Re: Ironport grep questions...

IronportCJH · ‎06-11-2008

Hello,

I haven't had much experience with grep and less with the Ironport implementation of it, so I'm not sure if what I'm doing is possible or not!

Using the CLI grep, how would I determine the number of rejected connections after a particular time and or date?

The bits I think I'd grep on would be "grep -c -e" at the beginning, "Wed Jun 11" and "REJECT". Plus [[:space:]] in there somewhere.

The question is how to put it together...

Are the commands possible with Ironport grep documented anywhere?

Can anyone help?

Cheers,

Chris

kluu_ironport · ‎06-11-2008

You can use something like this:

grep -i -e "Jun 10.*Rejected" mail_logs

-i ---> means case insensitive
-e ----> allows for regular expression
.* ----> any characters

So, the above example searches for all Jun 10 entries that have Rejected.

If you wanted all June entries, then you'd do this:

grep -i -e "Jun .*Rejected" mail_logs

Hello,


I haven't had much experience with grep and less with the Ironport implementation of it, so I'm not sure if what I'm doing is possible or not!

Using the CLI grep, how would I determine the number of rejected connections after a particular time and or date? 

The bits I think I'd grep on would be "grep -c -e" at the beginning, "Wed Jun 11" and "REJECT". Plus [[:space:]] in there somewhere.

The question is how to put it together... 

Are the commands possible with Ironport grep documented anywhere?

Can anyone help?

Cheers,

Chris

IronportCJH · ‎06-12-2008

Thank you, kluu

Using grep -c -i -e "Wed Jun 11.*reject[[:space:]]" told me what I wanted to know...

staylor_ironport · ‎06-24-2008

Just adding my 2 cents worth but for some basic searching you can use "Findevent" which is a user friendly version.
But Grep is more powerful