How To Use Regex Patterns to Find Counters and Logs

How To Use Regex Patterns to Find Counters and Logs

21253
Created On 04/24/19 22:45 PM - Last Modified 04/25/19 18:49 PM


Objective


When looking at counters like global counters, output of commands that have a long list output or searching through logs, it is useful to use regex and concatenation to find the desired pattern.

Procedure


STEP 1: Find increment of two or more specific global counters.

To search for multiple counters within the match condition, include the counter patterns within doubles quotes and use the \ | pattern between each counter pattern to identify each them separately. 
> show counter global filter delta yes | match "pkt_recv\|flow_health_monitor_rcv"
pkt_recv                                1364       36 info      packet    pktproc   Packets received
pkt_recv_zero                            682       18 info      packet    pktproc   Packets received from QoS 0
flow_health_monitor_rcv                 1364       36 info      flow      mgmt      Health monitoring packet received

> show counter global filter delta yes | match "pkt_recv\|flow_health_monitor_rcv\|flow_health_monitor_xm"
pkt_recv                                1024       28 info      packet    pktproc   Packets received
pkt_recv_zero                            512       14 info      packet    pktproc   Packets received from QoS 0
flow_health_monitor_rcv                 1024       28 info      flow      mgmt      Health monitoring packet received
flow_health_monitor_xmt                 1024       28 info      flow      mgmt      Health monitoring packet transmitted


Can be used for any two or more counters names example:
> show counter global filter delta yes | match "flow_fpga_rcv_egr_QM_NH_NF\|flow_fpga_egress_exception_err"

STEP 2: Find counters that increment at a specific rate For example, I want to find global counters that are incrementing at a four digit rate. Here's what I do: 
show counter global filter delta yes | match drop\|[0-9]\{4\}.[a-z]


pkt_recv                    1047692   4287 info   packet pktproc   Packets received
pkt_sock_recv               1036310   4240 info   packet pktproc   Packets received at socket …
pkt_sock_drop                   303      1 info   packet pktproc   Packets dropped at socket level…
flow_rcv_err                    372      1 drop   flow   parse     Packets dropped: flow stage receive error
flow_policy_deny                404      1 drop   flow   session   Session setup: denied by policy
flow_fwd_tap_drop            983327   4023 drop   flow   forward   Packets dropped: Tap interface
flow_parse_l4_cksm                1      0 drop   flow   parse     Packets dropped: TCP/UDP checksum failure
flow_ip_cksm_sw_validation  1015433   4155 info   flow   pktproc   Packets for which IP checksum valida…
flow_tcp_cksm_sw_validation  992092   4059 info   flow   pktproc   Packets for which TCP checksum valid…
flow_tcp_cksm_err_sw              1      0 drop   flow   pktproc   Packets for which TCP checksum error…
tcp_drop_packet               30642    125 warn   tcp    pktproc   packets dropped because of failure …
tcp_drop_out_of_wnd             281      1 warn   tcp    resource  out-of-window packets dropped

Counters that increment at a rate of two digits: 
> show counter global filter delta yes | match drop\|[0-9]\{2\}.[a-z]
pkt_recv                                2590       32 info      packet    pktproc   Packets received
pkt_recv_zero                           1282       16 info      packet    pktproc   Packets received from QoS 0
pkt_sent                                2590       32 info      packet    pktproc   Packets transmitted
flow_np_pkt_rcv                         2590       32 info      flow      offload   Packets received from offload processor
flow_np_pkt_xmt                         1282       16 info      flow      offload   Packets transmitted to offload processor
flow_host_pkt_rcv                       1308       16 info      flow      mgmt      Packets received from control plane
flow_host_pkt_xmt                       1282       16 info      flow      mgmt      Packets transmitted to control plane
flow_health_monitor_rcv                 2590       32 info      flow      mgmt      Health monitoring packet received
flow_health_monitor_xmt                 2590       32 info      flow      mgmt      Health monitoring packet transmitted
pkt_flow_np                             1282       16 info      packet    resource  Packets entered module flow stage np
pkt_flow_host                           1308       16 info      packet    resource  Packets entered module flow stage host

STEP 3: Grep two or more patterns on different lines: 
> debug system process-info | match Name\|useridd
Name                   PID      CPU%  FDs Open   Virt Mem     Res Mem      State     
useridd                7229     0     23         577036       210924       S

Search for a process and print the time stamp to see a pattern: 
> grep pattern "--- processes\|varrcvr" mp-log mp-monitor.log
2019-04-24 13:04:07.107 +0800  --- processes
varrcvr                7380     0     6          601588       44436        S         
varrcvr        	      7380	         0 kB	     44412 kB
2019-04-24 13:07:07.124 +0800  --- processes
varrcvr                7380     0     6          601588       44364        S         
varrcvr        	      7380	         0 kB	     44364 kB
varrcvr        	      7380	         0 kB	     44316 kB
2019-04-24 13:10:07.145 +0800  --- processes
varrcvr                7380     0     6          601588       44292        S         
varrcvr        	      7380	         0 kB	     44268 kB

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLkSCAW&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language