Filter for ! not working

[david-drake]

I am trying to filter out any connection that contains action=accept... basically I don't want to pull any logs that are accepted.

When I change the filter to "action!=accept", it still pulls all actions including accept. The only way I've been able to get this working (slightly) is to specify "action=deny,drop,prevent"

Anybody else have this issue?

[adepasquale]

Not sure, this is the relevant code section:

fw1-loggrabber/fw1-loggrabber.c

Lines 2087 to 2120 in ab8e506

	/*
	* split filter string in arguments separated by ";"
	*/
	filterargument = strtok (filterstring, ";");
	while (filterargument != NULL)
	{
	/*
	* split argument into name and value separated by "="
	*/
	argumentvalue = strchr (filterargument, '=');
	if (argumentvalue == NULL)
	{
	fprintf (stderr, "ERROR: syntax error in rule argument '%s'.\n"
	" Required syntax: 'argument=value'\n",
	filterargument);
	return NULL;
	}
	argumentvalue++;
	argumentname = filterargument;
	argumentname[argumentvalue - filterargument - 1] = '\0';
	argumentvalue = string_trim (argumentvalue, ' ');
	argumentname = string_trim (argumentname, ' ');
	filterargument = strtok (NULL, ";");
	val_arr = NULL;
	if (argumentname[strlen (argumentname) - 1] == '!')
	{
	negation = 1;
	argumentname = string_trim (argumentname, '!');
	}
	else
	{
	negation = 0;
	}

negation variable is conditionally set based on the presence of = or !=.