CExpr.exe

This program provides access to the BMC Defender Server expression functions.  The program can be used as a simple filter, reading standard input, and output records that match the specified expression.  Each expression can consist of keywords, wildcards, logical combinations joined by and, or, not functions, as well as BMC Defender macros.  Refer to the BMC Defender Expression help for detailed information.

Usage and Syntax

Usage:type (infile) | cexpr.exe "(expr)"
Also:  cexpr.exe -file (infile) "(expr)"
Also:  cexpr.exe –file (infile) –qfile (queryfile)

Arguments

-file

This argument, if it exists, is the input file to process. The input file must be followed by a valid (infile) argument, that is the pathname of the file to process. If this option is omitted, the CExpr program reads standard input and writes the matched results to standard output.

(infile)

This argument must follow the -infile argument, and is the full or relative pathname of the file to process.

(expr)

This argument is any BMC Defender expression, including keywords, wildcards, and match expressions, logical parenthetically organized lists of expressions, macros, and combination of macros, and lists. The argument must be in double quotes if it contains any spaces.

-qfile

This argument if it exists, is the pathname to a file containing the query to execute. The argument must be followed by the name of the file containing the query to execute. This argument cannot be used if an expression is specified on the command line.

(queryfile)

This argument must follow the -query argument, and is a file that contains the expression. The file should contain a valid query (possibly spanning multiple lines.) Multiple blanks are stripped from the final expression. This provides a method of specifying a match expression that is involved to enter into the command line.

Application

The CExpr.exe program is commonly used as a filter to match specific values in the input stream (either standard input of the name of the file specified by the -file option.) The program operates as a find or grep type command line utility, except the program accepts the rich assortment of BMC Defender Server match expressions available for use in correlation threads and other BMC Defender program locations. This provides a simple and powerful way to extract specific messages from an input stream or file.

The output of the program consists of lines that satisfy the expression. 

Note

Any valid BMC Defender expression can be used except for the Global Variables function documented in the online help files for the BMC Defender Server.

In particular, the program accepts:

  1.  Simple keywords.
  2.  Keywords with wildcard characters (*) or (?) or (^).
  3.  Logical combinations of keyword separated by and, or, not, xor.
  4.  Macro values found in the Correlation > Macros and Correlation > Lists screens.

The expression passed to the program should be double-quoted. If the match pattern contains a double-quote (as might often be the case) the double-quote character should be escaped with a backslash and character, or you can substitute a single quote within the double quotes.

Help on BMC Defender expressions can be found in various locations, including the Expression Help hyperlink found on various BMC Defender Server screens.

Examples
REM: Find all occurrences of "security" in the
REM: mylog.txt file. Since the "security" argument

REM: contains no spaces, double quotes are optional.

type mylog.txt|CExpr.exe security

REM: Look for keywords aaa or bbb but not a value in
REM: the @@excl@@ macro or list. The program reads
REM: standard input from the MSDOS "type" program.

type *.log|CExpr.exe "(aaa or bbb) and not @@excl@@"

REM: Look for any value in the @@mylist@@ list of
REM: values. The file "myfile.txt" is used as input.

CExpr.exe –f myfile.txt @@mylist@@

REM: Look for the keyphrase "Phrase A" or "Phrase B"
REM: in my.log file. Note that the double quote
REM: characters must be escaped here with backslashes.

type my.log|CExpr.exe "\"phrase a\" or \"phrase b\""

REM: Identical to above, except that rather than
REM: escaping the double quotes with a backslashes,
REM: single quotes are used within the outer double
REM: quotes, to delimit the phrase.

type my.log|CExpr.exe " 'phrase a' or 'phrase b' "

REM: Return any value in the log messages where the
REM: time of the message value is greater than 5 PM
REM:(17:00:00). (Note that the time of the message is
REM: the second word of the message.)

type mylog.txt|CExpr.exe "$2 lge 17:00:00"

REM: Return the values based upon the match expression
REM:contained the "qfile.txt" file. The "qfile.txt"
REM: file contains a valid match pattern, possibly
REM: spanning multiple lines. Note that both the
REM: "-file" and "-qfile" arguments are required.

CExpr.exe –file \temp\input.txt –qfile \temp\query.txt

Related topic

Command-reference

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*