Grep is your friend
GREP stands for Global Regular Expression Print. I think that every sysop loves grep, grepping and anything that has something in common with grep – this tool makes our lives really easier ;) If You’re not convinced than I think You’re in a good place – maybe the following text will convince You :)
Excluding irrelevant words
Sometimes We have to grep for some word but We have to exclude some irrelevant string. E.g. let’s grep for ‘index.html’ but let’s also exclude ‘404’ from this:
grep 'index.html' access.log | grep -v 404
egrep
Eextended grep, same as grep -e or grep –regexp=, allows us to do more powerful search including regular expressions with metacharacters like +, ?, | and ():
egrep "html|cgi" access.log
Counting results
If we just want to know the number of lines that matched our query – We would use:
grep -c 'index.html' access.log
Case Insensitive search
By default grep is case sensitive, If we want to make case insensitive search than we use:
grep -i 'Index' access.log
Matching eXact word only
By default grepping for Word will return lines containing SomeWord and WordSomething (doesn't take care of word boundaries). If we would like to find only those lines containing exact word Word We should use:
grep -x '404' access.log
grep -w could be also useful above.
Matching left and right side of the word
To search for instances of string matching Word in the end or start (boundaries) We use \< or >
Below would match any word starting with access, like access_entry:
grep '\<access'
Below would match any word ending with error, like general_error:
grep 'error\>'
Showing context results
Sometimes We would like to grep for some errors in logs, but we also would like to view the context of that log entry – e.g. grepping for ‘Relay access denied‘ in Postfix logs to see If that error is occurring with some pattern:
grep --context=3 'Relay access denied' maillog
zgrep - grepping through compressed files
This one would grep in the compressed gzip file – just like gunzip -c flog.gz | grep Word:
zgrep 'Relay access denied' maillog3.gz
Coloring matched words
We can highlight our matched words with some color (check man page to see how to set exact color):
grep --color 'Relay access denied' maillog3.gz