Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dieter
New Contributor

filter on subnet in event handler

Something like

srcip==192.168.0.0/16

doesn't seem to be working in a generic text filter.

 

Is it at all possible any way ?

1 Solution
kylezhang_FTNT

For generic text filter, please try this: 

 

srcip ~ 192\.168\.[0-9]+\.[0-9]+

View solution in original post

4 REPLIES 4
kylezhang_FTNT

For generic text filter, please try this: 

 

srcip ~ 192\.168\.[0-9]+\.[0-9]+

dieter

Thanks

Didn't realize this uses regexp syntax. Manuals really don't mention anything...

chall_FTNT

Good point.  We have just made a note to update the section on Generic Text Filter to mention that it uses regex syntax.

Chris Hall
Fortinet Technical Support
rwpatterson

kylezhang wrote:

For generic text filter, please try this: 

 

srcip ~ 192\.168\.[0-9]+\.[0-9]+

I would actually use

srcip ~ 192\.168\.[0-9]{1-3}\.[0-9]{1-3}

 

The difference is the original would accept one or more characters in the last two octets where the latter will accept between one and three in each. Just a bit more control but less chance for false positives.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors