To generate a traffic report applying filters on the CLI, use the following command:
> show log traffic query equal <value>
For Example:
> show log traffic query equal "(port.dst eq 443) or (port.dst eq 53) or (port.dst eq 445) and (action eq allow)"
Example with start and end times:
> show log traffic start-time equal 2013/07/18@13:12:19 end-time equal 2013/08/21@00:00:00 query equal "(port.dst eq 443) or (port.dst eq 53) or (port.dst eq 445) and (action eq allow)"
Sample output:
To determine the query string for a specific filter, follow the steps below:
On the WebGUI, create the log filter by clicking the 'Add Filter' icon.
Build the log filter according to what you would like to see in the report. For this example, we are generating traffic log report on port 443, port 53, and port 445 with action set to allow.
The filter string will appear on the filter bar as shown in the screenshot below: