpsnet
New Contributor

How to search traffic log with multiple source ip addresses (more than 100 ip addresses)?

Is there any way that i can search for more than 100 ip addresses? What i do the searching in analyzer as below:

 

srcip=1.1.1.1 or srcip=2.2.2.2 or srcip=3.3.3.3

 

And this way will allow maximum 30 ip addresses to key into search field, so is there any way to search more 100 ip addresses at once?

8 REPLIES 8
ytlpsnet
New Contributor

I know there is enable column filter option, once you enabled it then you can filter only 1 ip address, i need more than that...

abelio

Hi,

You can use wildcard i.e, see attached screenshot

regards




/ Abel

regards / Abel
emnoc
Esteemed Contributor III

or even no range of address

 

vd=soc01 srcip=10.1.1.20-10.1.1.26

 

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Jim_FH
New Contributor III

Both suggestions above (Wild card and the IP range) are better that what I would have done :), but I would add that you can search by CIDR notation as well:

 

srcip=10.1.1.0/24

 

for example.

 

ytlpsnet

James.F.Holmes wrote:

Both suggestions above (Wild card and the IP range) are better that what I would have done :), but I would add that you can search by CIDR notation as well:

 

srcip=10.1.1.0/24

 

for example.

 

my source ip addresses are not under the same range...so i can't use wildcard or CIDR...all ip address is unique...

awasfi_FTNT

Hello,

 

It's easier to run a report filtered by the source IP addresses using comma separator.

You can add multiple IP addresses to the same srcip filter, however I'm not sure how many IP addresses the filter will accept. If the filter accepts lets say 50 IP addresses then add two srcip filters and split the IP list between them.

 

Regards,

AWASFI
ytlpsnet

awasfi wrote:

Hello,

 

It's easier to run a report filtered by the source IP addresses using comma separator.

You can add multiple IP addresses to the same srcip filter, however I'm not sure how many IP addresses the filter will accept. If the filter accepts lets say 50 IP addresses then add two srcip filters and split the IP list between them.

 

Regards,

comma separator is not working if you are refer to this...

 

awasfi_FTNT

Hello,

 

I mean use one of the default report or your custom report to get the information you want by filtering the report itself by the source IP addresses (Advanced settings tab):

http://help.fortinet.com/fa/faz50hlp/52/5-2-9/index.htm#FortiAnalyzer_529_Administration_Guide/1000_...

 

Regards,

AWASFI
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors