I am trying to grep for an IP and result code (TCP_DENIED), but I'm not having any luck. My command line is as follws:
grep -e x.x.x.x*TCP_DENIED -i -t accesslogs
I've tried different variations such as leaving a space between the IP and TCP_DENIED and adding an * between the variables, but nu lick.
Can someone please provide the correct command for this?
Grep is "menuy"....
Just type "grep", hit enter, follow the prompts... I have seen reference to escaping out the periods in an IP address in the regex... (eg 192\.168\.0\.10)
Enter the number of the log you wish to grep.
Enter the regular expression to grep.
Do you want this search to be case insensitive? [Y]>
Do you want to search for non-matching lines? [N]>
Do you want to tail the logs? [N]> y
Do you want to paginate the output? [N]> y
Hope that helps.
Thx for the reply Ken.
I usually go through the prompts when using grep, but I know Ironport offers a command line for grep and that is what I am trying to use. I have searched for deailed documentation from Cisco on utlizing the grep command, but no luck yet.
After some Google searching and various attempts, I believe I have the correct syntax to grep multiple items as the following worked for me to grep both IP AND TCP_DENIED result code.
grep -e x.x.x.x.*TCP_DENIED -i -t accesslogs
If you leave space, grep will ignore anything followed by space and will consider only the first part as regex to be matched.
In your method, using something like 192.168.10.11.*TCP_DENIED will match 192.168.10.111-192.168.10.119 as well. What you need to do is simply use quotes as
grep -e "192.168.10.11 TCP_DENIED" -i -t accesslogs