I have a greyloga for a year, I need to find everyone who 1/10/2019
they entered the IP address 90...** where I can enter this IP address to search the entire database under the account of the address I am looking for
(addresses I gave an example)
2019-10-01 20:25:21.050
firewall,info rb_mikrotik: rb_mikrotik forward: in:WAN out:<pppoe1>, src-mac 0c:a4:02:20:20:01, proto TCP (ACK,FIN,PSH), 28.2.2.1:802->192.168.1.10:3902, NAT 198.16.64.45:802->(90.**.**.**.:39->198.16.64.45:802), len 231Sorry your writing is not really understandable.
How did you process the messages how are they stored and what part or field you want to search for?
I have the IP address of the page, I want to search for people who entered it, select the day and where to enter this IP address so that greylog searches for those people
you should read the documentation: http://docs.graylog.org/en/3.1/pages/queries.html
Maybe I’m stupid, but I didn’t find clear information and I am asking for help
I have an IP address e.g. 100.100.100.5 and an hour e.g. Monday 22:22
I need to find all the people on my network who came to this address at this time
you should really check the options you have in the UI …
select the absolute time that fits the timezone you are searching in. After that it really depends on the structure of your data how you search for the IP. If that information is only available in the message field or if it is also given in a dedicated field.
Maybe it’s not a clear IP address, so you have to search for *90.1.2.3*
AND set true the allow leading whitespaces in your config.
just search for it for the main search screen. click the little clock icon, select absolute, put in the from and to times, then in the query window type the IP address and hit enter.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.