Using Filter





This is an example of input for the Filter fields on the main window. You need to use this program's unique expressions as explained below.


Check Boxes

Check the type of event you need. If you don't need this filter, leave them checked ( default state ).


Edit Boxes

Here you can specify the rules to define the events you need. If you want to define a rule for exclusion, input "!" ( for numbers ) or "!/" ( for Application Name & Rule Name ) in front of the characters.

Time

Time is the same filter that SPF's standard viewer provides, but the unit is hours. The number means the hours from the present. You can define a range using "-".

[exception]

"!24" = not in 24 hours

[range]

"24-48" = from 48 hours ago to 24 hours ago

"48-" = from the oldest event to 48 hours ago

IP

You can define a range omitting lower places.

[exception]

"!255.255.255.255" = the view won't display that events have IP address 255.255.255.255 ( broadcast )

[range]

"192.168.0." = 192.168.0.0 - 192.168.0.255

Port

You can define a range using "-". If you omit one side like "-5000" or "5000-", the rule defines the head is 0 and the end is 65535.

[exception]

"!80" = the view won't display events have port 80

[range]

"135-139"

"-5000" = 0 - 5000

App Name & Rule Name

The Filter searches App Name & Rule Name for the match of inputted string. Remember that this function performs a case-sensitive comparison of the string.

[search]

"ftp.exe" = the events with App or Rule Name including the string "ftp.exe"

[exception]

"!/Block_all" = the view won't display events which have App or Rule Name including the string "Block_all"


Top Page