Log file filtering

I'm using the Hardware Ethernet Tap to record the ethernet traffic to/from a device. During the recording I was using a pcap filter and I captured the packets causng an issue. I saved the log file but when I open the log file I get ALL the packet (a huge number of packets), not just the filtered ones.

Is it possible to apply the filter to the log file so as I can view the filtered packets only? Do I need some locked capability to apply the filter to the log files?

Thx

Max

Hi Massimo!

Indeed, the filter is currently implemented in the session only -- it should be transferred to the log plugin instead; this way, it will be there when you open a standalone log. We definitely will fix this in the upcoming release (scheduled for May). In the meantime, here's a workaround:

Create a fresh Ethernet Tap session and save it (let's say, in $HOME/ethernet-tap-1). This will create 3 files under $HOME/ethernet-tap-1:

  • ethernet-tap-1.njssn (main session configuration)
  • ethernet-tap-1.njlog (session log)
  • ethernet-tap-1.njcfg (other non-essential UI settings)

Close the session. Then, using any file manager, copy your original log file over ethernet-tap-1.njlog. Re-open this session, and it will use the original log file. Now filtering packets will be available -- together with all other actions of the Ethernet Tap session (e.g., capturing more data and appending it to the log).

Hope this works for you.

Once again, the issue with not being able to filter standalone Ethernet Tap/Pcap Sniffer logs will fixed in the next release.

Hi,

Thank you. The workaround worked perfectly. Waiting for the next release for implementation of the filtering feature for logs .

Max