Cisco Cisco Firepower Management Center 4000

The System Log page does not allow the use of pipe characters for 

OR

 expressions. For example, if you 

use 

[word_1|word_2]

, you will receive an invalid filter error. 

The following table shows the regular expression syntax you can use in System Log filters:

The following table shows some example filters you can use on the System Log page.

Admin/Maint

Select 

.

The System Log page appears.

Enter a word or query in the 

 field. 

See the 

 table and the 

 table for more information 

about the filter syntax you can use.

.

Matches any character or white space

Admi.

 matches 

Admin

, 

AdmiN

, 

Admi1

, and 

Admi&

[[:alpha:]]

Matches any alphabetic character

[[:alpha:]]dmin

 matches 

Admin

, 

bdmin

, and 

Cdmin

[[:upper:]]

Matches any uppercase alphabetic character

[[:upper:]]dmin

 matches 

Admin

, 

Bdmin

, and 

Cdmin

[[:lower:]]

Matches any lowercase alphabetic character

[[:lower:]]dmin

 matches 

admin

, 

bdmin

, and 

cdmin

[[:digit:]]

Matches any numeric character

[[:digit:]]dmin

 matches 

0dmin

, 

1dmin

, and 

2dmin

[[:alnum:]]

Matches any alphanumeric character

[[:alnum:]]dmin

 matches 

1dmin

, 

admin

, 

2dmin

, and 

bdmin

[[:space:]]

Matches any white space, including tabs

Feb[[:space:]]29

 matches logs from February 29th.

*

Matches zero or more instances of the 
character or expression it follows

ab*

 matches 

a

, 

ab

, 

abb

, 

ca

, 

cab

, and 

cabb

[ab]*

 matches anything

?

Matches zero or one instances

ab?

 matches 

a

 or 

ab

.

\

Allows you to search for a character typically 
interpreted as regular expression syntax

alert\?

 matches 

alert?

.

Are generated on November 5

Nov[[:space:]]*5

Contain the user name “Admin”

Admin

Contain authorization debugging information on 
November 5

Nov[[:space:]]*5.*AUTH.*DEBUG