GREP is an executable that can be run by any user in the system unless otherwise configured by an administrator. GREP supports streams of data from STDIN ("<"), File (one or more) and Pipe.
An open file in a text editor is called a buffer. Suppose we have a text file, test.txt, with the following content:
Debian
Debian Linux
Debian2010
SUSE Linux
debian
dEbIaN
DEBIAN
SUDE Linux 9999
Debian9
Debian9 Linux
Right now, we parse it for specific lines. For example, to find the word "Debian" (case-sensitive by default), use:
grep "Debian" test.txtWe will only get the first three lines, since the search was case sensitive. To turn off case-sensitivity, use the -i parameter.
To do an "exclude" search, use the -v parameter. Combining it with -i (resulting in -vi), GREP will return only the SUSE Linux line.
GREP can also perform numeric searches. The following command will search for "2010" in a line regardless of its position:
grep "2010" test.txtIf we want to see both Debian2010 and SUSE Linux 9999, we need to search for a character class. This is a REGEXP convention. Character classes are specified using square brackets. For example, we want to match any line with characters 0 through 9:
grep "[0-9] test.txtWe can use REGEXP to search for lines beginning and ending with certain characters. Use the caret (^) to anchor to the beginning of the line, and the dollar sign ($) to anchor to the end of the line. For example, to search for anything beginning and ending with "Debian":
grep -i "^Debian$" test.txtThis will only return lines:
Debian
debian
dEbIaN
DEBIAN
Character classes can be inserted into the middle of the search, like:
grep -i "^Debian[0-9]$" test.txtThis will only return Debian9.
REGEXP also supports quantifiers. For example, * searches for 0 or more characters. ? searches for 0 or 1 characters. + searches for 1 or more characters. When using quantifiers, we need to invoke the egrep command. To include Debian2010 into the search, use:
egrep -i "^Debian[0-9]+$" test.txtWe will now try to parse real log files from the /var/log. We will be using the messages file. messages is owned by root, so we will need to use the "su" command:
suIf you use su (switch user) without typing any account name, it goes into root by default.
If we want to search for the word "ERROR" in messages, type:
grep -i "ERROR" messagesIf we want to see how many lines were returned, we can pipe it into wc:
grep -i "ERROR" messages | wcAnother way we want to use GREP is to pipe the output into tail. This shows the last 5 logged lines with "ERROR":
grep -i "ERROR" messages | tail -n 5
No comments :
Post a Comment