Results 1 to 3 of 3
  1. #1
    Untanglit
    Join Date
    Apr 2020
    Posts
    16

    Default Quickest way to report on specific domain

    Hi, am I missing a better way to quickly view all requests to a specific URL/Domain no matter what client - usually across timeframes spanning several days to a month. Sometimes I just want to quickly see all requests for www.searchdomain.com for the last 2 weeks etc

    Currently I do either (after selecting the timeframe):
    - Web Filter -> All Web Events -> Conditions -> Add -> More Conditions -> Table http_events -> Column [host] -> Add Column -> Operator 'like' %searchdomain% -> Apply

    OR

    - Web Filter -> All Web Events -> Settings -> SQL Conditions -> [host] Add -> 'like' %searchdomain% -> Save/Create report

    Is there a quicker way to do this as both of the above are quite slow? The Filter/Search box is perfect and fast but even with 50000 events selected it is easy to miss events that happened even a few hours or days ago depending on network activity.

    Also - not sure why I have to use % for the wildcard and not * like a lot of other places?


    Thanks!

  2. #2
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,856

    Default

    Quote Originally Posted by happpyg1 View Post
    not sure why I have to use % for the wildcard and not * like a lot of other places?
    It's passing your string raw on to the SQL database, and "%" has been the standard wildcard character for databases since at least 1986*.

    Now I'm also not thrilled about passing raw strings into an SQL database like this, either. It raises the spectre of potential SQL injection issues, authorized admin interface or not.

    =======

    * See Section 5.14, item 2(b) under General Rules on page 35.
    Last edited by jcoehoorn; 01-29-2021 at 10:29 AM.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.2 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  3. #3
    Untanglit
    Join Date
    Apr 2020
    Posts
    16

    Default

    That makes sense now, was just confusing initially as other areas you use the asterisk so wasn't consistent across the platform but like you say, this is an SQL query string so obviously different.

    Thanks!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2