Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4248
Views
0
Helpful
5
Replies

WSA S370 CLI - Use regular expression with "tail"

Go to solution
Michal Bruncko
Level 4
Level 4

‎10-10-2013 05:40 AM

Hello

it is possible to somehow filter output from "tail" access logs to match string pattern - similar to "Enter the regular expression" for grep? We have lot of users and sometime I wanted to see real on-the-fly traffic via access logs, but I wanted to point specific IP/username/URL ... but now I am not possible as using "tail" I am able only to specify log type.

> version

Current Version

===============

Product: Cisco IronPort S370 Web Security Appliance

Model: S370

Version: 7.5.0-833

thanks

michal

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Vance Kwan
Cisco Employee
Cisco Employee
In response to Michal Bruncko

‎10-12-2013 11:15 AM

Hi Michal,

Let me try to rephrase.

On the WSA:

'tail' will tail all the access logs in real time.

'grep' can tail the access logs in real time while grepping for the RegEx you'd like.  Be aware that when you issue the 'grep', there will be an option in which you must answer YES to (tail the output).

-Vance

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Vance Kwan
Cisco Employee
Cisco Employee

‎10-10-2013 11:58 PM

Hi Michal,

The grep command will be tailed.

Really, it is similiar to tail -f aclog.current | grep 'expression'.

-Vance

0 Helpful

Go to solution
Michal Bruncko
Level 4
Level 4
In response to Vance Kwan

‎10-11-2013 12:17 AM

Hi Vance,

not sure if understand - you are telling me that it is implemented now or not? Yes I know that using pipes I can get real tailing of logs with matching strings by grep. the question is, if WSA CLI does support it's own "tail" with grep. as using "tail" in WSA CLI I am not able to define regular expression/matching_pattern.

thank you

michal

0 Helpful

Go to solution
Chris Illsley
Level 3
Level 3
In response to Michal Bruncko

‎10-11-2013 02:04 AM

Hi Michal,

Are you talking about using the -t flag?  As below:

grep "regex" accesslogs -t

Thanks

Chris

0 Helpful

Go to solution
Vance Kwan
Cisco Employee
Cisco Employee
In response to Michal Bruncko

‎10-12-2013 11:15 AM

Hi Michal,

Let me try to rephrase.

On the WSA:

'tail' will tail all the access logs in real time.

'grep' can tail the access logs in real time while grepping for the RegEx you'd like.  Be aware that when you issue the 'grep', there will be an option in which you must answer YES to (tail the output).

-Vance

0 Helpful

Go to solution
Michal Bruncko
Level 4
Level 4
In response to Vance Kwan

‎10-14-2013 10:47 AM

Hi Vance,

thanks for clarification. I miss that option within "grep"  command for tailing results. excelent!

0 Helpful
Customers Also Viewed These Support Documents