How to Query Logs from the CLI for a Rule Containing a Space in the Name
Resolution
Details
From the CLI, the show log command provides an ability to query various log databases present on the device. For each log type, various options can be specified to query only specific entries in the database. One option, rule, enables the user to specify the traffic log entries to display, based on the rule the particular session matched against:
> show log traffic rule equal
<value> equal value
For rule names without a space, the syntax matches with the available context-sensitive help provided by the command:
> show log traffic rule equal Src_NAT
When the rule name contains a space, the rule specified must be enclosed in single quotes and then enclosed in double quotes:
> show log traffic rule equal "'Public Rule'"
Note: For rule names containing a space character, the single quotes and the encompassing double quotes are required for the system to parse them correctly. When the CLI command is formatted in this way the query will correctly return log entries which match the rule.
owner: kfindlen