Unable to concatenate -srcip and -dstip in the Get-FGTLogTraffic function.

Question

Unable to concatenate -srcip and -dstip in the Get-FGTLogTraffic function.

madonnassassina opened this issue a year ago · 6 comments

working command:

Get-FGTLogTraffic -vdom FW-ASL8 -type fortianalyzer -subtype forward -dstip 8.8.8.8 -rows 10 -since 1h | select srcip, dstip, dstport, proto, date, time, action | Format-Table

srcip dstip dstport proto date time action

172.23.100.21 8.8.8.8 53 17 2023-12-04 09:41:56 accept
172.23.100.21 8.8.8.8 53 17 2023-12-04 09:41:49 accept
172.23.100.21 8.8.8.8 53 17 2023-12-04 09:41:40 accept
172.23.100.21 8.8.8.8 53 17 2023-12-04 09:41:17 accept
172.23.100.31 8.8.8.8 53 17 2023-12-04 09:40:58 accept
172.23.100.21 8.8.8.8 53 17 2023-12-04 09:40:40 accept
172.23.100.21 8.8.8.8 53 17 2023-12-04 09:40:40 dns
172.23.100.21 8.8.8.8 53 17 2023-12-04 09:40:28 accept
172.23.100.21 8.8.8.8 53 17 2023-12-04 09:39:35 accept
172.23.100.21 8.8.8.8 53 17 2023-12-04 09:39:23 accept

not working command:

Get-FGTLogTraffic -vdom FW-ASL8 -type fortianalyzer -subtype forward -srcip 172.23.100.21 -dstip 8.8.8.8 -rows 10 -since 1h | select srcip, dstip, dstport, proto, date, time, action | Format-Table

Get-FGTLogTraffic: Parameter set cannot be resolved using the specified named parameters. One or more parameters issued cannot be used together or an insufficient number of parameters were provided.

Am I doing something wrong or is this how it's supposed to work?

In any case, is it possible to concatenate the source address and destination address on the Get-FGTLogTraffic function?

Is it possible to define networks? (e.g. 10.0.0.1/24)

Thank you in advance for your valuable support.

Answer 1 · 2023-12-04T10:34:14.000Z

Hi @madonnassassina

Actually parameter is exclusif... (sorry) but patch are welcome for enhance this support

for define an network

can you try like the GUI to use -srcip "10.0.0.1-10.0.0.254" ?

Answer 2 · 2023-12-04T11:00:23.000Z

Since the parameter is exclusive the only way is to filter at a later stage.

I confirm that -srcip 8.8.4.4-8.8.8.8 is working.

Thanks for your support.

Answer 3 · 2023-12-08T10:30:01.000Z

Since the parameter is exclusive the only way is to filter at a later stage.

I confirm that -srcip 8.8.4.4-8.8.8.8 is working.

Thanks for your support.

Ok strange because after a check, the GUI use different filter (srcip >= 8.8.4.4 and srcip <= 8.8.8.8)

i will look to add $customfilter parameter to set your own filter

Answer 4 · 2023-12-11T08:42:08.000Z

WORKING

Get-FGTLogTraffic -vdom FW-ASL8 -type fortianalyzer -subtype forward -dstip 8.8.8.8 -rows 10 -since 1h | select srcip, dstip, dstport, proto, date, time, action | Format-Table

srcip dstip dstport proto date time action

172.23.100.31 8.8.8.8 53 17 2023-12-11 09:36:27 accept
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:36:26 deny
172.23.100.21 8.8.8.8 53 17 2023-12-11 09:36:24 accept
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:36:18 deny
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:36:10 deny
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:36:01 deny
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:35:54 deny
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:35:46 deny
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:35:37 deny
172.23.100.21 8.8.8.8 53 17 2023-12-11 09:35:33 accept

WORKING

Get-FGTLogTraffic -vdom FW-ASL8 -type fortianalyzer -subtype forward -dstip 8.8.4.4-8.8.8.8 -rows 10 -since 1h | select srcip, dstip, dstport, proto, date, time, action | Format-Table

srcip dstip dstport proto date time action

192.168.11.15 8.8.8.8 1 2023-12-11 09:37:22 accept
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:37:22 deny
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:37:14 deny
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:37:07 deny
172.29.66.70 8.8.8.8 443 17 2023-12-11 09:37:02 accept
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:36:58 deny
172.24.52.22 8.8.8.8 443 6 2023-12-11 09:36:49 deny
172.29.66.24 8.8.8.8 53 17 2023-12-11 09:36:48 accept
172.23.100.21 8.8.8.8 53 17 2023-12-11 09:36:48 accept
172.23.100.21 8.8.8.8 53 17 2023-12-11 09:36:43 accept

NOT WORKING (descending interval)
Get-FGTLogTraffic -vdom FW-ASL8 -type fortianalyzer -subtype forward -dstip 8.8.8.8-8.4.4.4 -rows 10 -since 1h | select srcip, dstip, dstport, proto, date, time, action | Format-Table

Answer 5 · 2023-12-11T15:03:53.000Z

on the example you see only 8.8.8.8, you get also 8.8.4.4 ?

Answer 6 · 2023-12-11T15:33:16.000Z

Yes.

Get-FGTLogTraffic -vdom FW-ASL8 -type fortianalyzer -subtype forward -dstip 8.8.4.4-8.8.8.8 -rows 10 -since 1h | select srcip, dstip, dstport, proto, date, time, action | Format-Table

srcip dstip dstport proto date time action

172.23.100.21 8.8.8.8 53 17 2023-12-11 16:30:57 accept
172.24.52.22 8.8.8.8 443 6 2023-12-11 16:30:54 deny
172.24.52.22 8.8.8.8 443 6 2023-12-11 16:30:46 deny
172.24.52.22 8.8.8.8 443 6 2023-12-11 16:30:37 deny
172.24.52.22 8.8.8.8 443 6 2023-12-11 16:30:30 deny
172.24.52.22 8.8.4.4 443 6 2023-12-11 16:30:21 deny
172.24.52.22 8.8.4.4 443 6 2023-12-11 16:30:14 deny
172.24.52.22 8.8.4.4 443 6 2023-12-11 16:30:06 deny
172.24.52.22 8.8.4.4 443 6 2023-12-11 16:29:57 deny
172.24.52.22 8.8.4.4 443 6 2023-12-11 16:29:49 deny