08-13-2007 01:24 PM
Hi,
starting with AsyncOS 5.1.2 there is a new command "findevent" . The Release notes only showed how to use this command with the integrated CLI Menu.
You can also use it directly with the following arguments:
findevent [ -m MID | -s SUBJECT | -t TO | -f FROM ] LOGNAME
findevent -f woizik mail_logs
08-14-2007 02:26 PM
That was a great post Adrian.
I also wanted to add that you can borrow some of the options from the "grep" command. "findevent" is a great enhancement to "grep".
You can also use the "-i" option from "grep" in "findevent".
In the "grep" menu, there were these options.
Enter the regular expression to grep:
[]> [RE: test]
Do you want this search to be case insensitive? [Y]>
Do you want to tail the logs? [N]>
Do you want to paginate the output? [N]>
grep -i "PM" k
Fri Aug 10 10:13:16 2007 Info: MID 10 Subject '12:15pm'
Tue Aug 14 12:45:54 2007 Info: MID 110 Subject '2:48pm - disneyland'
example.com> grep -it "Test" mail_logs
Press Ctrl-C to stop.
Tue Aug 14 13:17:03 2007 Info: MID 111 Subject 'testing'
findevent -is "Test" mail_logs
MID 56 (Mon Aug 13 20:48:37 2007) test
MID 58 (Mon Aug 13 20:59:29 2007) test 2
MID 61 (Mon Aug 13 21:02:09 2007) test 3
MID 111 (Tue Aug 14 13:17:03 2007) testing
falcon.run>
09-05-2007 05:01 AM
thank's for findevent/grep (new)selectors...
Is there any selector to specify date in findevent CLI command (ie last mail_logs file ou between date1 & date2)
regards
09-07-2007 04:05 PM
The findevent/grep that is built into the Ironport AsyncOS currently cannot search over a specific date range, like the mail_logs from "Fri Sep 7 07:47:12" to "Fri Sep 7 16:47:12" for example.
This would need to be a feature request.
A workaround would be to pull the mail_logs over to a linux/unix box and then you can use the unix "grep" command with all it's bells and whistles, which will allow you to do ranges.
hope that helps.
thank's for findevent/grep (new)selectors...
Is there any selector to specify date in findevent CLI command (ie last mail_logs file ou between date1 & date2)
regards
09-13-2007 12:05 AM
Using findevent interactively (just typing "findevent" with no other arguments) does allow you to select a subset of log files. The batch command does not allow specifying a subset of logs. I did think about allowing date ranges but thought it would be a command line formatting nightmare for people.
For offbox use on archived log files, the findevent Python code has been posted to the support portal today under the Tools section.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: