...
- Free text search: "bwalth01" or "130.64.205.66"
- All Juniper VPN activity: deviceVendor contains "Juniper" AND deviceProduct = "Netscreen VPN"
- All traffic going to a particular IP: destinationAddress = "94.100.18.41"
- All traffic to a set of IP addresses: destinationAddress IN ["130.64.205.66","130.64.205.72","130.64.205.178"]
- All failed login attempts: categoryBehavior CONTAINS "Verify" AND categoryOutcome = "/Failure"
- Example Load Balancer log (for when you need Load Balancer specific searches): Sep 2 13:04:01 tab-dc-ndc-lb02-vip.net.tufts.edu tmm2[5279]: Rule Log-on-connect <SERVER_CONNECTED>: Client 130.64.112.132:34738 -> VIP: 130.64.112.133:80 -> Node: 10.246.108.5:80
Useful fields for narrowing down Logger queries:
...