grep command
 

Hi,

Is there a way to use grep so that I can query 2 patterns at one time for correlation purposes? For example, I want to query system message %PIX-3-315001 and IP x.x.x.x to see how many times that particular IP had a denied SSH login attempt against it. I've tried a few different things but no luck. I assume it can be done and is probably an issue of inexperience on my part. For, example if there are 10 %PIX messages and 10 IP x.x.x.x messages in the logfiles, but only 3 of those 20 messages containg both %PIX and IP x.x.x.x then those are the only ones I want to see.

Thanks.

just use a slightly more complex regex:

grep PIX.+x.x.x.x LOGFILE

see the grep manpage for a guide on writing regex's

Actually the command that works is as follows:

# grep %PIX-3-315001.*x\.x\.x\.x logfile

Thanks!

of course, silly me.

Interesting.....the command that worked for me yesterday doesn't return any results today (and it should). Would anyone have any clue as to why? The command is below.

# grep %PIX-3-315001.*x\.x\.x\.x logfile

Does the logfile actually still contain those entries? Has the logfile been rotated?

There doesn't seem to be anything wrong with the grep syntax.

That's what i don't understand.....there has been no log rotation and the entries are still there. Don't know what to make of it?

Did this and it worked again.

# grep x\.x\.x\.x.*%PIX-3-315001 logfile

It's basically the reverse order of what first worked for me, but the logfile hasn't changed at all. It doesn't make sense to me but i got the results i want.