Can anyone tell me why when I use only:
tail -f /var/log/pfsense | egrep -e "\.25\:" -e "\.465\:" -e "\.587\:" I get the desired result of lines feeding out with these patterns. 2014-02-19T09:53:18-06:00 pfsense.localdomain pf: 192.168.10.8.52208 > 192.168.0.71.25: Flags [S], cksum 0xf314 (correct), seq 549061549, win 5840, options [mss 1460,sackOK,TS val 3975730449 ecr 0,nop,wscale 7], length 0 2014-02-19T09:53:56-06:00 pfsense.localdomain pf: 192.168.0.74.37239 > 192.168.0.71.25: Flags [S], cksum 0x34a2 (correct), seq 1139494723, win 5840, options [mss 1460,sackOK,TS val 3975768307 ecr 0,nop,wscale 7], length 0 2014-02-19T09:56:05-06:00 pfsense.localdomain pf: 192.168.0.178.64090 > 192.168.0.71.25: Flags [S], cksum 0x3f1d (correct), seq 3172558483, win 5840, options [mss 1460,sackOK,TS val 3975898284 ecr 0,nop,wscale 7], length 0 But, when I chain an additional grep: tail -f /var/log/pfsense | egrep -e '\.25\:' -e '\.465\:' -e '\.587\:' | grep -v '192\.168\.0\.71' to filter out the lines with the inverse pattern, I get nothing at all (even though I know from another tail lines with matching patterns are being fed)??!?? I have used chained greps in the past and never had any issues. And, I have tried all sorts of variations on the last grep (such as "grep Flags") - I get nothing!. It's as if the stream is decoupled from the chain after the 1st grep. FWIW, I am using remote sysloging in pfSense to feed the log to a CentOS 6 linux VM guest. All that is working great. I can't see any reason that this shouldn't work. It's weird! Thanks, Mark -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
