Table of Contents
This tip is about the how To Utilize grep Command In Linux/UNIX. So read this free guide, How To Utilize grep Command In Linux/UNIX step by step. If you have query related to same article you may contact us.
How To Utilize grep Command In Linux/UNIX – Guide
On Linux or Mac OS X, how do I use the grep command? How do I use the grep command on a Unix system? Can you give me some examples of how to use the grep command? Grep is a crucial command on Linux and Unix. It is used to find text and strings within a file. In others words, the grep tool looks for lines in a given file that match the given letters or phrases. It is one of the most useful commands for developers and system administrators on Linux and Unix-like systems. let’s look at how to use grep in a Linux or Unix-like environment.
How to use grep command on Linux/UNIX
Search a file for a specific word
This is actually one of the most elementary uses of grep. Let’s say I want to inspect the contents of the /var/log/secure log for any instances of failure. I would type.
grep failure /var/log/secure
This is an example of what grep can return.
April 4 06:45:29 smatteso-vm1 sshd[14836]: pam_unix(sshd:auth): authentication failed; logname= uid=0 euid=0 tty=ssh ruser= rhost= qualys-corp.testdomain.com user=8boa5lv2rn8pso8Apr 4 06:45:31 smatteso-vm1 sshd[14844]: pam_unix(sshd:auth): authentication failed; logname= uid=0 euid=0 tty=ssh ruser= rhost= qualys-corp.testdomain.com user=13hr26mnm8wo4k
Add the -i option (eg grep -i) to perform a case-insensitive search. In the example above, this would return lowercase “failure”, uppercase “FAILURE”, or any combination of them, such as “Failure.”.
Search for a file by multiple words
This command allows you to check various words in a file – note the use of the single quotes, the backslash and the pipe command between them.
grep ‘open|closed’ /var/log/secure
This is what grep can return.
April 2 03:45:07 smatteso-vm1 sshd[16278]: Connection closed by 10.1.7.101
Apr 2 03:46:42 smatteso-vm1 su: pam_unix(su-l:session): session opened for user phxinst1 by (uid=0)
Apr 2 03:46:45 smatteso-vm1 su: pam_unix(su-l:session): session closed for user phxinst1
Apr 2 03:46:45 smatteso-vm1 su: pam_unix(su-l:session): session opened for user phxinst1 by (uid=0)
Get an instance count
You might not really want to see the output of the grep command, but say how many matches your search found. This is accomplished using the -c (count) option:
grep failure /var/log/secure -c
Grep will return a number like this. You can do some smart things with this switch. For example, if I want to know how many processors are on my system, I could type:
grep -c processor /proc/cpuinfo
Display line numbers for each match
It can be helpful to know which line number your search results appear on. To do this, add the -n (number) option.
grep -n fails /var/log/secure
Grep would then return something like this.
1601:4 april 06:45:29 smatteso-vm1 sshd[14836]: pam_unix(sshd:auth): authentication failed; logname= uid=0 euid=0 tty=ssh ruser= rhost= qualys-corp.testdomain.com user=8boa5lv2rn8pso8
1612:4 april 06:45:31 smatteso-vm1 sshd[14844]: pam_unix(sshd:auth): authentication failed; logname= uid=0 euid=0 tty=ssh ruser= rhost= qualys-corp.testdomain.com user=13hr26mnm8wo4k
Return only a specific number of matches
Let’s say I only want to see the top five search results. I can reduce them using the -m (max count) option.
grep -m5 fails /var/log/secure
Here is an example of the results.
April 4 06:45:29 smatteso-vm1 sshd[14836]: pam_unix(sshd:auth): authentication failed; logname= uid=0 euid=0 tty=ssh ruser= rhost= qualys-corp.testdomain.com user=8boa5lv2rn8pso8Apr 4 06:45:31 smatteso-vm1 sshd[14844]: pam_unix(sshd:auth): authentication failed; logname= uid=0 euid=0 tty=ssh ruser= rhost= qualys-corp.testdomain.comuser=13hr26mnm8wo4k
Displays all entries that are NOT a match.
There are a few scenarios where you might want to do a reverse search and show results that DO NOT match your input. Just add the -v option here. For example, to see entries in the /var/log/secure file that do not represent the type word “fail”.
grep -v fails /var/log/secure
And then you would get results like this.
April 2 03:45:07 smatteso-vm1 sshd[16278]: Connection closed by 10.1.7.101
Apr 2 03:46:42 smatteso-vm1 su: pam_unix(su-l:session): session opened for user phxinst1 by (uid=0)
Apr 2 03:46:45 smatteso-vm1 su: pam_unix(su-l:session): session closed for user phxinst1
Apr 2 03:46:45 smatteso-vm1 su: pam_unix(su-l:session): session opened for user phxinst1 by (uid=0)
Of course you can combine strings like -v and -n.
grep -v -n fails /var/log/secure
Which would show all non-matching entries with their associated line numbers.
1:2 april 03:45:07 smatteso-vm1 sshd[16278]: Connection closed by 10.1.7.101
2:2 Apr 03:46:42 smatteso-vm1 su: pam_unix(su-l:session): session opened for user phxinst1 by (uid=0)
April 3:2 03:46:45 smatteso-vm1 su: pam_unix(su-l:session): session closed for user phxinst1
4:2 Apr 03:46:45 smatteso-vm1 su: pam_unix(su-l:session): session opened for user phxinst1 by (uid=0)
5:2 Apr 03:46:48 smatteso-vm1 su: pam_unix(su-l:session): session closed for user phxinst1
Search across multiple files
Grep can do much more than just searching the contents of a specific file. You can use what is known as recursive search to cover entire directories, subdirectories, or the entire file system and get results showing each filename that contains its search value. This is done using the -r option, which I will use to look up my user account name in the /etc directory.
grep -r “smatteso” /etc
Here is an example of the results.
/etc/hosts:10.1.52.237 smatteso-vm1.dwi.testdomain.com smatteso-vm1
/etc/sysconfig/network-scripts/ifcfg-eth0:HOSTNAME=”smatteso-vm1″
/etc/sysconfig/rhn/systemid:
smatteso-vm1.dwi.testdomain.com /etc/sysconfig/network:HOSTNAME=smatteso-vm1
You can search the entire file system by changing that “/etc” to “/”:
grep -r “smatteso” /
Displays only the filenames that match the search
I’m not a fan of clutter, so to only get the list of filenames that match my search (and not the contents of the files themselves) I can add the -l option.
grep -rl “smatteso” /etc
Which would return results like this:
/etc/hosts
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/rhn/systemid
/etc/sysconfig/network
As discussed earlier, you can reverse this to display filenames that don’t contain your search terms, using the -L option instead of -l.
grep -rL “smatteso” /etc
Search logged messages by date
An especially useful element when using grep is scouring the log files looking for messages that were logged on a certain date. Let’s say I want to see everything recorded on April 5th.
grep “April 5th” /var/log/messages
I would get results like that.
Apr 5 00:00:01 smatteso-vm1 audispd: node=smatteso-vm1 type=USER_ACCT msg=audit(1491364801.741:135867): user pid=50149 uid=0 auid=4294967295 ses=4294967295 msg=’op=PAM: accounting acct=”phxinst1″ exe=”/usr
/sbin/crond” hostname=? address=? terminal=cron res=success’
Apr 5 00:00:01 smatteso-vm1 audispd: node=smatteso-vm1 type=USER_ACCT msg=audit(1491364801.741:135866): user pid=50143 uid=0 auid=4294967295 ses=4294967295
This also works for a specific time period if you add this of course. To only see messages logged at 6am, I can add “06:00” to the command.
grep “April 5th 06:00” /var/log/messages
Apr 5 06:00:01 smatteso-vm1 audispd: node=smatteso-vm1 type=USER_ACCT msg=audit(1491386401.774:143444): user pid=33946 uid=0 auid=4294967295 ses=4294967295 msg=’op=PAM: accounting acct=”phxinst1″ exe=”/usr/sbin/crond” hostname=? address=? terminal=cron res=success’
Apr 5 06:00:01 smatteso-vm1 audispd: node=smatteso-vm1 type=USER_ACCT msg=audit(1491386401.774:143445): user pid=33945 uid=0 auid=4294967295 ses=4294967295 msg=’op=PAM: accounting acct=”phxinst1″ exe=”/usr/sbin/crond” hostname=? address=? terminal=cron res=success’
Use grep with other commands
Grep can be used with any other command you like. Let’s say I want to find any log file containing the word spice. I can use the find command and pipe the results to grep as follows:
meet . -name “*.log” | grep -i seasoning
See an example of the results:
./spice-vdagent.log
The history file, which contains a list of recently typed commands, is one of the best elements of Linux. You can also search the history file for specific terms (e.g. “pam_tally2”) to see when they were last used and what the appropriate syntax is.
history | grep pam_tally2
324 2017-04-06 13:50:25 pam_tally2
325 2017-04-06 13:50:29 pam_tally2 -u smatteso -r
350 2017-04-06 14:05:44 history | grep pam_tally2
You can use grep with “netstat” to see the listening ports, say port 22, for example:
netstat-anp | grep 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2154/sshd
tcp 0 0 10.1.52.237:22 10.1.13.63:51704 ESTABLISHED 40441/sshd
tcp 0 32 10.1.52.237:22 10.1.13.63:51701 ESTABLISHED 40434/sshd
tcp 0 0 :::22 :::* LISTEN 2154/sshd
You can also search for a specific process identifier. In this example, I will check if any process called “spice” is running.
ps-aux | grep seasoning
root 2179 0.0 0.0 15900 1076 ? Ss Mar31 0:00 /usr/sbin/spice-vdagentd
root 2855 0.0 0.0 103328 888 pts/0 S+ 12:41 0:00 grep spice
gdm 5430 0.0 0.0 34488 1604 ? Ss Mar31 0:00 /usr/bin/spice-vdagent
Final note
I hope you like the guide How To Utilize grep Command In Linux/UNIX. In case if you have any query regards this article you may ask us. Also, please share your love by sharing this article with your friends.