Hello,

I would like to know if I could do query the database directly for protocol filtering as I do with webpages reports.

The reason for this is that since Untangle reports are limited to 500 entries, I sometimes generate my own simple reports.

I've found that there is a table called n_protofilter_evt, that shows all blocked\passed events, but it doesn't show the source and destination IP\port.


Apologies if this has been answered before, I must have done a poor forum search.

...anyone ?

you need to join it with other tables to get more data, probably one of the "endp" tables or something like that

Sorry for the very late reply.

Dmorris, thanks for the help, I have no knownledge whatsoever about SQL queries, I've learned just the basics to get my reports going.


For anyone that has gotten stuck here, this is what I did to get protocol queries working :

SELECT pl_endp.c_client_addr, pl_endp.c_server_addr, pl_endp.c_server_port, n_protofilter_evt.protocol, n_protofilter_evt.blocked, n_protofilter_evt.time_stamp
FROM pl_endp
INNER JOIN n_protofilter_evt
ON pl_endp.event_id=n_protofilter_evt.pl_endp_id
WHERE protocol like '%<insert protocol here, ei. SSH>%'
ORDER BY n_protofilter_evt.time_stamp