Logging: Enhanced log searching tools (Better search & filter)
I would like to see better and more granular search options/filters for log searching.
What if I'm interesting in a host only when it's a source and only when it goes to port 25 on another host. Today I can only give a simple search term and get way to much data back for it to be useful fast without spending too much time looking through the result.
I would like to search or filter log files by using multiple keyword such as searching log in search log files / web filtering by combining the 2 strings of IP and url to narrow down the scope of searching and results.
This feature will be part of the UTM 9.2 release which will enter public beta in September 2013 for GA release in November. Stay tuned!
Did this happen in 9.2? Logging is still a huge pain; it's nearly impossible to find what you are looking for. Source and Destination IP and Port seem like standard features in many other firewalls, and is nearly a requirement. We cant even export the logs to XLS/CSV and sort them that way. It's a huge pain.
I would add "saved searches", so you can have already predefined searches. As well as, chained searches. Protocol + IP / Mac address + port + Interface. Thanks.