Cisco pipe Command Examples with Regular Expressions

We use the pipe (|) command more frequently on Cisco devices to get specific output of show & troubleshooting commands. Below are the available options for Pipe (|) command from Cisco ASR1002 Router.

Cisco_Router#sh run | ?
append   Append redirected output to URL (URLs supporting append operationonly)
begin   Begin with the line that matches
count  Count number of lines which match regexp
exclud   eExclude lines that match
format   Format the output using the specified spec file
include   Include lines that match
redirect  Redirect output to URL
section   Filter a section of output
tee    Copy output to URL

Append option will send all output from the show command to be appended to a file already created at either a local (flash: disk:) or remote (ftp: tftp:) location.
Example: The below command would copy the output off the show running-config command to an ftp server using a username and password.

Cisco_Router#show run | append ftp://myuser:mypass@10.10.10.10/ASR1002/running_config

Begin option will display the output from the first line that matches the expression/text that follows the begin command and expression/text after begin is case sensitive.
Example: The command below begins the output from router bgp and output everything after that line because the first line matches our expression.

Cisco_Router#sh run | begin router bgp
router bgp 112
bgp router-id 11.10.23.1
bgp log-neighbor-changes
bgp graceful-restart restart-time 120
bgp graceful-restart stalepath-time 360
bgp graceful-restart

Count option will display the number of lines which matches with regular expression. In below example, Router running configuration has 8 line with bgp.

Cisco_Router#sh run | count ?
LINE Regular Expression

Cisco_Router#sh run | count bgp
Number of lines which match regexp = 8

Exclude removes all lines that match the expression from the output. Example: This will remove all lines beginning with a capital G (all GigabitEthernet interfaces) while showing all other lines.

Cisco_Router#sh ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 10.13.11.12 YES NVRAM upup
GigabitEthernet0/0/1 unassigned YES unset administratively down down
GigabitEthernet0/0/2 unassigned YES unset administratively down down
GigabitEthernet0/0/3 unassigned YES unset administratively down down
GigabitEthernet0 unassigned YES NVRAM administratively down down
Loopback0 192.168.253.1 YES NVRAM upup
Port-channel10 172.16.22.21 YES NVRAM upup

Cisco_Router#sh ipint brie | e ^G
Interface IP-Address OK? Method Status Protocol
Loopback0 192.168.253.1YES NVRAM upup
Port-channel10 172.16.22.21 YES NVRAM up up

Include only displays the lines matching the expression. Example: This will only display lines starting with a capital G (all GigabitEthernet Interfaces) or a L (Loopback Interfaces).

Cisco_Router#sh ip interface brief | i ^(G|L)
GigabitEthernet0/0/0 10.13.11.12 YES NVRAM upup
GigabitEthernet0/0/1 unassigned YES unset administratively down down
GigabitEthernet0/0/2 unassigned YES unset administratively down down
GigabitEthernet0/0/3 unassigned YES unset administratively down down
GigabitEthernet0 unassigned YES NVRAM administratively down down
Loopback0 192.168.253.1 YES NVRAM upup

Redirect sends all output to a file that can be either local or remote similar to append but redirect either creates a new file or overwrites an existing one. Example: This will send the output to a local file on disk0 (there is no terminal output from this command).

Cisco_Router#show access-lists | redirect flash0:accesslists

Section option will display all output related to particular section. Example: It displayed complete BGP configuration.

Cisco_Router#sh run | section ?
LINE Regular Expression
exclude Exclude entire section(s) of output
include Include entire section(s) of output

Cisco_Router#sh run | section bgp
router bgp 112
bgp router-id 11.10.23.1
bgp log-neighbor-changes
bgp graceful-restart restart-time 120
bgp graceful-restart stalepath-time 360
bgp graceful-restart

Tee similar to append and redirect but also sends the output to the terminal. The default is similar to redirect (create new or overwrite) and to display to terminal although append behavior (append to existing file) can be enabled with the /append switch. Example: This will append the output to a file on a tftp server and display the output to the terminal too.

Cisco_Router# show access-list | tee /append tftp://10.10.10.10/ASR1002/accesslist

Regex (Regular Expressions)

The expressions for the commands above can either be simple words or regular expressions. There are lots of sites about regex but here are a few examples.

Pipe with OR Operation:

We can use pipe (|) command multiple times between keywords and it will display output when either any one of the keyword is matching in single line.

Cisco_Router#sh int status | i notconnect|disabled|down
Gi1/1/1 notconnect 1 full 1000 1000BaseSX
Gi1/1/2 disabled routed full 1000 No Transceiver
Gi1/1/3 disabled routed full 1000 No Transceiver
Gi1/1/4 disabled routed full 1000 No Transceiver
Gi1/1/5 disabled routed full 1000 No Transceiver

Cisco_Router#sh int status | i (disabled)|(notconnect)|(down)
Gi1/1/23 disabled routed full 1000 No Transceiver
Gi1/1/24 disabled routed full 1000 No Transceiver
Gi1/2/1 notconnect routed full 1000 10/100/1000BaseT
Gi1/2/2 notconnect routed full 1000 10/100/1000BaseT

Pipe with AND Operation:

We can use between multiple keywords with AND operation as below and it will display output when all keywords are matching in single line.
Cisco_Router#sh int status | i (.*disabled.*routed.*full.)
Gi1/1/2 disabled routed full 1000 No Transceiver
Gi1/1/3 disabled routed full 1000 No Transceiver
Gi1/1/4 disabled routed full 1000 No Transceiver
Gi1/1/5 disabled routed full 1000 No Transceiver
Gi1/1/6 disabled routed full 1000 No Transceiver
Gi1/1/7 disabled routed full 1000 No Transceiver

Cisco_Router#sh int status | i (.*disabled.*822.)
Gi2/2/37 server- Gi0/1 disabled 822 auto auto 10/100/1000BaseT
Gi2/2/38 server-Gi0/1 disabled 822 auto auto 10/100/1000BaseT

Interface list with Counters Errors:

Example below will give all the interfaces which have errors other than zero.

Cisco_Router#sh int counters errors | i Port|_[1-9]+
Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSizeOutDiscards
Gi1/2/3 0 0 0 1 0 0
Gi1/2/4 0 0 0 0 0 3
Gi1/2/8 0 0 0 0 0 1594272580
Te1/3/7 0 6 0 6 0 0
Gi2/2/8 0 0 0 0 0 1591979129
Te2/3/6 0 50 0 51 0 0

Interface list with applied ACL:

Example below will give interface along with applied ACL access-group details. You can use same logic to find out applied policy maps on interfaces also.

Cisco_Router#sh run | include (^interface [A-Z])|(ip access-group [0-9a-zA-Z])

interface Vlan255
ip access-group 177 out

IP  and IP helper address:

Cisco_Router#sh run | incl address [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
ip address 10.203.254.1 255.255.255.255
ip address 172.16.99.200 255.255.255.255
ip address 172.16.99.200 255.255.255.255
ip address 172.16.99.200 255.255.255.255
ip address 12.21.25.250 255.255.255.0

IP address on interfaces that starts with space:

Cisco_Router#sh run | incl ^ ip address [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
ip address 10.203.254.1 255.255.255.255
ip address 172.16.99.200 255.255.255.255
ip address 172.16.99.200 255.255.255.255
ip address 172.16.99.200 255.255.255.255

Syslog messages for interface with date:

Cisco_Router#show log | i Sep 18.*Vlan919
000233: Sep 18 14:25:24.054 CDT: %PIM-SW1-5-DRCHG: DR change from neighbor 0.0.0.0 to 10.200.210.1 on interface Vlan919

Interfaces begin with a capital letter:

Below expression will display all interface which begin with a capital letter and Will not match lines that start with a space. ^ Matches the start of a line and [A-Z] matches all capital letters

Cisco_Router#show int | include ^[A-Z]
Vlan1 is up, line protocol is up
Vlan2 is up, line protocol is up

Loopback0 is up, line protocol is up
.
The example below matches the same as the first example OR and line that includes “Last in”. The second | enables the or function and “Last in” literally matches any occurrence of that phrase.

Cisco_Router#show int | include ^[A-Z]|Last in
Vlan1 is up, line protocol is up
Last input 00:00:00, output 00:00:01, output hang never
Vlan2 is up, line protocol is up
Last input 00:00:01, output 00:00:00, output hang never

Loopback0 is up, line protocol is up
Last input never, output never, output hang never

Cisco ASA Firewall Examples:

On an ASA this time. This example matches two digits from 0-9 followed by a dot. The \ before the dot makes it match the literal dot. Again we use a second pipe for an or function and match a specific word.

Cisco_ASA# show processes cpu-usage sorted | include [0-9][0-9]\.|08bdbd11
081ae324 d59cf870 24.3% 25.6% 25.4% Dispatch Unit
08bdbd11 d59c7098 0.0% 0.0% 0.0% tcp_fast

This time we exclude all lines that have 0.0% 0.0% 0.0% OR have two digits followed by a dot ie. >= 10%.

Cisco_ASA# show processes cpu-usage sorted | exclude 0.0%.*0.0%.*0.0%|[0-9][0-9]\.
PC Thread 5Sec 1Min 5Min Process
08bd08e6 d59a9110 0.8% 0.9% 0.9% Logger
08b9dc8c d59994e8 0.2% 0.2% 0.1% ssh
083×1452 d59a23d8 0.1% 0.1% 0.1% fover_health_monitoring_thread

Cisco_ASA# show access-list | inc 192.168.1[5-9].*cnt=0
access-listFW_ACL_Outside line 4 extended permit ip 192.168.16.0 255.255.255.0 any (hitcnt=0) 0xfd96397
access-listFW_ACL_Outside line 4 extended permit ip 192.168.17.0 255.255.255.0 any (hitcnt=0) 0x4dd97bd
There is no “real” AND function but you can use .* (dot then star) to match everything between two other expressions. Above we match acls from 192.168.15-19.x AND that have a hit count of zero.

Regex is powerful tool and we can design a logic based on our requirement. It is useful in Network automation tasks using scripting languages to get desired output from troubleshoot or show commands. Example: If you want to find the list of Routers which they have some particular route from “show ip route” output on complete Network Gear, You can use this pipe command with regex to get it.

Filed Under: Cisco IOS

Tags:

About the Author:

RSSComments (0)

Trackback URL

Leave a Reply




If you want a picture to show with your comment, go get a Gravatar.