cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9092
Views
0
Helpful
4
Replies

Multiple expressions on the grep command

jwalzer
Level 1
Level 1

I am trying to grep for an IP and result code (TCP_DENIED), but I'm not having any luck. My command line is as follws:

grep -e x.x.x.x*TCP_DENIED -i -t accesslogs

I've tried different variations such as leaving a space between the IP and TCP_DENIED and adding an * between the variables, but nu lick.

Can someone please provide the correct command for this?

Thx,

Jeff

4 Replies 4

Grep is "menuy"....

Just type "grep", hit enter, follow the prompts...  I have seen reference to escaping out the periods in an IP address in the regex... (eg 192\.168\.0\.10)

Enter the number of the log you wish to grep.
[]> 1

Enter the regular expression to grep.
[]> 172.168.151.1

Do you want this search to be case insensitive? [Y]>

Do you want to search for non-matching lines? [N]>

Do you want to tail the logs? [N]> y

Do you want to paginate the output? [N]> y

Hope that helps.

Ken

Thx for the reply Ken.

I usually go through the  prompts when using grep, but I know Ironport offers a command line for grep and that is what I am trying to use. I have searched for deailed documentation from Cisco on utlizing the grep command, but no luck yet.

jwalzer
Level 1
Level 1

After some Google searching and various attempts, I believe I have the correct syntax to grep multiple items as the following worked for me to grep both IP AND TCP_DENIED result code.

grep -e x.x.x.x.*TCP_DENIED -i -t accesslogs

Hi jwalzer,

If you leave space, grep will ignore anything followed by space and will consider only the first part as regex to be matched.

In your method, using something like 192.168.10.11.*TCP_DENIED will match 192.168.10.111-192.168.10.119 as well. What you need to do is simply use quotes as

grep -e "192.168.10.11 TCP_DENIED" -i -t accesslogs

Cheers!

Chetan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: