LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 02-12-2003, 12:06 PM   #1
cuss
Member
 
Registered: Dec 2002
Posts: 63

Rep: Reputation: 15
grep command


Hi,

Is there a way to use grep so that I can query 2 patterns at one time for correlation purposes? For example, I want to query system message %PIX-3-315001 and IP x.x.x.x to see how many times that particular IP had a denied SSH login attempt against it. I've tried a few different things but no luck. I assume it can be done and is probably an issue of inexperience on my part. For, example if there are 10 %PIX messages and 10 IP x.x.x.x messages in the logfiles, but only 3 of those 20 messages containg both %PIX and IP x.x.x.x then those are the only ones I want to see.

Thanks.
 
Old 02-12-2003, 12:44 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981
just use a slightly more complex regex:

grep PIX.+x.x.x.x LOGFILE

see the grep manpage for a guide on writing regex's
 
Old 02-12-2003, 01:32 PM   #3
cuss
Member
 
Registered: Dec 2002
Posts: 63

Original Poster
Rep: Reputation: 15
Actually the command that works is as follows:

# grep %PIX-3-315001.*x\.x\.x\.x logfile

Thanks!
 
Old 02-12-2003, 01:48 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981
of course, silly me.
 
Old 02-13-2003, 09:12 AM   #5
cuss
Member
 
Registered: Dec 2002
Posts: 63

Original Poster
Rep: Reputation: 15
Interesting.....the command that worked for me yesterday doesn't return any results today (and it should). Would anyone have any clue as to why? The command is below.

# grep %PIX-3-315001.*x\.x\.x\.x logfile
 
Old 02-13-2003, 10:12 AM   #6
Mik
Senior Member
 
Registered: Dec 2001
Location: The Netherlands
Distribution: Ubuntu
Posts: 1,316

Rep: Reputation: 47
Does the logfile actually still contain those entries? Has the logfile been rotated?

There doesn't seem to be anything wrong with the grep syntax.
 
Old 02-13-2003, 10:33 AM   #7
cuss
Member
 
Registered: Dec 2002
Posts: 63

Original Poster
Rep: Reputation: 15
That's what i don't understand.....there has been no log rotation and the entries are still there. Don't know what to make of it?
 
Old 02-14-2003, 09:23 AM   #8
cuss
Member
 
Registered: Dec 2002
Posts: 63

Original Poster
Rep: Reputation: 15
Did this and it worked again.

# grep x\.x\.x\.x.*%PIX-3-315001 logfile

It's basically the reverse order of what first worked for me, but the logfile hasn't changed at all. It doesn't make sense to me but i got the results i want.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to use grep command sharonyiisl Linux - Newbie 7 05-28-2006 03:46 PM
grep command itz2000 Linux - Newbie 2 09-21-2005 07:06 PM
grep command in c????? alnreddy Linux - Software 1 12-30-2004 01:01 AM
Develop grep command pengui Programming 1 10-16-2004 01:48 AM
Help With GREP Command juliettree Linux - Newbie 3 04-08-2004 08:44 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 01:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration