Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to concatenate -srcip and -dstip in the Get-FGTLogTraffic function. #231

Closed
madonnassassina opened this issue Dec 4, 2023 · 6 comments
Closed

Unable to concatenate -srcip and -dstip in the Get-FGTLogTraffic function. #231

madonnassassina opened this issue Dec 4, 2023 · 6 comments

Comments

@madonnassassina
Copy link

working command:

Get-FGTLogTraffic -vdom FW-ASL8 -type fortianalyzer -subtype forward -dstip 8.8.8.8 -rows 10 -since 1h | select srcip, dstip, dstport, proto, date, time, action | Format-Table

srcip dstip dstport proto date time action

172.23.100.21 8.8.8.8 53 17 2023-12-04 09:41:56 accept
172.23.100.21 8.8.8.8 53 17 2023-12-04 09:41:49 accept
172.23.100.21 8.8.8.8 53 17 2023-12-04 09:41:40 accept
172.23.100.21 8.8.8.8 53 17 2023-12-04 09:41:17 accept
172.23.100.31 8.8.8.8 53 17 2023-12-04 09:40:58 accept
172.23.100.21 8.8.8.8 53 17 2023-12-04 09:40:40 accept
172.23.100.21 8.8.8.8 53 17 2023-12-04 09:40:40 dns
172.23.100.21 8.8.8.8 53 17 2023-12-04 09:40:28 accept
172.23.100.21 8.8.8.8 53 17 2023-12-04 09:39:35 accept
172.23.100.21 8.8.8.8 53 17 2023-12-04 09:39:23 accept

not working command:

Get-FGTLogTraffic -vdom FW-ASL8 -type fortianalyzer -subtype forward -srcip 172.23.100.21 -dstip 8.8.8.8 -rows 10 -since 1h | select srcip, dstip, dstport, proto, date, time, action | Format-Table

Get-FGTLogTraffic: Parameter set cannot be resolved using the specified named parameters. One or more parameters issued cannot be used together or an insufficient number of parameters were provided.

Am I doing something wrong or is this how it's supposed to work?

In any case, is it possible to concatenate the source address and destination address on the Get-FGTLogTraffic function?

Is it possible to define networks? (e.g. 10.0.0.1/24)

Thank you in advance for your valuable support.
@alagoutte
Copy link
Contributor

Hi @madonnassassina

Actually parameter is exclusif... (sorry) but patch are welcome for enhance this support

for define an network

can you try like the GUI to use -srcip "10.0.0.1-10.0.0.254" ?

@madonnassassina
Copy link
Author

Since the parameter is exclusive the only way is to filter at a later stage.

I confirm that -srcip 8.8.4.4-8.8.8.8 is working.

Thanks for your support.

@alagoutte
Copy link
Contributor

Since the parameter is exclusive the only way is to filter at a later stage.

I confirm that -srcip 8.8.4.4-8.8.8.8 is working.

Thanks for your support.

Ok strange because after a check, the GUI use different filter (srcip >= 8.8.4.4 and srcip <= 8.8.8.8)

i will look to add $customfilter parameter to set your own filter

@madonnassassina
Copy link
Author

WORKING

Get-FGTLogTraffic -vdom FW-ASL8 -type fortianalyzer -subtype forward -dstip 8.8.8.8 -rows 10 -since 1h | select srcip, dstip, dstport, proto, date, time, action | Format-Table

srcip dstip dstport proto date time action

172.23.100.31 8.8.8.8 53 17 2023-12-11 09:36:27 accept
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:36:26 deny
172.23.100.21 8.8.8.8 53 17 2023-12-11 09:36:24 accept
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:36:18 deny
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:36:10 deny
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:36:01 deny
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:35:54 deny
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:35:46 deny
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:35:37 deny
172.23.100.21 8.8.8.8 53 17 2023-12-11 09:35:33 accept

WORKING

Get-FGTLogTraffic -vdom FW-ASL8 -type fortianalyzer -subtype forward -dstip 8.8.4.4-8.8.8.8 -rows 10 -since 1h | select srcip, dstip, dstport, proto, date, time, action | Format-Table

srcip dstip dstport proto date time action

192.168.11.15 8.8.8.8 1 2023-12-11 09:37:22 accept
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:37:22 deny
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:37:14 deny
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:37:07 deny
172.29.66.70 8.8.8.8 443 17 2023-12-11 09:37:02 accept
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:36:58 deny
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:36:49 deny
172.29.66.24 8.8.8.8 53 17 2023-12-11 09:36:48 accept
172.23.100.21 8.8.8.8 53 17 2023-12-11 09:36:48 accept
172.23.100.21 8.8.8.8 53 17 2023-12-11 09:36:43 accept

NOT WORKING (descending interval)
Get-FGTLogTraffic -vdom FW-ASL8 -type fortianalyzer -subtype forward -dstip 8.8.8.8-8.4.4.4 -rows 10 -since 1h | select srcip, dstip, dstport, proto, date, time, action | Format-Table

@alagoutte
Copy link
Contributor

on the example you see only 8.8.8.8, you get also 8.8.4.4 ?

@madonnassassina
Copy link
Author

Yes.

Get-FGTLogTraffic -vdom FW-ASL8 -type fortianalyzer -subtype forward -dstip 8.8.4.4-8.8.8.8 -rows 10 -since 1h | select srcip, dstip, dstport, proto, date, time, action | Format-Table

srcip dstip dstport proto date time action

172.23.100.21 8.8.8.8 53 17 2023-12-11 16:30:57 accept
172.24.52.22 8.8.8.8 443 6 2023-12-11 16:30:54 deny
172.24.52.22 8.8.8.8 443 6 2023-12-11 16:30:46 deny
172.24.52.22 8.8.8.8 443 6 2023-12-11 16:30:37 deny
172.24.52.22 8.8.8.8 443 6 2023-12-11 16:30:30 deny
172.24.52.22 8.8.4.4 443 6 2023-12-11 16:30:21 deny
172.24.52.22 8.8.4.4 443 6 2023-12-11 16:30:14 deny
172.24.52.22 8.8.4.4 443 6 2023-12-11 16:30:06 deny
172.24.52.22 8.8.4.4 443 6 2023-12-11 16:29:57 deny
172.24.52.22 8.8.4.4 443 6 2023-12-11 16:29:49 deny

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alagoutte @madonnassassina