Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Jonathan_Body_FTNT
Staff
Staff

Created on ‎05-11-2010 06:57 AM Edited on ‎02-26-2025 07:31 AM By Staff

Article Id 194828

Technical Tip: The usage of 'grep' filter command on the FortiGate CLI

Description


This article describes how to use the 'grep' command in the CLI of a FortiGate system.


Scope


FortiGate v4.0 MR2, v4.0 MR3, v5.0.x, v6.0.x, v6.2.x v6.4.x, v7.0.x, v7.2.x, v7.4.x, and v7.6.x.

FortiMail.


Solution


The 'grep' command is applied as a standard command filter within the FortiOS firmware, with the following syntax:
 

show  <subcommand>  | grep <expression>

diagnose  <subcommand>  | grep <expression>
 

Example:

 
show system interface
config system interface
    edit "port1"
        set vdom "root"
        set ip 192.168.183.104 255.255.254.0
        set allowaccess ping ssh http telnet
        set type physical
    next
    edit "port2"
        set vdom "root"
        set ip 172.31.225.104 255.255.254.0
        set allowaccess ping https ssh http telnet
        set type physical
    next
 
show sys interface | grep 192
    set ip 192.168.183.104 255.255.254.0

 

show system interface | grep https

    set allowaccess ping https ssh http telnet

 

show system interface | grep '192\|https'

    set ip 192.168.183.104 255.255.254.0

    set allowaccess ping https ssh http telnet

 

On the other hand, the option -invfcABC can be used to further filter out the output.

 

grep: option requires an argument -- 'A'
Usage: grep [-invfcABC] PATTERN
Options:
-i Ignore case distinctions
-n Print line number with output lines
-v Select non-matching lines
-f Print fortinet config context
-c Only print count of matching lines
-A Print NUM lines of trailing context
-B Print NUM lines of leading context
-C Print NUM lines of output context

 

On new firmware versions as v7. x, new grep options were added. Here is the output collected from a FortiGate running v7.0.12:

 

Usage: grep [-ilHhnqvscABC] PATTERN [FILE...]
Options:
-i Ignore case distinctions
-l List names of files that match
-H Prefix output lines with filename where match was found
-h Suppress the prefixing filename on output
-n Print line number with output lines
-q Quiet
-v Select non-matching lines
-s Suppress file open/read error messages
-c Only print count of matching lines
-A Print NUM lines of trailing context
-B Print NUM lines of leading context
-C Print NUM lines of output context

 

To use the 'grep' command for multiple expressions, each expression should be separated by '\|' and everything should be within the single quotes as below:

 

show | grep -f '<expression_1>\|<expression_2>\|<expression_3>\|...'

 

Example 1:

 

show | grep -f 'internal\|wan'

show | grep -f 'internal\|wan\|port1'

show | grep -f 'internal\|wan\|port1\|port2'

show | grep -f 'internal\|wan\|port1\|port2\|port3'

show | grep -f 'internal\|wan\|port1\|port2\|port3\|port4'

  

Example 2: Checking dropped and error counters only under interface port1 stats:

 

FGT01 # diagnose hardware deviceinfo nic port1 | grep 'Name\|dropped\|errors'
Name: port1
Rx dropped: 0
Rx errors: 0
Tx dropped: 0
Tx errors: 0

40609
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.