Grep is your friend

GREP stands for Global Regular Expression Print. I think that every sysop loves grep, grepping and anything that has something in common with grep – this tool makes our lives really easier ;) If You’re not convinced than I think You’re in a good place – maybe the following text will convince You :)

Excluding irrelevant words

Sometimes We have to grep for some word but We have to exclude some irrelevant string. E.g. let’s grep for ‘index.html’ but let’s also exclude ‘404’ from this:

grep 'index.html' access.log | grep -v 404


Eextended grep, same as grep -e or grep –regexp=, allows us to do more powerful search including regular expressions with metacharacters like +, ?, | and ():

egrep "html|cgi" access.log

Counting results

If we just want to know the number of lines that matched our query – We would use:

grep -c 'index.html' access.log

Case Insensitive search

By default grep is case sensitive, If we want to make case insensitive search than we use:

grep -i 'Index' access.log

Matching eXact word only

By default grepping for Word will return lines containing SomeWord and WordSomething (doesn't take care of word boundaries). If we would like to find only those lines containing exact word Word We should use:

grep -x '404' access.log

grep -w could be also useful above.

Matching left and right side of the word

To search for instances of string matching Word in the end or start (boundaries) We use \< or >

Below would match any word starting with access, like access_entry:

grep '\<access'

Below would match any word ending with error, like general_error:

grep 'error\>'

Showing context results

Sometimes We would like to grep for some errors in logs, but we also would like to view the context of that log entry – e.g. grepping for ‘Relay access denied‘ in Postfix logs to see If that error is occurring with some pattern:

grep --context=3 'Relay access denied' maillog

zgrep - grepping through compressed files

This one would grep in the compressed gzip file – just like gunzip -c flog.gz | grep Word:

zgrep 'Relay access denied' maillog3.gz

Coloring matched words

We can highlight our matched words with some color (check man page to see how to set exact color):

grep  --color 'Relay access denied' maillog3.gz