Grep

(Updated: 2019-09-05)

Overview

Basic Command Syntax

# Output all lines that contain 'target string' in filename.log

grep 'target string' /var/log/filename.log

# Output all lines that contain 'target string' in multiple files

grep 'target string' filename1 filename2 filename3

Ignore Case

Use -i:

# Return lines containing 'David', 'david', 'DAVID' etc

grep -i 'david' /var/log/auth.log

Recursive Search

Use -r:

# Search all apache log files for example.com/about

grep -r "example.com/about" /var/log/apache2

# Sample Output:

/var/log/apache2/example.com.access.log.1:88.87.168.109 - - [12/Oct/2016:21:33:16 +0100] "GET /uploads/2015/08/example.jpg 
HTTP/1.1" 200 628726 "http://example.com/about/" "Mozilla/5.0 (Linux; Android 6.0.1; SM-G920F Build/MMB29K) 
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.124 Mobile Safari/537.36"

To suppress the filename. use the -h option. This example shows suppressed filenames and sends the result output to a file:

grep -h -r "example.com/about" /var/log/apache2 > ~/about-log

Search for Whole Words

Grep will return lines that contain the target string - it may be a fragment of another string. To return only lines containing the target string as a distinct word, use the -w option:

# Return lines containing 'example' as a distinct word

grep -w 'example' /var/log/logfile.log

Search for many words requires egrep (extended grep), or escaping the pipe character:

# Returns lines that contain either specified word using egrep

egrep -w "david|elaine" /var/log/auth.log

# Same:

grep -w "david\|elaine" /var/log/auth.log

# Recursively search apache logs for either specified string:

egrep -Rwi --color 'example.com/about|example.com/contact' /var/log/apache2


Basic Usage


          
egrep or grep -ERun grep with extended regular expressions.

          
-iIgnore case (ie uppercase, lowercase letters).

          
-vReturn all lines which don't match the pattern.

          
-wSelect only matches that form whole words.

          
-cPrint a count of matching lines.

          
-lPrint the name of each file which contains a match.

          
-nPrint the line number before each line that matches.

          
-rRecursive, read all files in given directory and subdirectories.


Regular Expressions


          
.A single character

          
[abc]Range. ie any one of these characters

          
[^abc]Not range. A character that is not one of those enclosed.

          
(abc)Group these characters and remember for later.

          
\nRecall the charactes matched in that set of brackets.

          
|The logical 'or' operation.

          
\In front of a character, removes it's special meaning.


RE Multipliers


          
?The preceding item is optional, it is matched zero or one times.

          
*The preceding item will be matched zero or more times.

          
+The preceding item will be matched one or more times.

          
{n}The preceding item will be matched exactly n times.

          
{n,}The preceding item will be matched n or more times.

          
{n,m}The preceding item will be matched between n and m times.


RE Anchors


          
^From the beginning of the line.

          
$To the end of the line.

          
\<At the beginning of a word.

          
\>At the end of a word.

          
\bMatch either the beginning or end of a word.


Examples


          
egrep 'mellon' myfile.txtPrint every line in myfile.txt containing the string 'mellon'.

          
>egrep -n 'mellon' myfile.txtSame as above but print a line number before each line.

          
egrep '(.)bb\1' myfile.txtFind every line with 2 b's and the same char before and after b's.

          
egrep -l '[0-9]{8,}' /files/projectx/*Print each file in the projectx which contains a number of 8 digit or more

          
egrep '\b[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,4}\b' myfile.txtPrint every line contains an email address




Note: this is just a simple email matching pattern.  There is a miniscule number of email addresses it will not match.