CLI grep command in AsyncOS 4.5
A late addition to AsyncOS 4.5 was the CLI "grep" command. Yes, it is a "hidden" command and we would like input from IronPort Nation on whether this is useful and what additions they would like to see to it. Here are a brief set of examples on its use:
boxster.mfg> help grep
grep -e regexp [-e regexp] [-i] [-p] [-t] log_name
Run the Unix grep command over the named log file.
Normally the grep will be run over all files in the
named log subscription. Using the -t option will run
the grep over a tail of the log file. Using the -i
option will ignore case sensitivities. Using the -p
option will paginate the output.
regexp - an extended grep expression
log_name - the name of the log file
Manually using grep will look like this:
boxster.mfg> grep
Currently configured logs:
1. "antivirus" Type: "Anti-Virus Logs" Retrieval: FTP Poll
2. "asarchive" Type: "Anti-Spam Archive" Retrieval: FTP Poll
3. "avarchive" Type: "Anti-Virus Archive" Retrieval: FTP Poll
4. "bounces" Type: "Bounce Logs" Retrieval: FTP Poll
5. "brightmail" Type: "Symantec Brightmail Anti-Spam Logs" Retrieval: FTP Poll
6. "case" Type: "Context Adaptive Scanning Engine" Retrieval: FTP Poll
7. "cli_logs" Type: "CLI Audit Logs" Retrieval: FTP Poll
8. "error_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll
9. "ftpd_logs" Type: "FTP Server Logs" Retrieval: FTP Poll
10. "gui_logs" Type: "HTTP Logs" Retrieval: FTP Poll
11. "mail_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll
12. "scanning" Type: "Scanning Logs" Retrieval: FTP Poll
13. "sntpd_logs" Type: "NTP logs" Retrieval: FTP Poll
14. "status" Type: "Status Logs" Retrieval: FTP Poll
15. "system_logs" Type: "System Logs" Retrieval: FTP Poll
Enter the number of the log you wish to grep.
[]> 11
Enter the regular expression to grep.
[]> MID
Do you want this search to be case insensitive? [Y]> n
Do you want to tail the logs? [N]>
Do you want to paginate the output? [N]>
For a single regular expression:
boxster.mfg> grep -e MID mail_logs
For multiple regular expressions:
boxster.mfg> grep -e MID -e RID mail_logs
For multiple regular expressions in the current log:
boxster.mfg> grep -e MID -e RID mail_logs -t
For multiple regular expressions in the current log with a case
insensitive match and paginate:
boxster.mfg> grep -i -e MID -e RID mail_logs -t -p
Grab a specific ICID line:
boxster.mfg> grep -e "ICID1238" mail_logs
Tue Oct 18 07:58:19 2005 Info: New SMTP ICID 1238 interface main (172.18.0.40) address 172.18.0.40 reverse dns host porky3.mfg verified yes
Tue Oct 18 07:58:19 2005 Info: ICID 1238 ACCEPT SG None match ALL SBRS rfc1918
Tue Oct 18 07:58:19 2005 Info: Start MID 211476 ICID 1238
Tue Oct 18 07:58:19 2005 Info: MID 211476 ICID 1238 From: <[email protected]>
Tue Oct 18 07:58:19 2005 Info: MID 211476 ICID 1238 RID 0 To: <[email protected]>
Tue Oct 18 07:58:19 2005 Info: ICID 1238 close
Look for DHAP connections:
boxster.mfg> grep -t -e "Dropping connection" mail_logs
Press Ctrl-C to stop.
Wed Oct 19 18:05:28 2005 Warning: LDAP: Dropping connection due to potential Directory Harvest Attack from host=('172.18.0.40', None), dhap_limit=5, sender_group=Default
Wed Oct 19 18:05:30 2005 Warning: LDAP: Dropping connection due to potential Directory Harvest Attack from host=('172.18.0.40', None), dhap_limit=5, sender_group=Default
Wed Oct 19 18:05:32 2005 Warning: LDAP: Dropping connection due to potential Directory Harvest Attack from host=('172.18.0.40', None), dhap_limit=5, sender_group=Default
Wed Oct 19 18:06:15 2005 Warning: LDAP: Dropping connection due to potential Directory Harvest Attack from host=('172.18.0.40', None), dhap_limit=5, sender_group=Default
Wed Oct 19 18:06:17 2005 Warning: LDAP: Dropping connection due to potential Directory Harvest Attack from host=('172.18.0.40', None), dhap_limit=5, sender_group=Default
(Been away from IPN for a while, catching up).
As a long time Unix sysadmin, I'm also a little frustrated by the locked down nature of AsyncOS, especially since I know that under the hood it's my particular Unix flavor of choice. For example, when I see the CPU stuck at or near 100%, I really want to fire up "top" and see what's soaking up the CPU. I had that problem recently and needed to make a tech support call for what turned out to be something I could have diagnosed myself had I just been able to use "top". I've also had times when direct access to "netstat" and "ifconfig -a" would have saved me a lot of trouble (like when someone changed the duplex setting on the switch port).
That said, I know that IronPort has some valuable intellectual property to protect from prying eyes. But it seems to me that a compromise could be reached. We don't need to be able to peek under every rock in order to have much improved sysadmin abilities.
Oh yeah, I like the "grep" command. :-) I've been wishing for that for quite a while.
Similar Messages
-
Is there a way to give two different regular expressions in a Grep command?
I am trying to search message logs from CLI. My search query which involves a regular expression is giving thousands of results. We need to further filter the results using another regular expression. Please let me know if we can put two regular expressions in the search query.
Below is how I use grep command: Can I use multiple regular expression separated by a "|" (pipe) symbol
Enter the regular expression to grep.
[]> MID 123456No - unfortunately - from the CLI on the ESA/SMA - the 'grep' command is not as intuitive as the unix/linux 'grep'. You would need to push logs off appliance, and then take advantage of an external OS in order to parse through the logs as definitively needed.
-Robert
(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!) -
When using the grep command for the mail_logs file I sometimes receive the message "Binary file (standard input) matches."
This does not always happen. Sometimes I'm able to use grep and receive the expected results. The problem seems to come and go.
Doing it via the command line or stepping through the setup (i.e. grep > 14 (mail_logs) > expression > ...) will show the same "Binary file (standard input) matches" message.
Thank you for any help ahead of time.
(btw - this is for a C350)Current Version
===============
Model: C350
Version: 6.5.2-101
Build Date: 2009-05-28
Install Date: 2009-06-09 17:46:52
Serial #: xxxxxxxxxxxxxx
BIOS: 1.2.1I
RAID: 1.00.01-0088, MT23, 1.02-007
RAID Status: Optimal
RAID Type: 1
BMC: 1.27
> grep
Currently configured logs:
1. "QMaticLog" Type: "Domain Debug Logs" Retrieval: FTP Poll
2. "antispam" Type: "Anti-Spam Logs" Retrieval: FTP Poll
3. "antivirus" Type: "Anti-Virus Logs" Retrieval: FTP Poll
4. "asarchive" Type: "Anti-Spam Archive" Retrieval: FTP Poll
5. "authentication" Type: "Authentication Logs" Retrieval: FTP Poll
6. "avarchive" Type: "Anti-Virus Archive" Retrieval: FTP Poll
7. "bounces" Type: "Bounce Logs" Retrieval: FTP Poll
8. "cli_logs" Type: "CLI Audit Logs" Retrieval: FTP Poll
9. "error_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll
10. "euq_logs" Type: "IronPort Spam Quarantine Logs" Retrieval: FTP Poll
11. "euqgui_logs" Type: "IronPort Spam Quarantine GUI Logs" Retrieval: FTP Poll
12. "ftpd_logs" Type: "FTP Server Logs" Retrieval: FTP Poll
13. "gui_logs" Type: "HTTP Logs" Retrieval: FTP Poll
14. "mail_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll
15. "reportd_logs" Type: "Reporting Logs" Retrieval: FTP Poll
16. "reportqueryd_logs" Type: "Reporting Query Logs" Retrieval: FTP Poll
17. "scanning" Type: "Scanning Logs" Retrieval: FTP Poll
18. "slbld_logs" Type: "Safe/Block Lists Logs" Retrieval: FTP Poll
19. "sntpd_logs" Type: "NTP logs" Retrieval: FTP Poll
20. "status" Type: "Status Logs" Retrieval: FTP Poll
21. "system_logs" Type: "System Logs" Retrieval: FTP Poll
22. "trackerd_logs" Type: "Tracking Logs" Retrieval: FTP Poll
23. "updater_logs" Type: "Updater Logs" Retrieval: FTP Poll
Enter the number of the log you wish to grep.
[]> 14
Enter the regular expression to grep.
[]> 23083882
Do you want this search to be case insensitive? [Y]>
Do you want to tail the logs? [N]>
Do you want to paginate the output? [N]>
Binary file (standard input) matches
> grep 23083882 mail_logs
Binary file (standard input) matches
Hopefully this is everything you were looking for. If not, let me know. -
A Unix question: grep command
Hi all,
I have a directory which contains more directories, and each directory has more directories inside, which in turn may or may not contain Java files. I need to use the grep command in the way that from the first directory goes into the directories recursively, finds the Java files and tell me what files have the PATTERN= "Basic Import Validation".
I used the grep like this, but guess its wrong since haven't received any response so far. Can sb. please tell me if I've used the command correctly or how should I change it? Any help is greatly appreciated.
dir> grep -r --include="Basic Import Validation" *.javaI gues the reason this isn't working for you isthat
-r means "process all subdirectories of any
directories listed in the command line args."
grep never sees the *.java that you supply. Theshell
grabs that and expands it to list all the .javafiles
in the pwd.If you can, would you please explain a little more,
what you meant by above?
grep whatever *.java When you type that command, your shell (bash, zsh, ksh, tcsh, etc.) is the program that receives that string on its standard input--like Java's System.in. The shell sees *.java and expands it into a list of all the .java files in the current directory. Then the shell invokes grep, and passes on the list of those java files.
But the list of .java files in the pwd has nothing to do with any java files that might be in subdirs.
If you use the -r arg, it seems that, in the list of "files" (where you put *.java), if any of those "files" are in fact directories, then -r means to look in files in that dir and its subdirs, rather than treating that arg as a file to examine.
So you'd put . (dot) as your current dir, and then use the --include to tell grep which files to process and which to ignore.
I'm sure about the shell expanding *.java. I'm not completely sure about my interpretation of -r and --include, but I'm pretty confident that's right.
As you said, the way I used grep, didn't return any
result. Your solution however, gave me results and
found the Java files containing the PATTERN. Thanks a
lot.You're welcome.
If you're still interested, it's probably worth trying out my slight modification to your original solution. If it works, it's a bit cleaner and simpler. -
Hi all,
I having problem getting the output of grep command in Linux (Red Hat 9.0).
At the same time, I am able to get the output of cat command.
Using the output of cat command, I am writing it to a text file and then in another process using grep I am extracting particular line from the text file.
To get the Process Output I am using a code from http://hacks.oreilly.com/pub/h/1092#thread.
Below is my code.
public void getUSBInfo() {
try{
String catCommand = "cat /proc/bus/usb/devices";
System.out.println("catCommand is : "+catCommand);
Process p = Runtime.getRuntime().exec(catCommand);
usbInfoBuffer = new StringBuffer("");
InputStream inStream = p.getInputStream();
new InputStreamHandler( usbInfoBuffer, inStream );
// InputStreamHandler is the class used to read the console output.
StringBuffer errBuffer = new StringBuffer();
InputStream errStream = p.getErrorStream();
new InputStreamHandler( errBuffer , errStream );
p.waitFor();
catCommandOutput = usbInfoBuffer.toString();
System.out.println("USB Info : " +catCommandOutput);
String fileCat ="/EthicsPoint/usbInfo.txt";
File catCommandOutputFile = new File(fileCat);
boolean filesuccess = catCommandOutputFile.createNewFile();
setContents(catCommandOutputFile,catCommandOutput);
extractUSBInfo();
}catch(Exception e) {
JOptionPane.showMessageDialog(null," Exception occured executing Native Method..catCommand.." ,epname,JOptionPane.ERROR_MESSAGE); System.out.println("File Exception No 6" +e);
public void extractUSBInfo() {
try {
String filename = " /EthicsPoint/usbInfo.txt";
String grepCommand = "grep \"P:\\|S:\""+filename ;
//String[] grepCommand = new String[]{"grep", "\"P:\\|S:\"", "/EthicsPoint/usbInfo.txt"};
Process p = Runtime.getRuntime().exec(grepCommand);
usbExtractedInfoBuffer = new StringBuffer("");
InputStream inStream = p.getInputStream();
new InputStreamHandler( usbExtractedInfoBuffer, inStream );
StringBuffer errBuffer = new StringBuffer();
InputStream errStream = p.getErrorStream();
new InputStreamHandler( errBuffer , errStream );
p.waitFor();
String Output = usbExtractedInfoBuffer.toString();
System.out.println("grepCommand is : " +grepCommand);
System.out.println("Searched USB Info : " +Output);
}catch(Exception e) {
JOptionPane.showMessageDialog(null," Exception occured executing Native Method..grepCommand..." ,epname,JOptionPane.ERROR_MESSAGE); System.out.println("File Exception No 7" +e);
}I am not getting any IOException. The output of System.out.println("Searched USB Info : " +Output); is blank.
If I try shell> grep "P:\|S:" /EthicsPoint/usbInfo.txt, I get the desired output.
What could be the reason ? While using cat command I am getting the output , but grep command is
returning blank. I even tried String array[] for exec() command, but still get blank.
Where and what I am doing wrong ?
Thanks in advance.
Regards,
Jay.Hi asjf,
Thanks a lot... The problem is finally solved.
String exeCommand = "grep P:\\|S: "+filename; I removed the quotes and it worked. But if I
remove backslash for the pipe symbol nothing happens..as I get return value of 1.
Output after removing quotes :
exeCommand is : grep P:\|S: /EthicsPoint/usbInfo.txt
Exit Value is : 0
USB Info : P: Vendor=0000 ProdID=0000 Rev= 0.00
S: Product=USB OHCI Root Hub
S: SerialNumber=ce84b000
P: Vendor=0000 ProdID=0000 Rev= 0.00
S: Product=USB OHCI Root Hub
S: SerialNumber=ce849000But I have noticed another problem. If I execute the aplication number of times, eventhough
the exit value is 0, USB Info : is blank. This happens sometimes. Sometimes I get the correct output.
What could be the reason ?
Thanks to you and all who have replied to my queries....Thanks a lot.....Really appreciate the time and effort.
Regards,
Jay. -
Is there any command in windows batch file similar to the unix grep command
Hi,
I have a batch file which will return status of the Database to a file ex: "OPEN". Now I want to read this output file and check for the "OPEN" string from another batch file. any suggestions?. This is similar to "grep" command in unix. I want this to be done in windows batch file.
This is my actual batch file
rem -- Description: Check whether the Database is UP
rem -- Usage:
rem -- ORACLE_SID is input parameter for the file
rem --
rem --start of batch file
@echo off
set ORACLE_SID=%1
echo connect plp/ltd1plp@%1
echo set cmdsep on
echo set cmdsep '"'; --"
echo set term on
echo spool c:/status_log.log
echo select status from v$instance;
echo spool off
) | sqlplus /nolog
rem --end batch file
Thanks.The same link from [google cache|http://209.85.229.132/search?q=cache:EJrm9tgj0a8J:www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/find.mspx+windows+find&cd=1&hl=en&ct=clnk&client=opera]. Also you can use help:
find /? -
Grep command has lost the "-P" option
The grep command has lost the "-P" option. It now supports a non-standard "-p" option that doesn't work on previous versions of OS X or Linux. It also doesn't support the long form version of "--perl-regexp". Any portable solutions?
In addition, the command line usage still shows "-P" as an option, but the man page doesn't list it.The grep command has lost the "-P" option. It now supports a non-standard "-p" option that doesn't work on previous versions of OS X or Linux. It also doesn't support the long form version of "--perl-regexp". Any portable solutions?
In addition, the command line usage still shows "-P" as an option, but the man page doesn't list it. -
Grep command to achieve the following - Almost got it
Hi
I have been on here before and received great help with grep styles but have one that I can't find a solution for from online resources
I am using the following grep command to add a descriptor to a event.
My text looks like this
9.00 Football
Grep command is
(\d+\.\d+\t)(Football)(.*\r.+\r)
$1$2$3Play football.\r
Which acheives...
9.00 Football
Play football
Problem is
Some of the titles are
9.00 Sunday Football
9.00 Junior Football
9.00 Junior 5 a side Football
I ideally need a grep command that will do exactly the same but ignore Sunday, Junior, Junior 5 a side (but leave it in) I can't add extra greps as there are too many
Is there a command that will find the digits (ignore everthing until football) and add the descriptor
Hopefuly it is just a little addition to the grep but I can't find a solution
Any help much appreciatedI'm a little unclear
when starting with:
9.00 Sunday Football
9.00 Junior Football
9.00 Junior 5 a side Football
what do you want the result to be? This, or something else--
9.00 Sunday Football
Play Football
9.00 Junior Football
Play Football
9.00 Junior 5 a side Football
Play Football -
Hello.
I am compiling a list of the grep commands I use in everyday EBS support related tasks. I have posted them below. Would anyone like to add any others??
process check
check of all Midle Tier services:
ps –fu appltest | grep –i TEST | wc -l
forms:
$ps -ef | grep f60webmx | grep VIS
Concurrent Mangers:
ps -fu appldev | grep FNDLIBR
Apache
$ps -ef | grep httpd| grep vis
For more information about a process 2342:
$ps -ef | grep 2342
workers process ID:
ps -a | grep adworker
Listing processes owned by ias
ps -ef|grep ias
review patch log:
egrep -i 'error|warn|fail' <log_file>
DADan,
Why you need to list those commands?
With the help of "ps -ef" command you can filter any process you need to check (just get the process name).
Thanks,
Hussein -
Regarding grep command,i have given in linux
grep -r "some name" & (& i have given instead of *).after enter some below mesg throws like
[+1] + stopped [sigttin] .
when i typed exit it shows YouHave stopped jobs.
Is this any problem with this command for running background jobs?
can anyone please suggest ASAP.Thanks in Advance.grep -r "some name"Are you searching for file content or filename? In the later case, you would use find, not grep.
The grep command requires a file paramter. & as file parameter is not valid.
You could possibly use "grep -r "something" ./* &. But what would be the purpose of running such a command in the background unless you pipe the output to a file, e.g.
<pre>
grep -r "something" * > output.lst &
</pre> -
Hi all,
I linux i can use this command
grep -C 3 err /u01/oracle/admin/ORCL/bdump/alert_ORCL.log
How can i do this in Solaris 10?
Thanks in advance!
Dan.This work perfectly!
-bash-3.00$ /usr/sfw/bin/ggrep -C 3 err /u01/oracle/admin/ORCL/bdump/alert_ORCL.log
Thank you all!
Dân
Edited by: Dan on Jan 9, 2012 10:36 PM -
Grep command to search files which have names of same pattern
Hi,
I am new to solaris.
I am trying to grep all the files in a directory which have names of same pattern.
I had done this in linux but in solaris it is not working.
e.g. i have two files setup.log and setup.log.full
grep -l 'setup*' *
by this command it works fine on linus but on solaris it is not working.
Please let me know where am i wrong.
regards,How many files do you have in this directory? It could be that the expansion of the file list is too large for the shell to handle? Or that first asterisk is expanding to something unusable. I'm surprised this works in Linux. What shell are you using in Linux and what shell are you using in Solaris? What error message do you get when you try to run this in a Solaris system?
Maybe try to use something like this:
ls -1 | awk '{ print "grep -l "$1" "$1 }' | sh -
Multiple expressions on the grep command
I am trying to grep for an IP and result code (TCP_DENIED), but I'm not having any luck. My command line is as follws:
grep -e x.x.x.x*TCP_DENIED -i -t accesslogs
I've tried different variations such as leaving a space between the IP and TCP_DENIED and adding an * between the variables, but nu lick.
Can someone please provide the correct command for this?
Thx,
JeffGrep is "menuy"....
Just type "grep", hit enter, follow the prompts... I have seen reference to escaping out the periods in an IP address in the regex... (eg 192\.168\.0\.10)
Enter the number of the log you wish to grep.
[]> 1
Enter the regular expression to grep.
[]> 172.168.151.1
Do you want this search to be case insensitive? [Y]>
Do you want to search for non-matching lines? [N]>
Do you want to tail the logs? [N]> y
Do you want to paginate the output? [N]> y
Hope that helps.
Ken -
Trying SSH CLI , reading command line method is infinte loop problem!
I am trying excute command and reading result. but reading result part has problem.
below source is a part of my method.
try{
SessionChannelClient sessionChannel = ssh.openSessionChannel();
sessionChannel.startShell();
OutputStream out = sessionChannel.getOutputStream();
String cmd = s + "\n";
out.write(cmd.getBytes());
out.flush();
InputStream in = sessionChannel.getInputStream();
BufferedReader br = new BufferedReader(new InputStreamReader(in));
byte buffer[] = new byte[255];
String read= "";
while (true) {
String line = br.readLine();
if (line == null)
break;
str += line;
str += "\n";
System.out.print(str); //print result
sessionChannel.close();
in.close();
out.close();
}catch(IOException ee){
System.out.println(ee);
}finally{
System.out.println("=============end cmd=============");
while loop has problem. While statement has infinite loop problem.
why has this problem?
anybody, help me please. Thanks for reading .
Edited by: BreathAir on Aug 5, 2008 12:16 AMThat loop will loop until readLine() returns null, which will only happen when the other end closes its end of the connection, and it will block while no data is available.
-
[SOLVED] in-place execution of grepped command
I have an .xinitrc which contains the following line:
eval $(cat ~/.fehbg)
The ~/.fehbg file contains:
feh --bg-scale '/home/x/beautiful.jpg'
The above sets my background screen in X to a picture.
Now I am setting the background to grey:
xsetroot -gray
Now while I am in my X session, I want to re-set my background picture. Thinking I am smart, I do the following:
$ $(grep feh ~/.xinitrc)
But no, linux teaches me once again I don't get it:
Error: feh WARNING: '/home/x/beautiful.jpg' - File does not exist
feh ERROR: Couldn't load image in order to set bg
What am I doing wrong?
Last edited by awayand (2011-06-14 12:13:59)The single quote marks are being included as part of the image name and not being stripped off. You'll see that if you do
feh --bg-scale 'imaginary_file'
The output is
feh WARNING: imaginary_file - File does not exist
feh ERROR: Couldn't load image in order to set bg
Notice the file it says does not exist does NOT include quote marks. Forcing whatever strips the quote marks not to do that (bash, maybe?), you get
feh --bg-scale \'imaginary_file\'
feh WARNING: 'imaginary_file' - File does not exist
feh ERROR: Couldn't load image in order to set bg
Doing "eval $(grep feh ~/.xinitrc)" works, but I recommend not doing that
Last edited by jac (2011-06-14 11:36:16)
Maybe you are looking for
-
How to change order unit in ME22n for particular vendor
Dear All, We have defined ordering unit in material master as "L". For other vendors & new PO we get proper ord.unit display. But we r not getting in PO of particular vendor. How to get order unit in ME22n ? What is the relation of order unit with Ve
-
Please HELP on Button Click. URGENT Folks.!!!
Folks, I need some very URGENT help. When I click a Button,how do I associate this Button clicked with a particular Key? I am reading data from a Hashtable in the foll.format Monday Data [ More Info] Tuesday Data [ More Info] where : Data to display
-
Use of installer-desc tag and the ExtensionInstallerService of the jnlp
I have an application where, the properties file is outside the jar file. Each client machine has it's own copy of properties file. At some instances the user has to update the properties file ( to him it's a config file). This is ok with the system
-
Customize Web Service Home Page in OC4J
I am using OC4J 10.1.2, I have developed a webservice using JDeveloper 10.1.3 by selecting j2ee sebservice version J2EE 1.3 (Oracle) Web Service. On accessing the webservice using the browser I am getting the WebService Homepage with the option to ac
-
SSIS - How to run command line to copy files with User Variables within a Execute Process Task
Hello, I'm am having syntax issues within the Arguments when trying to copy a file with cmd.exe using User Variables. It works when I hard code the arguments : /c copy /b "\\folder1\file.txt" "\\folder2\file.txt" However, it's failing when I try usi