Results 1 to 6 of 6
  1. #1
    Untanglit
    Join Date
    Jun 2018
    Posts
    29

    Default Filtering by country

    I'm trying to filter out (Russian Federation) from my Threat Prevention report. Most of that log is from Russia and being located in Canada, I don't expect a lot of traffic from Russia.
    I've created a new report from the original (Non-Web Blocked Events) report and am trying to add a filter to exclude Russia.
    I've tried (Client Country) !=, not like, is not, not in (Russian Federation) and nothing is filtering out Russia. What am I missing?

  2. #2
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,606

    Default

    If you don't expect traffic from Russia, I am wondering why TP is complaining about it so much?

    I am not the type that is going to silence the alarm permanently until I investigate what it is about...

    What is your Threat Prevention setting?

  3. #3
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,210

    Default

    Do you have entries with client = RU ?
    daves_nt_here and Jim.Alles like this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Untanglit
    Join Date
    Jun 2018
    Posts
    29

    Default

    It's set for "High Risk".
    In an hour, TP had blocked 7,000 connections. I would say, 90% of that is from Russia trying to access SMTP (port 25).
    So, it's doing it job but the sheer number of log entries makes it harder to scroll through so I thought I would make a modified copy of the report that doesn't show Russia so I can easily see what else is being blocked.

  5. #5
    Untanglit
    Join Date
    Jun 2018
    Posts
    29

    Default

    That did it. It now filters out all the Russian stuff.
    Didn't know I needed to use the country code [RU] and not what shows in the reports [Russian Federation]

    I added (Client Country != RU)

    Thanks jcoffin

  6. #6
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,210

    Default

    The JS code translates it into human readable text. For future reference: ISO country codes. https://en.wikipedia.org/wiki/ISO_3166-1
    daves_nt_here likes this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2