[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: grep -f broken?
From: |
Alain Magloire |
Subject: |
Re: grep -f broken? |
Date: |
Fri, 16 Mar 2001 14:36:07 -0500 (EST) |
Bonjour
>
> I've got a file, messages, full of entries such as the following:
>
> Mar 16 11:16:27 hosnortice snort[29639]: spp_portscan: portscan status from
> 192.168.10.11: 1 connections across 1 hosts: TCP(0), UDP(1)
> Mar 16 11:16:33 hosnortice snort[29639]: spp_portscan: portscan status from
> 192.168.10.11: 1 connections across 1 hosts: TCP(0), UDP(1)
> Mar 16 11:16:34 hosnortice snort[29639]: ICMP Redirect (for Network or
> Subnet): 170.153.36.1 -> 170.153.37.199
> Mar 16 11:16:38 hosnortice snort[29639]: ICMP Redirect (for Network or
> Subnet): 170.153.36.1 -> 170.153.37.179
> Mar 16 11:16:39 hosnortice snort[29639]: spp_portscan: portscan status from
> 192.168.10.11: 1 connections across 1 hosts: TCP(0), UDP(1)
> Mar 16 11:16:40 hosnortice snort[29639]: High False Rule - IDS171 Ping All
> Zeros: 170.153.36.22 -> 170.153.36.84
> Mar 16 11:16:41 hosnortice snort[29639]: IDS474 - WEB-MISC Webdav search:
> 170.153.36.4:4962 -> 206.47.73.48:80
> Mar 16 11:16:41 hosnortice snort[29639]: IDS474 - WEB-MISC Webdav search:
> 170.153.36.4:4964 -> 206.47.73.48:80
>
>
> I have another text file, ice-false, with the following lines in it:
> ICMP Redirect (for Network or Subnet)
> IDS474 - WEB-MISC Webdav search
>
> I want to do this:
> grep -v -f ice-false messages
>
> I would expect that I'd get the input file, messages, without lines
> containing the lines from the -f ice-false file. Is that correct? It
> doesn't seem to work at all, I get all the lines to stdout. I've tried
> quoting the input files lines, but no luck.
>
> Any ideas?
Maybe, you could take a look at grep.info or the grep man pages.
You may also want to try other news group like unix.shell or something.
Since you seem to search for a *fixed* string, you may want to explore
'-F' to avoid to quote the special characteres.
You example, works fine for me, (I did not assume some of the lines meant
to be folded)
# grep -v -f ice-false messages
Mar 16 11:16:27 hosnortice snort[29639]: spp_portscan: portscan status from
192.168.10.11: 1 connections across 1 hosts: TCP(0), UDP(1)
Mar 16 11:16:33 hosnortice snort[29639]: spp_portscan: portscan status from
192.168.10.11: 1 connections across 1 hosts: TCP(0), UDP(1)
Mar 16 11:16:34 hosnortice snort[29639]: ICMP Redirect (for Network or
Subnet): 170.153.36.1 -> 170.153.37.199
Mar 16 11:16:38 hosnortice snort[29639]: ICMP Redirect (for Network or
Subnet): 170.153.36.1 -> 170.153.37.179
Mar 16 11:16:39 hosnortice snort[29639]: spp_portscan: portscan status from
192.168.10.11: 1 connections across 1 hosts: TCP(0), UDP(1)
Mar 16 11:16:40 hosnortice snort[29639]: High False Rule - IDS171 Ping All
Zeros: 170.153.36.22 -> 170.153.36.84
170.153.36.4:4962 -> 206.47.73.48:80
170.153.36.4:4964 -> 206.47.73.48:80
--
au revoir, alain
----
Aussi haut que l'on soit assis, on est toujours assis que sur son cul !!!
- grep -f broken?, John_Delisle, 2001/03/16
- Re: grep -f broken?,
Alain Magloire <=