FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Jonathan_Body_FTNT
Article Id 194828

Description


This article describes how to use the 'grep' command in the CLI of a FortiGate system.


Scope


FortiOS firmware version 4.0 MR2, version 4.0 MR3, version 5.0.x, version 6.0.x, 6.2.x and 6.4.x, version 7.0.x, 7.2.x and 7.4.x.


Solution


The 'grep' command is applied as a standard command filter within the FortiOS firmware, with the following syntax:
 

show  <subcommand>  | grep <expression>

 

diagnose  <subcommand>  | grep <expression>
 

Example:

 
show system interface
 
config system interface
    edit "port1"
        set vdom "root"
        set ip 192.168.183.104 255.255.254.0
        set allowaccess ping ssh http telnet
        set type physical
    next
    edit "port2"
        set vdom "root"
        set ip 172.31.225.104 255.255.254.0
        set allowaccess ping https ssh http telnet
        set type physical
    next
 
show sys interface | grep 192
set ip 192.168.183.104 255.255.254.0

 

 

show system interface | grep https

set allowaccess ping https ssh http telnet

 

On the other hand, the option -invfcABC can be used to further filter out the output.

 

grep: option requires an argument -- 'A'
Usage: grep [-invfcABC] PATTERN
Options:
-i Ignore case distinctions
-n Print line number with output lines
-v Select non-matching lines
-f Print fortinet config context
-c Only print count of matching lines
-A Print NUM lines of trailing context
-B Print NUM lines of leading context
-C Print NUM lines of output context

 

On new firmware versions as 7.x, new grep options were added. Here is the output collected from a FGT running 7.0.12

 

Usage: grep [-ilHhnqvscABC] PATTERN [FILE...]
Options:
-i Ignore case distinctions
-l List names of files that match
-H Prefix output lines with filename where match was found
-h Suppress the prefixing filename on output
-n Print line number with output lines
-q Quiet
-v Select non-matching lines
-s Suppress file open/read error messages
-c Only print count of matching lines
-A Print NUM lines of trailing context
-B Print NUM lines of leading context
-C Print NUM lines of output context