10-31-2012 08:18 AM
I am trying to grep for an IP and result code (TCP_DENIED), but I'm not having any luck. My command line is as follws:
grep -e x.x.x.x*TCP_DENIED -i -t accesslogs
I've tried different variations such as leaving a space between the IP and TCP_DENIED and adding an * between the variables, but nu lick.
Can someone please provide the correct command for this?
Thx,
Jeff
10-31-2012 08:55 AM
Grep is "menuy"....
Just type "grep", hit enter, follow the prompts... I have seen reference to escaping out the periods in an IP address in the regex... (eg 192\.168\.0\.10)
Enter the number of the log you wish to grep.
[]> 1
Enter the regular expression to grep.
[]> 172.168.151.1
Do you want this search to be case insensitive? [Y]>
Do you want to search for non-matching lines? [N]>
Do you want to tail the logs? [N]> y
Do you want to paginate the output? [N]> y
Hope that helps.
Ken
10-31-2012 09:15 AM
Thx for the reply Ken.
I usually go through the prompts when using grep, but I know Ironport offers a command line for grep and that is what I am trying to use. I have searched for deailed documentation from Cisco on utlizing the grep command, but no luck yet.
10-31-2012 10:10 AM
After some Google searching and various attempts, I believe I have the correct syntax to grep multiple items as the following worked for me to grep both IP AND TCP_DENIED result code.
grep -e x.x.x.x.*TCP_DENIED -i -t accesslogs
11-15-2012 03:11 AM
Hi jwalzer,
If you leave space, grep will ignore anything followed by space and will consider only the first part as regex to be matched.
In your method, using something like 192.168.10.11.*TCP_DENIED will match 192.168.10.111-192.168.10.119 as well. What you need to do is simply use quotes as
grep -e "192.168.10.11 TCP_DENIED" -i -t accesslogs
Cheers!
Chetan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide