LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Multiple values in a search option (https://www.linuxquestions.org/questions/linux-newbie-8/multiple-values-in-a-search-option-846758/)

gene.rye 11-26-2010 03:22 PM
Multiple values in a search option
 
I am using ausearch to parse my audit data. I would like to look for files with etc and var in the title or path. I can search each separately using -f etc or -f var. How can I combine them to make one search?

Tinkster 11-26-2010 03:32 PM
Hi, welcome to LQ!


I have never used ausearch ...

Does it support mulitple -f statements? E.g.,
Code:
ausearch -f etc -f var

[edit]
Looking at man ausearch-expression ...
Would
Code:
ausearch -f "etc||var"
work?
[/edit]

Cheers,
Tink

gene.rye 11-29-2010 09:35 AM
Slight mistake
 
In my original question, I wanted directories that had etc and var in the paths. My mistake. I would like to search for auditable events that have either etc or var in the path. I can try the || as suggested but I am probably sure this will not work. Is there a logical separation that will identify "or" as the separator or is "||" the "or" separator?

Tinkster 11-29-2010 10:13 AM
The "double pipe" *is* OR.


All times are GMT -5. The time now is 07:06 PM.