You are here

Useful Log Viewer filter patterns

This article contains a bunch of useful patterns that allow you to find specific types of messages or narrow down potential problems very quickly. If you like a certain pattern, you can store it persistently in the Configuration tab of the logviewer by clicking Edit.


Use Case

Filter Pattern or Component/Category

All logins including audit token and credentials
m:WR.* c:A.*(Setting audit token|Adding credentials)
All logins
m:WR.* c:A.*Setting audit token
All logouts
m:WR.* c:A.*Terminating session
All authentication API information

Component: Web-Requests

Category: Authentication

Change from cookie-based to SSL- session-ID-based session tracking
Using SSL session ID to track session
Changing SSL-session-id within same cookie session
Updating SSL session ID on session .*: Deleted|hijacked

All block reasons m:WR-SG-FILT-(002|020|021|44[0-3]|452)|m:WR-SG-REQH-043
Matched Deny Rules
m:WR-SG-FILT-4(55|60) c:Y Filter: Deny rule
Requests with status code 404
m:WR-httpd-200.*" 404 "
Requests with total request time > 1 second m:WR-httpd-200 .*ptime [1-9][0-9]*[0-9][0-9][0-9][0-9][0-9][0-9]
Requests with back-end response time > 1 second

m:WR-SG-SUMMARY .*BackendResponseTime: [1-9][0-9]*[0-9][0-9][0-9][0-9][0-9][0-9]

Apache Errorlog m:SY-httpd-500
Apache has reached max number of clients
m:SY-httpd-500 .*MaxClients
Apache crashes
m:SY-httpd-500 .* exit signal
Apache restarts
m:SY-httpd-500 .* (caught SIGTERM, shutting down |Apache/.* --)

Securitygate process behaviour
(Child processes|terminated )
All coredumps
Core dumped

All SSH logins (failed or successful) sshd.*(Failed|illegal|successful)
All Configuration Center logins (failed or successful) m:SY-bridge-(100|250) c:C Login
Knowledge Base Categories: