CLI command findevent arguments

Unanswered Question
Aug 13th, 2007

Hi,

starting with AsyncOS 5.1.2 there is a new command "findevent" . The Release notes only showed how to use this command with the integrated CLI Menu.

You can also use it directly with the following arguments:

findevent [ -m MID | -s SUBJECT | -t TO | -f FROM ] LOGNAME


for example:
 findevent -f woizik mail_logs


Will give you the Message ID's found in mail_logs, which you can than use with the -m MID switch.

There are probably more switches available. Maybe someone from Ironport wants to update the CLI Reference Guide ;-)

Best Regards,
Adrian
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kluu_ironport Tue, 08/14/2007 - 14:26

That was a great post Adrian.

I also wanted to add that you can borrow some of the options from the "grep" command. "findevent" is a great enhancement to "grep".

You can also use the "-i" option from "grep" in "findevent".

In the "grep" menu, there were these options.

Enter the regular expression to grep:
[]> [RE: test]

Do you want this search to be case insensitive? [Y]>

Do you want to tail the logs? [N]>

Do you want to paginate the output? [N]>




Similar to "findevent", there is a shortcut for "grep",

grep -itp "PM" mail_logs

Here is an example,


grep -i "PM" k

Fri Aug 10 10:13:16 2007 Info: MID 10 Subject '12:15pm'
Tue Aug 14 12:45:54 2007 Info: MID 110 Subject '2:48pm - disneyland'


-i ---> case-insensitive. This allows you to ignore case while searching.
-t ---> grep while also tailing the logs at the same time. This is useful when you're running a test and expecting a certain entry to show up.
-p ----> grep where you expect to see numerous copies of the pattern to go by. The -p allows you to see one page at a time.


Here are some more examples to reinforce the idea.

Example1:

Let's say you're waiting for someone to send in an email with the word "Test" in the subject line, but you don't know when it will occur. The example below allows you to look for that entry without having to sift through a lot of mail traffic. You would add a -p if you knew the results would go across several pages.

example.com> grep -it "Test" mail_logs

Press Ctrl-C to stop.
Tue Aug 14 13:17:03 2007 Info: MID 111 Subject 'testing'



Example2:
You want to use "findevent" to search for a subject but make it case insentistive at the same time.

findevent -is "Test" mail_logs

MID 56 (Mon Aug 13 20:48:37 2007) test
MID 58 (Mon Aug 13 20:59:29 2007) test 2
MID 61 (Mon Aug 13 21:02:09 2007) test 3
MID 111 (Tue Aug 14 13:17:03 2007) testing
falcon.run>




You can type, "help findevent" and "help grep" to provide useful information.
obutin_ironport Wed, 09/05/2007 - 05:01

thank's for findevent/grep (new)selectors...
Is there any selector to specify date in findevent CLI command (ie last mail_logs file ou between date1 & date2)

regards

kluu_ironport Fri, 09/07/2007 - 16:05

The findevent/grep that is built into the Ironport AsyncOS currently cannot search over a specific date range, like the mail_logs from "Fri Sep 7 07:47:12" to "Fri Sep 7 16:47:12" for example.

This would need to be a feature request.

A workaround would be to pull the mail_logs over to a linux/unix box and then you can use the unix "grep" command with all it's bells and whistles, which will allow you to do ranges.

hope that helps.

thank's for findevent/grep (new)selectors...
Is there any selector to specify date in findevent CLI command (ie last mail_logs file ou between date1 & date2)

regards
mark_ironport Thu, 09/13/2007 - 00:05

Using findevent interactively (just typing "findevent" with no other arguments) does allow you to select a subset of log files. The batch command does not allow specifying a subset of logs. I did think about allowing date ranges but thought it would be a command line formatting nightmare for people.

For offbox use on archived log files, the findevent Python code has been posted to the support portal today under the Tools section.

Actions

This Discussion