LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 11-26-2010, 04:22 PM   #1
gene.rye
LQ Newbie
 
Registered: Nov 2010
Posts: 3

Rep: Reputation: 0
Multiple values in a search option


I am using ausearch to parse my audit data. I would like to look for files with etc and var in the title or path. I can search each separately using -f etc or -f var. How can I combine them to make one search?
 
Old 11-26-2010, 04:32 PM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,005
Blog Entries: 11

Rep: Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903
Hi, welcome to LQ!


I have never used ausearch ...

Does it support mulitple -f statements? E.g.,
Code:
ausearch -f etc -f var

[edit]
Looking at man ausearch-expression ...
Would
Code:
ausearch -f "etc||var"
work?
[/edit]

Cheers,
Tink

Last edited by Tinkster; 11-26-2010 at 04:36 PM. Reason: edit
 
Old 11-29-2010, 10:35 AM   #3
gene.rye
LQ Newbie
 
Registered: Nov 2010
Posts: 3

Original Poster
Rep: Reputation: 0
Slight mistake

In my original question, I wanted directories that had etc and var in the paths. My mistake. I would like to search for auditable events that have either etc or var in the path. I can try the || as suggested but I am probably sure this will not work. Is there a logical separation that will identify "or" as the separator or is "||" the "or" separator?
 
Old 11-29-2010, 11:13 AM   #4
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,005
Blog Entries: 11

Rep: Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903
The "double pipe" *is* OR.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Comparing Multiple Values in while loop rahulruns Programming 5 10-27-2009 06:59 AM
matching multiple values in awk vgr12386 Programming 3 06-15-2009 04:54 AM
Search values within multiple files line to line Chrizzieej Programming 5 09-26-2008 05:11 PM
Enter multiple values and display them all at once ckoniecny Programming 0 10-17-2006 04:57 PM
xmodmap for multiple values malo_umoran Slackware 3 03-27-2005 10:39 AM


All times are GMT -5. The time now is 03:47 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration