(1)設定要找尋記錄檔的類別,預設為0表示traffic,1表示event,如果要改搜尋event,使用以下指令
#execute log filter category 1
(2)限制顯示行數,最多1000行
#execute log filter view-lines 1000
(3)顯示目前的搜尋紀錄檔設定狀態
#execute log filter dump
(4)在event事件中,搜尋使用者admin在2024/11/11上午 07:30:00到17:00:00的系統事件
#exec log filter category 1
#exec log filter field user admin
#exec log filter field date 2024/11/11
#exec log filter field time 07:30:00-17:00:00
#exec log display
(5)清空搜尋設定
exec log filter reset
(6)找出traffice中,使用目的地IP、來源端的IP、目的地port與來源port、時間區間進行篩選
#exec log filter category 0
#execute log filter field srcip [SOURCE-IP-ADDRESS-OF-TRAFFIC]
#execute log filter field dstip [DESTINATION-IP-ADDRESS-OF-TRAFFIC]
#execute log filter field srcport [SOURCE-PORT-NUMBER]
#execute log filter field dstport [DESTINATION-PORT-NUMBER]
#exec log filter field date 2024/11/11
#exec log filter field time 07:30:00-17:00:00
#exec log display