search

certego / fw1-loggrabber

FW1-Loggrabber is a command-line tool to grab logfiles from remote Checkpoint devices using OPSEC LEA (Log Export API)
GNU General Public License v2.0
52 stars 35 forks source link

Filter for ! not working #32

Open david-drake opened 7 years ago

david-drake commented 7 years ago

I am trying to filter out any connection that contains action=accept... basically I don't want to pull any logs that are accepted.

When I change the filter to "action!=accept", it still pulls all actions including accept. The only way I've been able to get this working (slightly) is to specify "action=deny,drop,prevent"

Anybody else have this issue?

adepasquale commented 7 years ago

Not sure, this is the relevant code section:

https://github.com/certego/fw1-loggrabber/blob/ab8e5064a125de8eb3c04e588ce87a0f006cf888/fw1-loggrabber.c#L2087-L2120

negation variable is conditionally set based on the presence of = or !=.