Questions tagged [filter]
Usually related with text filtering of some kind, like logs. This may also refer to email filtering. Note that there are other tags that are more appropriate for network and spam filtering.
180
questions
80
votes
4
answers
218k
views
How to make wireshark filter POST-requests only?
How to make wireshark filter POST-requests only?
34
votes
1
answer
192k
views
tcpdump filter on network and subnet mask
I'm using the following tcpdump command:
tcpdump -w net75.out -s 0 host 65.207.95.222
I want to change the filter on the single host to be all addresses in the following subnet:
65.192.0.0/10
I ...
29
votes
6
answers
81k
views
How does ping know that my packets are filtered?
I'm customer of an Irish ISP, eircom, which has started censoring the pirate bay.
When I try to ping 194.71.107.15 which is the IP address of thepiratebay.com, I get this output:
PING 194.71.107.15 (...
27
votes
3
answers
18k
views
What is the difference between 0.0.0.0/0 and 0.0.0.0/1?
In the history, I mostly used 0.0.0.0/0 for "match every IP address". Recently, I saw a 0.0.0.0/1 subnet filter.
What is the difference between 0.0.0.0/0 and 0.0.0.0/1 and what's the ...
21
votes
5
answers
30k
views
Linux shell command to filter a text file by line length
I have a 30gb disk image of a borked partition (think dd if=/dev/sda1 of=diskimage) that I need to recover some text files from. Data carving tools like foremost only work on files with well defined ...
17
votes
1
answer
37k
views
How to prevent squid from caching and just filter?
I have set a proxy server on my network. I only want to filter the web traffic. So, I have Squid as a proxy and Qlproxy as the filter : http://www.quintolabs.com/qlicap_info.php
My server have only ...
12
votes
2
answers
14k
views
Filter tcpdump file AFTER capturing
I captured a really big tcpdump file which now always crashes my wireshark. It was captured with no filters and I need to apply some afterwards to make the file smaller.
Is this somehow possible?
11
votes
1
answer
6k
views
How to prevent IP spoofing using MAC and ebtables?
I am trying to create IP-MAC pairing rules in ebtables. There are few tutorials and related questions [1] available but I have kind of specific setting.
ENVIRONMENT:
I have many physical hosts. Each ...
8
votes
1
answer
29k
views
How to filter for HTTP 500 responses and their requests in Wireshark?
How do I filter for HTTP 500 responses and their requests in Wireshark?
I'm able to use http.response.code == 500 to find all the responses which got the return code 500 but I want to be able to see ...
7
votes
5
answers
25k
views
Wireshark filter to only capture Incoming Packets?
I am trying to setup a Filter (so my log files aren't massive) that will capture only incoming traffic. I have looked on http://wiki.wireshark.org/CaptureFilters but so far have been unable to find a ...
7
votes
2
answers
5k
views
Traffic shaping: tc filter catch all filter
How Can I configure a "catch all" filter with tc filter?
I tested with the following code but it gave me the error: "Unknown filter "1:100", hence option "protocol" is unparsable":
tc filter add ...
7
votes
5
answers
10k
views
Why are emails sent from my applications being marked as spam?
I have 2 web apps running on the same server. The first is www.nimikri.com and the other is www.hourjar.com. Both apps share the same IP address (75.127.100.175). My server is through a shared ...
7
votes
3
answers
4k
views
Rsync filter and ignore some directories [closed]
I'd like to rsync a directory that contains a Python 3 app on my server.
The directory has files I'm interested in: the files that end with .py
And there are the files I'd like to be ignored (these ...
6
votes
1
answer
7k
views
How are filters combined in syslog-ng?
If I've got an entry in syslog-ng
log {
source (src);
filter (filter1);
filter (filter2);
filter (filter3);
filter (filter4);
destination (all_log)
}
And, say filter4 is a very ...
6
votes
1
answer
227
views
How to filter settings within a GPO that only applies to Windows XP?
We have several GPOs containing many settings that have accumluated over time. I have spot-checked some of them and stumbled over settings that only apply to Windows XP (we exclusively run Vista and ...
6
votes
1
answer
1k
views
Reduce munin logging level
Munin is quite verbose, and logs a bunch of things into munin-graph.log, munin-html.log, munin-limits.log and munin-update.log at each run of munin-cron.
I already reduced munin-node logging level by ...
5
votes
2
answers
2k
views
Postfix is not rejecting recipients addresses when mailx is used
I have a problem with postfix to reject outgoing email for some address in blacklist.
This is my configure /etc/postfix/main.cf:
smtpd_recipient_restrictions =
check_recipient_access hash:/...
5
votes
4
answers
7k
views
Log every IP connecting on a system with iptables
Title says it all.
How can I, with iptables under Linux, log all IP connecting to a server?
As a little detail, I'd like to have only ONE entry in the log PER DAY PER IP.
Thanks :)
EDIT:
I ...
5
votes
1
answer
2k
views
Is null return path reliable indication of a bounce?
I have a mailbox that receives bounces as well as normal email (the latter includes messages from automated services). I want to filter out the bounces and forward them to another mailbox. Assume I ...
5
votes
2
answers
3k
views
Linux ldap authentication, pam_filter ignored
I've set up linux client authentication via ldap, it works.
I want to control user's access to several services by adding or removing different OUs for accounts. E.g., if user is allowed to login ...
4
votes
2
answers
10k
views
Server and network setup for a small private school
I help a local private school with a lot of their tech needs. So far, it's been on the order of repairing/installing office computers and helping manage the office network.
But now the administrator ...
4
votes
5
answers
7k
views
How do I remove (un-apply) a named filter from a Procurve switch port using the CLI?
EDIT: Edited my examples to reflect that I was indeed attempting this with the switch in "configure" mode. Still no joy.
EDIT: I've done some more searching on this issue. I just can't seem to see it ...
4
votes
1
answer
11k
views
More Searchfilters in AuthLDAPURL
Is it posible to have more then one searchfilter in AuthLDAPURL?
Example uid filter:
<Location /test/>
AuthType Basic
AuthName "Test"
AuthBasicProvider ldap
...
4
votes
2
answers
4k
views
Traffic shaping: tc filter attached to an HTB class?
Can I attach a tc filter to an HTB class rather than to an HTB qdisc?
For example:
tc class add dev $IF_LAN parent 1:100 classid 1:180 htb rate 19kbit ceil 2000kbit prio 4
where:
1:100 -> Is ...
4
votes
1
answer
11k
views
Transparent HTTP/HTTPS domain filtering proxy [closed]
I want to set up a transparent HTTP/HTTPS proxy to filter outbound requests based on destination hostname (domain). The proxy itself should be non-intrusive and just forward traffic, not decrypt/...
4
votes
8
answers
13k
views
Separate color from black-and-white pages for printing
My organization has a leased color printer. We pay a per-page cost to the lessor, and the color page cost is far greater than the black-and-white page cost. Our users are pretty good about selecting ...
3
votes
1
answer
4k
views
Fail2Ban Filter Errors
I'm trying to add two fail2ban filters, one for post flood and phpmyadmin brute force but i get the following errors.
logs:
fail2ban.filter : ERROR No 'host' group in '[[]client []] File does not ...
3
votes
3
answers
8k
views
Filter the output of a log file
Question
I've a log-File which display all console-logs of my website in the range of 10.Oct to 1.Nov, start with the logs of 10.Oct.
I need all logs from the range of 25.Oct until today.
The problem ...
3
votes
5
answers
3k
views
Limit Internet access to White-Listed Sites?
We have need for certain computers to have their Internet access limited to a list of sites, denying access to all others (white-listing).
Some of these sites use HTTPS, so the solution needs to ...
3
votes
1
answer
11k
views
How to configure postfix/dovecot setup to reject certain mail
I followed this (https://workaround.org/ispmail/squeeze/big-picture) tutorial to set up my mailserver and it works very well.
I'd like to be able to reject email from certain users or if it contains ...
3
votes
1
answer
5k
views
How can I use maildrop to forward a copy to another email address?
I have a postfix + virtual users setup. I have enabled maildrop as the delivery agent. How can I write a filter for a user so that if mail comes from a particular domain to that user a copy also goes ...
3
votes
1
answer
106
views
How do I check whether an administrator has viewed the security audit log?
A colleague and I have been discussing an IS audit demo on Windows.
One point we'd like to cover is that an administrative/high-privilege user should view the security log within X hours of a failure ...
3
votes
2
answers
6k
views
tc prio qdisc for priorization of mysql traffic
I am struggling with tc prio qdisc for a few hours now.
I have read the lartc Documentation, Examples and HowTos, but this whole thing is kinda new for me and somewhat confusing :)
So this is my ...
3
votes
1
answer
615
views
Toggle postfix on and off
There's probably an answer to this already, but I just can't figure out how to search for it correctly.
Situation:
We have a failover situation for two nodes, using keepalived, passing a floating IP ...
3
votes
1
answer
4k
views
Clearing out Barracuda 310 web filter DNS/site cache?
On my network I have a Barracuda 310 web filter installed. After an issue with our ISP suddenly interrupting our DNS service, we switched over to a more reliable DNS on all of our systems.
...
3
votes
0
answers
6k
views
How to filter ObjectName in Windows logs with Advanced XML Filtering?
I want to deploy a centralized log analysis tool on my domain.
I'm currently configuring Windows to audit a shared network drive (read, write, access attempt of domain users) to forward Windows events ...
2
votes
4
answers
14k
views
How can the SSDP protocol be filtered out of Wireshark view?
In Wireshark version 1.12.4, I am trying to filter out packet messages with an SSDP protocol. When I clicked the Expression button next to the Filter field, and selected "HTTP" (as Field Name) and "...
2
votes
1
answer
2k
views
Use Windows PowerShell to find and delete files from specific owner
Because of a ransomware attack (no big deal, all recovered from backup) I want to clean up the directories and sub directories on the network share where the attack happened to create a lot of ...
2
votes
2
answers
4k
views
PF: Block all, but one subnet firewall rule?
I'm trying to do something that I thought would be relatively simple: Block all the traffic to a test server, other than my company's subnet.
I've tried things along these lines (111.111.0.0 is my ...
2
votes
3
answers
778
views
How to filter a LDAP query for users which are authenticated? [closed]
I want to check if a user is authenticated right now for my Windows domain. For that I want to use an LDAP query. I learned that there is a group "Authenticated Users" (S-1-5-11) which might do the ...
2
votes
1
answer
573
views
Postfix address filtering
Is it possible to do sender address filtering within postfix itself? I want to block email where the sender and recipient are both [email protected] except in the case that the email was sent locally.
...
2
votes
2
answers
18k
views
Squid proxy_protocol_access with dstdomain acl
I'm configuring a squid proxy to work as a sort of a gateway for traffic egress.
The environment in which this is deployed has a client that makes a request through a load balancer which then sends it ...
2
votes
1
answer
1k
views
Block UDP traffic by rate/string-match on Windows 2008
I am administrating a Windows 2008 server (64-bit). It is being subjected to a focused set of DOS attacks where UDP packets are sent to a specific port and contain a specific string.
What I need to ...
2
votes
1
answer
209
views
Set up a Fax server to filter spam
At my work, we have a huge costly multi-function printer that does everything a printer can dream of. It is hooked up directly on a dedicated fax telephone line. Now we receive an increasing amount of ...
2
votes
1
answer
89
views
("remotely") Managing filters with Horde 3.3.13
I'm using Horde 3.3.13 (which is an old version I know) and uses the filters all the time.
I know that thunderbird, for instance, also support filters.
Is there a way to synchronize the filters on ...
2
votes
1
answer
660
views
Inaccurate bandwidth limiting in altq queues
I'm setting up an environment where I have one Linux server, one OpenBSD router and one Linux client and I want to be able to limit how much bandwidth the client should be able to use.
I've been ...
2
votes
1
answer
78
views
How to skip a message matching a certain pattern if it repeats more often than a limit?
Is it possible to stop a matching message if it appears more frequently than a given limit? I'd like to achieve something like this:
if $programname == "foo" and
$msg contains "bar&...
2
votes
2
answers
368
views
rsync all pdfs except in certain directories?
I'm trying hard to understand the rsync filter system, and it's completely baffling me.
I have the following "test" directory structure to try to make sense of it. With no filter options ...
2
votes
1
answer
1k
views
tc/netem filter explenation
Iam new to tc and i find it mighty confusing, i was able to find and bit understand little command flow, to issue delay on specific IP, but i dont tink it works properly - delaying all traffic ...
2
votes
2
answers
951
views
Powershell script - Find LogOn attribute - How from specific OU?
This is the PowerShell script I use to find the LogOn attribute from users in Active Directory.
Now rather than getting all users I want it to search only in a specific OU.
The domain looks like this: ...