Cisco Cisco Web Security Appliance S360 Guida Alla Risoluzione Dei Problemi
How do you use regular expressions (regex) with
grep to search logs?
grep to search logs?
Document ID: 118422
Contributed by Cisco TAC Engineers.
Oct 13, 2014
Oct 13, 2014
Contents
Question
Environment
Solution
Scenario 1: Finding a Particular Website in the Access Logs
Scenario 2: Attempting to Find a Particular File Extension or Top−Level Domain
Scenario 3: Attempting to Find a Particular Block For a Website
Scenario 4: Finding a Machine Name in the Access Logs
Scenario 5: Finding a Specific Time Period in the Access Logs
Scenario 6: Searching for Critical or Warning Messages
Environment
Solution
Scenario 1: Finding a Particular Website in the Access Logs
Scenario 2: Attempting to Find a Particular File Extension or Top−Level Domain
Scenario 3: Attempting to Find a Particular Block For a Website
Scenario 4: Finding a Machine Name in the Access Logs
Scenario 5: Finding a Specific Time Period in the Access Logs
Scenario 6: Searching for Critical or Warning Messages
Question
How do you use regular expressions (regex) with grep to search logs?
Environment
Cisco Web Security Appliance
Cisco Email Security Appliance
Cisco Security Management Appliance
Cisco Email Security Appliance
Cisco Security Management Appliance
Solution
Regular expressions (regex) can be a powerful tool when used with the "grep" command to search through
logs available on the appliance, such as Access Logs, Proxy Logs, and others. We can search the logs based
on the website, or any part of the URL, or user names, to name a few, when using the CLI command "grep".
logs available on the appliance, such as Access Logs, Proxy Logs, and others. We can search the logs based
on the website, or any part of the URL, or user names, to name a few, when using the CLI command "grep".
Below are some common scenarios where you can use regex with grep to assist with troubleshooting.
Scenario 1: Finding a Particular Website in the Access Logs
The most common scenario is attempting to find requests being made to a website in the access logs of the
Cisco Web Security Appliance (WSA).
Cisco Web Security Appliance (WSA).
For Example:
Connect to the appliance via SSH. Once you have the prompt, we can type the "grep" command to list the
available logs.
Connect to the appliance via SSH. Once you have the prompt, we can type the "grep" command to list the
available logs.
CLI> grep
Enter the number of the log you wish to "grep".