Thursday, December 5, 2013

Get a 'grep' on your config

I search configs a lot via the CLI. This saves time and sometimes downloading a config and searching it in Notepad++ is not an option.
When looking for particular pieces of a config you can use the UNIX style "grep" command to filter output, for example:

# show | grep 192.168.1.99      
      
  set ip 192.168.1.99 255.255.255.0

Great. Now we know that there is a line that contains the IP address. But where in the config is it? In FortiOS 5.0 the "FortiOS context" switch was introduced which helps in tracking this down.

# show | grep -f 192.168.1.99
config system interface
    edit "port10"
        set vdom "root"
        set ip 192.168.1.99 255.255.255.0 <---
        set type physical
        set snmp-index 10
    next
end


Notice that when using the -f switch the firewall shows the entire "context" that the string is used in. Also there's a handy little arrow on the right which points out where in the context the string exists.

No comments: