1

I'm trying to find out if an address definition is used inside of fortigate configuration file.

I extracted the section out of the configuration file, that contains the addresses. In that section the lines look like this:

edit "address name"
    set associated-interface "someinterface"
    set subnet 1.1.1.1 0.0.0.0

So now I wanted to use the address name and check if any rule or address group uses this by doing the following:

IFS='
'
for address in $(grep edit addresses.txt | cut -c10- | sed 's/"//'g); do echo $address; grep -n $address fortigate.conf; done

The IFS part I took from here.

This returns me a list of names of address definitions, but the grep command doesn't find anything, which is weird, since it should at least find itself, no?

Community
  • 1
user857990
  • 245
  • 3
  • 7
  • 1
    Please post both your `addresses.txt` and the conf file, we cannot tell what's wrong otherwise. Why are you changing `IFS`? That shouldn't be necessary either. – terdon Jul 17 '13 at 14:03
  • the address looks like a list of the first code blocks. An example configuration file can be found here: http://www.cisco.com/en/US/docs/cable/cmts/ubr7200/configuration/guide/u72_c.pdf – user857990 Jul 18 '13 at 14:55
  • 1
    What you are posting should work. The fact that it doesn't means there is something specific in your files, we can't help you if you don't give us real examples that don't work. At least show us the real output of your `for` loop. What does the `echo` echo? Can you give us a minimal working (failing) example? – terdon Jul 18 '13 at 15:04

3 Answers3

1

Without the IFS might be simplier

grep edit addresses.txt | cut -d\" -f2 | while read addr
do
echo "addr=[$addr]"
grep -n "$addr" fortigate.conf
done

Walter A
  • 694
  • 4
  • 11
0

Your cut command is too aggressive. If you run just that by itself you'll see the following effect:

$ grep edit yyyy 
edit "address name"

$ grep edit yyyy |cut -c10-
ress name"

Adjust your cut to this:

$ grep edit yyyy |cut -c6-
"address name"
slm
  • 363,520
  • 117
  • 767
  • 871
  • Even if the string would be incomplete (which it isn't because it prints 4 spaces before, so cut is ok), it should find that string. As said in the question - the names are outputed correctly, but it's afterwards that it won't find anything. Could there be a newline character at the end that messes it up? – user857990 Jul 17 '13 at 12:03
  • @user857990 - I'd need to see the fortigate.conf file to confirm, but if you're OK with how the first `grep` works, then that would seem to be the next logical place to look. The outer `for ... grep ...` seems to be "working" otherwise. – slm Jul 17 '13 at 12:09
0

Perhaps the space in the address name is creating a problem. Try:

  IFS='
'
for address in $(grep edit addresses.txt | cut -c10- | sed 's/"//'g); do echo $address; grep -n "$address" fortigate.conf; done

NOTE: there are quotes around $address when grepping

sandyp
  • 1,117
  • 2
  • 8
  • 11