how to separate source and destination ips on firewall statement such as below:
date time firewall: access-list network_in permitted udp source/d.d.d.d(p) -> des/d.d.d.d(p) hit-cnt 1 first hit
You can start like this:
.+source\/(?P<source_ip>(\d{1,3}\.){3}\d{1,3})\((?P<source_port>\d+)\) -> des\/(?P<des_ip>(\d{1,3}\.){3}\d{1,3})\((?P<des_port>\d+)\)
I used some very simple expression to match the IP, feel free to change it... I also identified the port, if you wish to use
it works!!! super thanks! 😄
You can start like this:
.+source\/(?P<source_ip>(\d{1,3}\.){3}\d{1,3})\((?P<source_port>\d+)\) -> des\/(?P<des_ip>(\d{1,3}\.){3}\d{1,3})\((?P<des_port>\d+)\)
I used some very simple expression to match the IP, feel free to change it... I also identified the port, if you wish to use