CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 4 of 4

Thread: Grep won't apply when running fw ctl zdebug + drop

  1. #1
    Join Date
    2012-01-03
    Posts
    9
    Rep Power
    0

    Default Grep won't apply when running fw ctl zdebug + drop

    Hello,

    I can't get "grep" to apply when I run "fw ctl zdebug + drop". It will start the debug, but it shows me all the drops but won't filter out specific IP that I grepped for. I've tried playing with the syntax; adding and removing apostrophes, adding and removing spaces, trying all these different combinations:
    fw ctl zdebug + drop|grep 192.168.1.1
    fw ctl zdebug + drop | grep '192.168.1.1'
    fw ctl zdebug + drop | grep "192.168.1.1"
    fw ctl zdebug + drop | grep 192.168.1.1

    It always takes the command and runs the zdebug, showing me all the drops, but it never applies the grep, so I just get huge dump of drops. Any idea what the problem could be?

    We're running Gaia R80.10.

  2. #2
    Join Date
    2012-07-19
    Posts
    106
    Rep Power
    8

    Default Re: Grep won't apply when running fw ctl zdebug + drop

    Quote Originally Posted by VenisonMogambi View Post
    Hello,

    I can't get "grep" to apply when I run "fw ctl zdebug + drop". It will start the debug, but it shows me all the drops but won't filter out specific IP that I grepped for.
    I can't verify that right now, but it's probably because fw ctl zdebug outputs both to STDOUT (default output) and STDERR (error channel output). Try

    fw ctl zdebug +drop 2>&1 | grep 192.168.1.1

    This will redirect output handle 2 (STDERR) to handle 1 (STDOUT).

    If you want to see what goes to STDERR and what to STDOUT, just try fw ctl zdebug +drop 2> ./output2 > ./output1

    Edit: Also remember line buffering, see https://www.cpug.org/forums/showthre...9897#post99897
    Last edited by Jejerod; 2019-09-18 at 07:01. Reason: Additional Info

  3. #3
    Join Date
    2014-09-02
    Posts
    356
    Rep Power
    10

    Default Re: Grep won't apply when running fw ctl zdebug + drop

    Don't take this the wrong way, but are you sure you're in export mode (bash)?

    "fw" commands will work from clish, but grep won't.

    -E

  4. #4
    Join Date
    2012-01-03
    Posts
    9
    Rep Power
    0

    Default Re: Grep won't apply when running fw ctl zdebug + drop

    The problem was that I was in clish! When I ran it from export mode it worked.

    Thanks very much for the assistance, glad it was an easy fix.

Similar Threads

  1. How to output fw ctl zdebug + drop to a file ?
    By fkbr1 in forum fw monitor, tcpdump and Wireshark
    Replies: 9
    Last Post: 2019-03-05, 02:13
  2. Difference in block and drop ,…drop and reject
    By gajendra229 in forum General Exam Topics
    Replies: 1
    Last Post: 2019-02-06, 14:49
  3. fw ctl zdebug - output
    By Danielpb in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 5
    Last Post: 2010-03-25, 12:10
  4. grep in SPLAT
    By mihaie in forum Check Point SecurePlatform (SPLAT)
    Replies: 1
    Last Post: 2009-12-07, 18:10
  5. fw ctl zdebug command?
    By menz456 in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 2
    Last Post: 2009-03-05, 10:33

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •