bug-gnu-utils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: grep -f broken?

From: Alain Magloire
Subject: Re: grep -f broken?
Date: Fri, 16 Mar 2001 14:36:07 -0500 (EST) 
Bonjour

> 
> I've got a file, messages,  full of entries such as the following:
> 
> Mar 16 11:16:27 hosnortice snort[29639]: spp_portscan: portscan status from
> 192.168.10.11: 1 connections across 1 hosts: TCP(0), UDP(1)
> Mar 16 11:16:33 hosnortice snort[29639]: spp_portscan: portscan status from
> 192.168.10.11: 1 connections across 1 hosts: TCP(0), UDP(1)
> Mar 16 11:16:34 hosnortice snort[29639]: ICMP Redirect (for Network or
> Subnet): 170.153.36.1 -> 170.153.37.199
> Mar 16 11:16:38 hosnortice snort[29639]: ICMP Redirect (for Network or
> Subnet): 170.153.36.1 -> 170.153.37.179
> Mar 16 11:16:39 hosnortice snort[29639]: spp_portscan: portscan status from
> 192.168.10.11: 1 connections across 1 hosts: TCP(0), UDP(1)
> Mar 16 11:16:40 hosnortice snort[29639]: High False Rule - IDS171 Ping All
> Zeros: 170.153.36.22 -> 170.153.36.84
> Mar 16 11:16:41 hosnortice snort[29639]: IDS474 - WEB-MISC Webdav search:
> 170.153.36.4:4962 -> 206.47.73.48:80
> Mar 16 11:16:41 hosnortice snort[29639]: IDS474 - WEB-MISC Webdav search:
> 170.153.36.4:4964 -> 206.47.73.48:80
> 
> 
> I have another text file, ice-false, with the following lines in it:
> ICMP Redirect (for Network or Subnet)
> IDS474 - WEB-MISC Webdav search
> 
> I want to do this:
> grep -v -f ice-false messages
> 
> I would expect that I'd get the input file, messages, without lines
> containing the lines from the -f ice-false file.  Is that correct?  It
> doesn't seem to work at all, I get all the lines to stdout.  I've tried
> quoting the input files lines, but no luck.
> 
> Any ideas?

Maybe, you could take a look at grep.info or the grep man pages.
You may also want to try other news group like unix.shell or something.

Since you seem to search for a *fixed* string, you may want to explore
'-F' to avoid to quote the special characteres.

You example, works fine for me, (I did not assume some of the lines meant
to be folded)

# grep -v  -f ice-false messages
Mar 16 11:16:27 hosnortice snort[29639]: spp_portscan: portscan status from
192.168.10.11: 1 connections across 1 hosts: TCP(0), UDP(1)
Mar 16 11:16:33 hosnortice snort[29639]: spp_portscan: portscan status from
192.168.10.11: 1 connections across 1 hosts: TCP(0), UDP(1)
Mar 16 11:16:34 hosnortice snort[29639]: ICMP Redirect (for Network or
Subnet): 170.153.36.1 -> 170.153.37.199
Mar 16 11:16:38 hosnortice snort[29639]: ICMP Redirect (for Network or
Subnet): 170.153.36.1 -> 170.153.37.179
Mar 16 11:16:39 hosnortice snort[29639]: spp_portscan: portscan status from
192.168.10.11: 1 connections across 1 hosts: TCP(0), UDP(1)
Mar 16 11:16:40 hosnortice snort[29639]: High False Rule - IDS171 Ping All
Zeros: 170.153.36.22 -> 170.153.36.84
170.153.36.4:4962 -> 206.47.73.48:80
170.153.36.4:4964 -> 206.47.73.48:80

-- 
au revoir, alain
----
Aussi haut que l'on soit assis, on est toujours assis que sur son cul !!!
reply via email to
[Prev in Thread] Current Thread [Next in Thread]