cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

5682
Views
0
Helpful
4
Replies
Highlighted
Beginner

Multiple expressions on the grep command

I am trying to grep for an IP and result code (TCP_DENIED), but I'm not having any luck. My command line is as follws:

grep -e x.x.x.x*TCP_DENIED -i -t accesslogs

I've tried different variations such as leaving a space between the IP and TCP_DENIED and adding an * between the variables, but nu lick.

Can someone please provide the correct command for this?

Thx,

Jeff

Everyone's tags (3)
4 REPLIES 4
Engager

Re: Multiple expressions on the grep command

Grep is "menuy"....

Just type "grep", hit enter, follow the prompts...  I have seen reference to escaping out the periods in an IP address in the regex... (eg 192\.168\.0\.10)

Enter the number of the log you wish to grep.
[]> 1

Enter the regular expression to grep.
[]> 172.168.151.1

Do you want this search to be case insensitive? [Y]>

Do you want to search for non-matching lines? [N]>

Do you want to tail the logs? [N]> y

Do you want to paginate the output? [N]> y

Hope that helps.

Ken

Beginner

Multiple expressions on the grep command

Thx for the reply Ken.

I usually go through the  prompts when using grep, but I know Ironport offers a command line for grep and that is what I am trying to use. I have searched for deailed documentation from Cisco on utlizing the grep command, but no luck yet.

Beginner

Multiple expressions on the grep command

After some Google searching and various attempts, I believe I have the correct syntax to grep multiple items as the following worked for me to grep both IP AND TCP_DENIED result code.

grep -e x.x.x.x.*TCP_DENIED -i -t accesslogs

Cisco Employee

Multiple expressions on the grep command

Hi jwalzer,

If you leave space, grep will ignore anything followed by space and will consider only the first part as regex to be matched.

In your method, using something like 192.168.10.11.*TCP_DENIED will match 192.168.10.111-192.168.10.119 as well. What you need to do is simply use quotes as

grep -e "192.168.10.11 TCP_DENIED" -i -t accesslogs

Cheers!

Chetan

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here