I have a relatively simple question, which I am having a hard time finding the answer for both through forum searches and google.
We are new to EventSentry and currently running a test deployment with a trial license. So far so good! I have setup some basic monitoring of test-servers and a few network devices via syslog. Well, today I found myself needing to leverage the power of this software for the first time.
I am attempting to track down some rouge connections through a device sending syslog to the EventSentry server. However, the logs I am looking for are at the level of info. Manually scrolling through is out of the question as there are thousands of entries. My question is, how can I utilize the "message:" search functionality of EventSentry?
I have attempted the following: message:"192.168.6.27", message:[192.168.6.27], message:["192.168.6.27"] and message:192.168.6.27 - All of these searches came up blank, but I was able to find entries using my browser built-in search function.
I realize the software is using Query Parser Syntax and I have referenced THIS article for support but unfortunately neither really help in this situation.
Any help is appreciated!
Thank you in advance.
Best Answer
S
Steven Flowers
said
about 5 years ago
Hello,
When trying to search the message field, since you text (IP address) isn't going to match one to one, you'll have to use the wildcard so please try:
message:*IPaddress*
Does that give you the results you were looking for?
Steven
1 Comment
S
Steven Flowers
said
about 5 years ago
Answer
Hello,
When trying to search the message field, since you text (IP address) isn't going to match one to one, you'll have to use the wildcard so please try:
message:*IPaddress*
Does that give you the results you were looking for?
Ingmar Koecher
Hello,
I have a relatively simple question, which I am having a hard time finding the answer for both through forum searches and google.
We are new to EventSentry and currently running a test deployment with a trial license. So far so good! I have setup some basic monitoring of test-servers and a few network devices via syslog. Well, today I found myself needing to leverage the power of this software for the first time.
I am attempting to track down some rouge connections through a device sending syslog to the EventSentry server. However, the logs I am looking for are at the level of info. Manually scrolling through is out of the question as there are thousands of entries. My question is, how can I utilize the "message:" search functionality of EventSentry?
I have attempted the following: message:"192.168.6.27", message:[192.168.6.27], message:["192.168.6.27"] and message:192.168.6.27 - All of these searches came up blank, but I was able to find entries using my browser built-in search function.
I realize the software is using Query Parser Syntax and I have referenced THIS article for support but unfortunately neither really help in this situation.
Any help is appreciated!
Thank you in advance.
Hello,
When trying to search the message field, since you text (IP address) isn't going to match one to one, you'll have to use the wildcard so please try:
message:*IPaddress*
Does that give you the results you were looking for?
Steven
Steven Flowers
Hello,
When trying to search the message field, since you text (IP address) isn't going to match one to one, you'll have to use the wildcard so please try:
message:*IPaddress*
Does that give you the results you were looking for?
Steven
-
EventSentry SQL Backup
-
Freeing up disk space
-
"The RPC server is unavailable" when trying to add any computer.
-
How to remove a list of Servers/Agents using a CSV
-
Pros and Cons of Database in a container for EventSentry
-
PostgreSQL error
-
After installing trial with a collector, then removing the collector, Agents appear Disconnect or Frozen
-
Can EventSentry Light be used to monitor a phone server on my network?
-
Support for Windows Server 2019
See all 37 topics