Fortinet black logo

CLI Reference

Home FortiGate / FortiOS 6.0.0 CLI Reference

grep

6.0.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.0.0
5.6.0
5.4.0
5.2.0
5.0.0
Copy Link
Copy Doc ID c287b6bf-a995-11e9-81a4-00505692583a:568982
Download PDF

grep

In many cases the get and show (and diagnose) commands may produce a large amount of output. If you are looking for specific information in a large get or show command output you can use the grep command to filter the output to only display what you are looking for. The grep command is based on the standard UNIX grep, used for searching text output based on regular expressions.

Information about how to use grep and regular expressions is available from the Internet. For example, see http://www.opengroup.org/onlinepubs/009695399/utilities/grep.html.

Syntax

{get | show| diagnose} | grep <regular_expression>

Example output

Use the following command to display the MAC address of the FortiGate unit internal interface:

get hardware nic internal | grep Current_HWaddr

Current_HWaddr 00:09:0f:cb:c2:75

Use the following command to display all TCP sessions in the session list and include the session list line number in the output

get system session list | grep -n tcp

19:tcp 1110 10.31.101.10:1862 172.20.120.122:30670 69.111.193.57:1469 -

27:tcp 3599 10.31.101.10:2061 - 10.31.101.100:22 -

38:tcp 3594 10.31.101.10:4780 172.20.120.122:49700 172.20.120.100:445 -

43:tcp 3582 10.31.101.10:4398 172.20.120.122:49574 24.200.188.171:48726 -

Use the following command to display all lines in HTTP replacement message commands that contain URL (upper or lower case):

show system replacemsg http | grep -i url

set buffer "<HTML><BODY>The page you requested has been blocked because it contains a banned word. URL = %%PROTOCOL%%%%URL%%</BODY></HTML>"

config system replacemsg http "url-block"

set buffer "<HTML><BODY>The URL you requested has been blocked. URL = %%URL%%</BODY></HTML>"

config system replacemsg http "urlfilter-err"

.

.

.

Previous
Next

grep

In many cases the get and show (and diagnose) commands may produce a large amount of output. If you are looking for specific information in a large get or show command output you can use the grep command to filter the output to only display what you are looking for. The grep command is based on the standard UNIX grep, used for searching text output based on regular expressions.

Information about how to use grep and regular expressions is available from the Internet. For example, see http://www.opengroup.org/onlinepubs/009695399/utilities/grep.html.

Syntax

{get | show| diagnose} | grep <regular_expression>

Example output

Use the following command to display the MAC address of the FortiGate unit internal interface:

get hardware nic internal | grep Current_HWaddr

Current_HWaddr 00:09:0f:cb:c2:75

Use the following command to display all TCP sessions in the session list and include the session list line number in the output

get system session list | grep -n tcp

19:tcp 1110 10.31.101.10:1862 172.20.120.122:30670 69.111.193.57:1469 -

27:tcp 3599 10.31.101.10:2061 - 10.31.101.100:22 -

38:tcp 3594 10.31.101.10:4780 172.20.120.122:49700 172.20.120.100:445 -

43:tcp 3582 10.31.101.10:4398 172.20.120.122:49574 24.200.188.171:48726 -

Use the following command to display all lines in HTTP replacement message commands that contain URL (upper or lower case):

show system replacemsg http | grep -i url

set buffer "<HTML><BODY>The page you requested has been blocked because it contains a banned word. URL = %%PROTOCOL%%%%URL%%</BODY></HTML>"

config system replacemsg http "url-block"

set buffer "<HTML><BODY>The URL you requested has been blocked. URL = %%URL%%</BODY></HTML>"

config system replacemsg http "urlfilter-err"

.

.

.

Previous
Next