Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Tips/advise on alternative to doing egrep -v
Top Forums UNIX for Beginners Questions & Answers Tips/advise on alternative to doing egrep -v Post 303042291 by rbatte1 on Friday 20th of December 2019 07:57:30 AM
Old 12-20-2019
You should be aware of several things that can catch you:-
  • Using egrep is the same as grep -E so the string passed is an Extended Regular Expression. Along with | as an 'or' separator, it also means that the . is a wildcard for a single character. Searching for 192.168 will also match 192g168
  • You can group expressions or characters using [expression] so you can consolidate your search/exclude.

I'm not clear what the overall requirement for this is, but I think you are looking for sessions for user mickey that are/aren't from a specific set up IP addresses. Might I suggest:
Code:
egrep -v ^host=192\.168\.1\.10[123]|192\.168\.1\.123

If this is all there is, then it may be to better blend these together like 192\.168\.(10[123]|123)




I hope that this helps,
Robin
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

I am one of the newbies, please advise

I am new to UNIX and Linux. I have some experiences with Windows server. I am thinking to start with those OS (Unix/Linux) and more specifically with the OS for the server. however, i have no idea which one would i start first, unix or linux? Because i also dont know how they are different. ... (3 Replies)
Discussion started by: sanlen
3 Replies

2. UNIX for Dummies Questions & Answers

Egrep cheat sheet anywhere? Looking for meaning of egrep -c

Hi I've been searching google and have not found what egrep -c means. Does anyone know where I can get a cheat sheet or what that -c means? thanks, Linda (2 Replies)
Discussion started by: leelm
2 Replies

3. UNIX for Dummies Questions & Answers

your advise on mysql, please

My intention is to set up a mysql on unix. Could you provide some info, please, useful for realization of the plan (other than "read the documentation" that will be done anyway)? vaguely yours` sehrguey (2 Replies)
Discussion started by: serguey
2 Replies

4. UNIX for Dummies Questions & Answers

search ")" with egrep - egrep: syntax error

Hi Guys, we have a shell script which basically query the Database which retrieves huge data and use the data with "egrep" . Now there is some data which contains characters like "abc)" and the same is used like below : "egrep (.+\|GDPRAB16\|GDPR/11702 96 abc)\|$ temp.txt" now while... (7 Replies)
Discussion started by: sagarjani
7 Replies

5. Linux

Please advise me.

Hello all, I have a question, and would like some advice please. I am a windows guy by trade....5 years in the Marines is where I learnt a lot of what i know. I took a junior level sys admin job...learned a bit more...and now I do IT security. All of this happened in the last 8 years. So I'm 27... (2 Replies)
Discussion started by: Quality
2 Replies

6. UNIX for Dummies Questions & Answers

Advise on HP unix

Hi everyone I need help i want to learn Unix and do some certification on Unix Hp the reason why i choose Hp is because the company that i work for uses HP and interested in knowing a lt more about what i do i montor the unix server (disk space CPU usage memory utilization,proceeses job... (5 Replies)
Discussion started by: liema
5 Replies

7. HP-UX

alternative for egrep -o on HP-UX

Hello to all board members!! I have a problem on a HP-UX system. I should write a script. Therefore I need to search after IP addresses in the output of a command. On Debian this works: ifconfig | egrep -o "{1,3}\.{1,3}\.{1,3}\.{1,3}" The script where i need this is not ifconfig, but... (2 Replies)
Discussion started by: vostro
2 Replies

8. Solaris

Experts !!! Please advise

Hi, I work on sun Solaris. Am hosting few web services on my server which are accessed over the internet. Now to check whether the web service is responding or not, i first have to log in to the web service URL. If it doesn't respond there, i come back to my server box and restart the service... (4 Replies)
Discussion started by: sting672744
4 Replies

9. UNIX for Beginners Questions & Answers

Don't have tree, need advise to differentiate dir from file from this alternative that uses find

Hi, I don't have tree on the Solaris server and our SA don't want to install it. I found this example from One Line Linux Command to Print Out Directory Tree Listing | systemBash that more or less does what I am mainly looking for. Example run is as below: $: find ./ | sed -e... (2 Replies)
Discussion started by: newbie_01
2 Replies

LEARN ABOUT DEBIAN

lire::firewall::ipfilterdlfconverter

IpfilterDlfConverter(3pm)				  LogReport's Lire Documentation				 IpfilterDlfConverter(3pm)

NAME

       Lire::Firewall::IpfilterDlfConverter - convert ipf (ipmon) logs to firewall DLF

DESCRIPTION

       Lire::Firewall::IpfilterDlfConverter converts Ipfilter logs into firewall DLF format.  Input for this converter is the standard ipf syslog
       log file as produced by ipmon. IP Filter is shipped with FreeBSD, OpenBSD (up to 2.9) and some other OS's.

EXAMPLE

       A ipfilter logfile which looks like

	Oct 30 07:42:29 rolle ipmon[16747]: 07:42:28.585962	ie0 @0:9
	 b 192.168.48.1,45085 -> 192.168.48.2,22 PR tcp len 20 64 -S OUT
	Oct 30 07:40:24 rolle ipmon[16747]: 07:40:23.631307	ep1 @0:6
	 b 192.168.26.5,113 -> 192.168.26.1,3717 PR tcp len 20 40 -AR OUT
	Oct 30 07:42:29 rolle ipmon[16747]: 07:42:28.585962	ie0 @0:9
	 b 192.168.48.1,45085 -> 192.168.48.2,22 PR tcp len 20 64 -S OUT
	Oct 30 07:44:11 rolle ipmon[16747]: 07:44:10.605416 2x	   ep1 @0:15
	 b 192.168.26.1,138 -> 192.168.26.255,138 PR udp len 20 257  IN
	Oct 30 07:44:34 rolle ipmon[16747]: 07:44:33.891869	ie0 @0:10
	 b 192.168.48.1,23406 -> 192.168.48.2,22 PR tcp len 20 64 -S OUT
	Oct 30 07:49:13 rolle ipmon[16747]: 07:49:12.554420	ep1 @0:15
	 b 210.132.100.117 -> 192.168.26.5 PR icmp len 20 56 icmp 3/3 for
	 192.168.26.5,61915 - 210.132.100.117,53 PR udp len 20 23040 IN
	Oct 30 07:50:23 rolle ipmon[16747]: 07:50:22.908107	ep1 @0:15
	 b 210.132.100.117 -> 192.168.26.5 PR icmp len 20 56 icmp 3/3 for
	 192.168.26.5,4480 - 210.132.100.117,53 PR udp len 20 19712 IN
	Oct 30 07:56:11 rolle ipmon[16747]: 07:56:11.113029 2x	   ep1 @0:15
	 b 192.168.26.1,138 -> 192.168.26.255,138 PR udp len 20 257  IN

       (that's: .... 'PR' protocol 'len' length_of_ip_headers_saved packetlength direction) will get converted to something like

	994398737 denied igmp 100.187.115.1 - ep1 LIRE_NOTAVAIL 
	 224.0.0.2 - 56
	994398861 denied igmp 100.187.115.1 - ep1 LIRE_NOTAVAIL 
	 224.0.0.1 - 56
	994398862 denied igmp 100.187.115.1 - ep1 LIRE_NOTAVAIL 
	 224.0.0.2 - 56
	994406849 denied udp 192.168.26.4 137 ie0 LIRE_NOTAVAIL 
	 192.168.26.255 137 116
	994406850 denied udp 192.168.26.4 137 ie0 LIRE_NOTAVAIL 
	 192.168.26.255 137 116
	994406866 denied udp 192.168.26.4 137 ie0 LIRE_NOTAVAIL 
	 192.168.26.255 137 98

SEE ALSO

       ipl(4) for description of log structure.

       The ipmon.c source (e.g. on

	http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/ 
	 src/usr.sbin/ipmon/Attic/ipmon.c?rev=1.27& 
	 content-type=text/plain&hideattic=0

       ) for the specification of the log syntax.

       The IP Filter webpage on http://coombs.anu.edu.au/~avalon/ip-filter.html

AUTHOR

       Joost van Baal <joostvb@logreport.org>, Wessel Dankers <wsl@logreport.org>

VERSION

       $Id: IpfilterDlfConverter.pm,v 1.7 2009/03/15 08:10:55 vanbaal Exp $

COPYRIGHT

       Copyright (C) 2001-2003 Stichting LogReport Foundation LogReport@LogReport.org

       This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
       the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program (see COPYING); if not, check with
       http://www.gnu.org/copyleft/gpl.html.

Lire 2.1.1							    2009-03-15						 IpfilterDlfConverter(3pm)
All times are GMT -4. The time now is 07:54 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy