NAME
rwsetmember - Determine whether IP address(es) are members of an IPset
SYNOPSIS
rwsetmember [--count] [--quiet] PATTERN [INPUT_SET [INPUT_SET...]]
rwsetmember --help
rwsetmember --versionDESCRIPTION
rwsetmember determines whether an IP address or pattern exists in one or more IPset files, printing the name of the IPset files that contain the IP and optionally counting the number of matches in each file. PATTERN can be a single IP address, a CIDR block, or an IP Wildcard expressed in the same form as accepted by rwsetbuild(1).
If an INPUT_SET is not given on the command line, rwsetmember will attempt to read an IPset from the standard input. To read the standard input in addition to the named files, use - or stdin as a file name. If an input file name ends in .gz, the file will be uncompressed as it is read.
When rwsetmember encounters an INPUT_SET file that it cannot read as an IPset, it prints an error message and moves to the next INPUT_SET file.
To create an IPset file from SiLK Flow records, use rwset(1), and to create one from text, use rwsetbuild(1). rwsetcat(1) prints an IPset file as text.
OPTIONS
Option names may be abbreviated if the abbreviation is unique or is an exact match for an option. A parameter to an option may be specified as --arg=param or --arg param, though the first form is required for options that take optional parameters.
- --count
-
Follow each set filename by a colon character and the number of pattern matches in the IPset. Files that do not match will still be printed, but with a zero match count. The --count switch is ignored when --quiet is also specified.
- --quiet
-
Produce no standard output. The exit status of the program (see below) should be checked to determine whether any files matched.
- --help
-
Print the available options and exit.
- --version
-
Print the version number and information about how SiLK was configured, then exit the application.
EXAMPLES
In the following examples, the dollar sign ($) represents the shell prompt. The text after the dollar sign represents the command line.
To quickly check whether a single set file contains an address (check the exit status):
$ rwsetmember --quiet 192.168.1.1 file.setTo display which of several set files (if any) match a given IP address:
$ rwsetmember 192.168.1.1 *.setTo display the same, but with counts from each file:
$ rwsetmember --count 192.168.1.1 *.setTo find all sets that contain addresses in the 10.0.0.0/8 subnet:
$ rwsetmember 10.0.0.0/8 *.setTo find files containing any IP address that ends with a number between 1 and 10 (this will use a lot of memory):
$ rwsetmember x.x.x.1-10 *.setEXIT STATUS
rwsetmember exits with status code 0 if any file matched the pattern or 1 if there were no matches across any files or if there was a fatal error with the input.
SEE ALSO
