06-24-2012 08:58 PM
Hello! Quick question ... When doing GREP from a cli what's the correct syntax to search for a particular ip address in the access log? I've tried the ip address, ip address in double quotes and single quotes but they either return empty search results or results that seem to match the first ocet only. I even tried a slash in front of the period but that doesn't work either.
Thanks!
Joe
ent from Cisco Technical Support iPhone App
Solved! Go to Solution.
06-25-2012 05:38 AM
The issue is the periods in the IP. A period will match any character in place of the period. For IP's type this in 10\.10\.6\.7 This is escaping the periods telling grep to look for the characater itself.
Christian Rahl
Customer Support Engineer
Cisco IronPort - Web Security Appliances
Cisco Technical Assistance Center RTP
United States Ironport: 1-877-641-IRON (4766)
06-25-2012 12:38 AM
Hello,
Easiest way is just to use the menu:
grep
1
IP address
Etc
However, grep ip-address accesslogs, should also work.
Thanks
Chris
06-25-2012 05:27 AM
Thanks Chris for the response. Unfortunately using the cli menu to grep an ip address out of the accesslogs doesn't seem to work. I realize that doing GREP does a search as a regular expression but I just tried it again and the command does return results but none seem to match the ip addresses I'm searching for. I've attached a screenshot.
If I grep for a single username or for a website it works just fine but doesn't work when grep'ing for an ip address.
Thanks,
Joe
06-25-2012 05:38 AM
The issue is the periods in the IP. A period will match any character in place of the period. For IP's type this in 10\.10\.6\.7 This is escaping the periods telling grep to look for the characater itself.
Christian Rahl
Customer Support Engineer
Cisco IronPort - Web Security Appliances
Cisco Technical Assistance Center RTP
United States Ironport: 1-877-641-IRON (4766)
06-25-2012 06:15 AM
Thanks Christian! That works great!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: