CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 4 of 4

Thread: Grep won't apply when running fw ctl zdebug + drop

  1. #1
    Join Date
    2012-01-03
    Posts
    9
    Rep Power
    0

    Default Grep won't apply when running fw ctl zdebug + drop

    Hello,

    I can't get "grep" to apply when I run "fw ctl zdebug + drop". It will start the debug, but it shows me all the drops but won't filter out specific IP that I grepped for. I've tried playing with the syntax; adding and removing apostrophes, adding and removing spaces, trying all these different combinations:
    fw ctl zdebug + drop|grep 192.168.1.1
    fw ctl zdebug + drop | grep '192.168.1.1'
    fw ctl zdebug + drop | grep "192.168.1.1"
    fw ctl zdebug + drop | grep 192.168.1.1

    It always takes the command and runs the zdebug, showing me all the drops, but it never applies the grep, so I just get huge dump of drops. Any idea what the problem could be?

    We're running Gaia R80.10.

  2. #2
    Join Date
    2012-07-19
    Posts
    108
    Rep Power
    9

    Default Re: Grep won't apply when running fw ctl zdebug + drop

    Quote Originally Posted by VenisonMogambi View Post
    Hello,

    I can't get "grep" to apply when I run "fw ctl zdebug + drop". It will start the debug, but it shows me all the drops but won't filter out specific IP that I grepped for.
    I can't verify that right now, but it's probably because fw ctl zdebug outputs both to STDOUT (default output) and STDERR (error channel output). Try

    fw ctl zdebug +drop 2>&1 | grep 192.168.1.1

    This will redirect output handle 2 (STDERR) to handle 1 (STDOUT).

    If you want to see what goes to STDERR and what to STDOUT, just try fw ctl zdebug +drop 2> ./output2 > ./output1

    Edit: Also remember line buffering, see https://www.cpug.org/forums/showthre...9897#post99897
    Last edited by Jejerod; 2019-09-18 at 07:01. Reason: Additional Info

  3. #3
    Join Date
    2014-09-02
    Posts
    374
    Rep Power
    10

    Default Re: Grep won't apply when running fw ctl zdebug + drop

    Don't take this the wrong way, but are you sure you're in export mode (bash)?

    "fw" commands will work from clish, but grep won't.

    -E

  4. #4
    Join Date
    2012-01-03
    Posts
    9
    Rep Power
    0

    Default Re: Grep won't apply when running fw ctl zdebug + drop

    The problem was that I was in clish! When I ran it from export mode it worked.

    Thanks very much for the assistance, glad it was an easy fix.

Similar Threads

  1. How to output fw ctl zdebug + drop to a file ?
    By fkbr1 in forum fw monitor, tcpdump and Wireshark
    Replies: 9
    Last Post: 2019-03-05, 02:13
  2. Difference in block and drop ,…drop and reject
    By gajendra229 in forum General Exam Topics
    Replies: 1
    Last Post: 2019-02-06, 14:49
  3. fw ctl zdebug - output
    By Danielpb in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 5
    Last Post: 2010-03-25, 12:10
  4. grep in SPLAT
    By mihaie in forum Check Point SecurePlatform (SPLAT)
    Replies: 1
    Last Post: 2009-12-07, 18:10
  5. fw ctl zdebug command?
    By menz456 in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 2
    Last Post: 2009-03-05, 10:33

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •