The grep command is a crucial tool for Linux administration and in this article we’ll get you started with the basic understanding of its usage. Items of discussion within this topic that we will be covering include common usage options for grep and practical use case scenarios for the command.
What is grep?
Grep is a very important text filter command line tool which is strongly used among Linux Administrators. The command is used to search through files and logs in search of specific strings or patterns based off how you shape the command.
As an example for one use case, if you’re troubleshooting issues with SSH login access on a Linux machine you could ‘grep’ for that users IP address within /var/log/secure to return results and determine the issue. In the return output you’d see log entries in reference to their login failures and then be able to determine the problem.
There are a large amount of flags (options) and to use alongside the grep command. Many commands you can pipe into grep to make your results even more precise, such as ‘awk’ which we have an example of down below.
How to use grep for effective text searching
Commonly used options for grep:
Below are a few example of regular expressions used for grep options with grep that will aid in your searches.
Don’t forget you can always check the man pages in Linux for more usage options.
- -n will show the line number of your search pattern
$ grep -n example filename.txt
- -i will ignores case sensitivity for characters in a search pattern
$ grep -i ExAmPle filename.txt
- -r will recursively search through multiple files. This is handy when searching for a string/pattern down a file path and you’re unsure of the filename needing to access
$ grep -r example /var/www/html
- -l will lessen the results to make everything easier to read
$ grep -l example /var/www/html
- -c will count the number of matched expressions within a file
$ grep -c example filename.txt
- Use -irl in combination to recursive search through a directory path while ignoring case sensitivity and suppressing output:
$ grep -irl example /var/www/html
Using the grep command to search through logs
Lets say you have a user who is unable to log into your server using SSH and you are needing to troubleshoot the problem.
The following command shows how we can grep for that users name in order to determine the issue:
Also if you want to search without it being case sensitive just add some additional grep options.
If you’re unsure of capitalization of characters in a string you’re searching for you can always utilize -i such as below:
Using the grep command to locate a search pattern within files
Sometimes you’ll find yourself needing to find a specific string of text and need to know the line number.
In the below example we will be searching for the memory_limit value in PHP on Ubuntu Linux.
The following command will show how we could grep a php.ini file for the memory_limit and provide its line number:
Above we can see that grep located the search pattern and provided the line number that this specific directive is on.
What is awk?
Sometimes it is beneficial to clean up our results from a grep command. Perhaps you only want to display specific sections of matched lines in text. To do this you can combine the use of awk within the grep command.
The awk command is another popular text processing tool which is used as a filter to show specific pieces of text.
Both grep and awk work very well together in making our searches more detailed on what output is displayed.
Combining the grep command with awk
As shown below we can see an example txt file called “test.txt” which we’re trying to extract specific information from.
We’re using the ‘cat’ command below just to show all it contains and we see that there are columns of categories such as names, age, and location:
In the next example lets do a simple search using grep on the file for “carl” and make it non case sensitive.
Shown in the following command, grep displays the entire line for “carl” which includes the name, age, and location columns from the example file:
Now lets do another non case sensitive pattern search for characters as we did above, but this time lets only output a name (from column 1 of the txt file) in our match string:
To do so we would use following command:
Expanding the awk command while used with grep
In this next section we’re going to be more specific with the information we’d like to show as output in our pattern search. For example, lets say we want to display 2 columns within the same file. In this case we only want the name and location of the person be return in our pattern search.
In the following example we will expand onto the ‘awk’ command so that column 3 of the file is also displayed:
Using grep to review site traffic on a web server
Our next section is a different use case such as in a Web Hosting environment while trying to troubleshoot an issue.
Perhaps your site is seeing a lot of traffic and you suspect there could be some problematic IP addresses making requests to the site and causing issues.
To review the logs during troubleshooting and obtain information on what IP addresses are hitting the site the most, we could use the following example:
The following command displays the top 10 IP addresses with the most hits on a specific date:
$ grep -s "11/Dec/2024:1" /home/username/var/example.com/logs/transfer.log | awk '{print $1}' | cut -d: -f1 | sort | uniq -c | sort -rn | head
How to search recursively with the grep command
Sometimes you may not know the filename or location which contains a value you need to adjust.
In the below example we’ll show how you could search for a PHP directive to locate the file and line number the directive is on using the r flag for recursive and n flag for line number:
In the above example we used the r and n flags in our search pattern to sift recursively through a file path. Grep finds command traversed down the path and found the file names containing the specific pattern. With this we see the directory the file is located as well as the value of the directive in our grep output.
How to search recursively with the grep command and suppress output
If you did not want to have the line number shown as output while suppressing output to only display files within the path which contain ‘memory_limit’ you would combine the r and l flags:
The above grep command would only display the two files and their paths (output shown below) without the additional information as shown above with ‘grep -rn’ command
Conclusion
Overall we can now see the usefulness of the grep command but we’ve only just scratched the surface. We’ve covered the basic fundamentals of grep and how it can be used to review files and logs while combining it with other commands such as ‘awk’ to make our search results more pleasing to the eyes.
Leave a Reply