Ref: 22400001
Title: Shell Script for Audit Trail Searching
Date: 8/31/90

Copyright 3Com Corporation, 1991.  All rights reserved.

In a large network environment with heavy network activities, searching for
network information related to a particular server in an audit trail file
is a time-consuming task.  The following shell script is designed to
simplify this task.  The "search_audit" shell script searches for the
matching Ethernet or TCP/IP address in a specified audit trail file.  If a
pattern is matched, the output will be displayed on the screen.  If it does
not match, an appropriate message will appear.

This shell must be created under the "/usr/ncs/local" directory.

Note:  Wherever <Address> appears in script, insert "Ethernet address" or
"Internet address," depending on the protocol you are using.

-------------------------------------------------------------------
#! /bin/csh -f
#
#  NAME
#
#      search_audit
#
#  SYNOPSIS
#
#      search_audit <Address> <audit.mmdd>
#

set noglob

if ( $#argv !=2 ) goto usage

if ( $argv[1] == "?" ) then
   usage:
       echo  "Usage:  search_audit '<Address>' '<audit.mmdd>'"
       exit
endif

cd /usr/NCS/AUDIT_TRAIL
grep $argv[1] $argv[2] >> tmp
if ( -z tmp ) then
   echo "No $argv[1] in the $argv[2] file"
else
   more tmp
endif
-----------------------------------------------------------------------

To make this shell script executable after it has been created, enter the
following command:

  chmod +x search_audit

To execute this shell script, enter the following command:

  search_audit <Address> <audit.mmdd>

example search_audit 129.001.001.010 audit.0828

