cancel
Showing results for 
Search instead for 
Did you mean: 

Log filter with more than three variables does not give any result

Frostie_
Contributor

Log filter with more than three variables does not give any result

Hi all, 

back in version (I guess) 7.0 I created a log filter in the user access log to get all login-logout events for statistics.

id='AUT23278' or id='AUT22923' or id='AUT24326' or id='AUT23574' or id='AUT23457' or id='AUT22925' 

This worked fine.

 

Now (with 7.3R5), when I use this filter, I simply get no results. The same happens when using a differnt syntax

id=('AUT23278' or 'AUT22923' or 'AUT24326' or 'AUT23574' or 'AUT23457' or 'AUT22925')

Needless to say that there are much events within the log with one of these IDs :-)

 

If I reduces the variables down to three (for example id='AUT23278' or id='AUT22923' or id='AUT24326'), i get a result.

 

I did several tests with different variables (roles, realms, etc.) and the results were always the same.

If I use more then three variables, I get no result.

 

 

Does anyone know about this or can verify this?

 

Regards, 

 

Marc

 

 

4 REPLIES 4
Lilja_
Frequent Contributor

Re: Log filter with more than three variables does not give any result

Confirmed in 7.4R3





---------------------------------------------------
Please mark this post as 'accepted solution' if my input answers your question!
A kudo would be nice if you think I deserve it.
---------------------------------------------------
2 A/P clustered 6500, 7.4R9.1
2 A/P clustered 2500, 8.0R3.1 LAB
Frostie_
Contributor

Re: Log filter with more than three variables does not give any result

Ok. Thanks for testing.

Now its time for a ticket :-)

Frostie_
Contributor

Re: Log filter with more than three variables does not give any result

For your information, the Answer from Juniper Support .

-----------

This issue has been fixed in forthcoming 7.4R5 and 7.3R8 Version.

            ETA for 7.4R5 : 2nd Week of September.

            ETA for 7.3R8 : Last Week of September.

-----------



flip_pipe_
Frequent Contributor

Re: Log filter with more than three variables does not give any result

I also confirm that... manually adding items to the query or using the automatic from the logs... after the 3rd variable it returns: "Log file is empty or filtering returned no messages"

Running also 7.3R5