How to search for this?
I have logs collected with messages like this:
Where you see: 10.0.2.132, I want to create a search for records like this one where the IP address listed in the message is something like 10.0.1.200.Message : WEBFILTER_URL_BLOCKED: WebFilter: ACTION="URL Blocked" 10.0.2.132(55630)->199.127.194.195(443) CATEGORY="Enhanced_Internet_Radio_and_TV" REASON="by predefined category" PROFILE="Non_Managers-WF-Profile" URL=199.127.194.195 OBJ=/
Time : 11 Oct 2016, 15:22:03Host : 10.109.1.6Severity : warningFacility : DaemonSource : utmdUsername : -Remote Host : -LogonId : -Audit Id : -Logon Type : -Target Domain : -Target User : -User Pid : -Target Group : -UserName : -Group Id : -LogType : Unix
I don't seem to be able to crack the code to get just those records. Usually I get nothing.
I can filter on:
BLOCKED AND URL
and I get all of the records as above. Now I want to narrow the search down to a single IP address in the message.
How please? Simply extending the search to:
doesn't work. I get nothing.....BLOCKED AND URL AND 10.0.1.200
Topic Participants
Fred Marshall
Karthik Annavi
New to M365 Manager Plus?
New to M365 Manager Plus?
New to RecoveryManager Plus?
New to RecoveryManager Plus?
New to Exchange Reporter Plus?
New to Exchange Reporter Plus?
New to SharePoint Manager Plus?
New to SharePoint Manager Plus?
New to ADManager Plus?