Like using the word “grok” in conversation, saying “grep” out loud brands you a SuperGeek, at least in the mundane reckoning of members of the “normal” population. They don’t understand that grep is simply an odd concatenation of the phrase “grab regular expression”; and even if they did know, it would mean nothing to them. After all, to them a regular expression is probably something like “What goes around comes around”, “No pain no gain” or the like. But regular expressions are not annoying cliches, they are powerful patterns.
[usr-4@srv-3 usr-4]$ grep "22" /etc/services ssh 22/tcp # SSH Remote Login Protocol ssh 22/udp # SSH Remote Login Protocol imap3 220/tcp # Interactive Mail Access imap3 220/udp # Protocol v3 bpjava-msvc 13722/tcp # BP Java MSVC Protocol bpjava-msvc 13722/udp # BP Java MSVC Protocol wnn6 22273/tcp wnn4 wnn6 22273/ucp wnn4 wnn4_Kr 22305/tcp # used by the kWnn package wnn4_Cn 22289/tcp # used by the cWnn package wnn4_Tw 22321/tcp # used by the tWnn package [usr-4@srv-3 usr-4]$ grep "22/" /etc/services ssh 22/tcp # SSH Remote Login Protocol ssh 22/udp # SSH Remote Login Protocol bpjava-msvc 13722/tcp # BP Java MSVC Protocol bpjava-msvc 13722/udp # BP Java MSVC Protocol [usr-4@srv-3 usr-4]$ grep "\b22/" /etc/services ssh 22/tcp # SSH Remote Login Protocol ssh 22/udp # SSH Remote Login Protocol |
See how the well-crafted regular expression narrows our results? The \b refers to white space at the edge of a word. Here are a few quickies:
Are there empty lines in a file?
[usr-4@srv-3 usr-4]$ grep ^$ /etc/services [usr-4@srv-3 usr-4]$ |
Look for SCSI errors in the syslog:
[root@srv-3 root]# grep -i 'scsi\|error' /var/log/messages Jun 13 03:35:27 srv-3 kernel: st0: Error with sense data: Info fld=0x8000, Current st09:00: sense key Aborted Command Jun 13 03:35:27 srv-3 kernel: Additional sense indicates Scsi parity error |
The “-i” flag means case Insensitive. The pipe, escaped with a backslash, tells grep to look for the string “scsi” or the string “error”.
Look at the root account in the password file:
[usr-4@srv-3 usr-4]$ grep root /etc/passwd root:x:0:0:root:/root:/bin/bash operator:x:11:0:operator:/root:/sbin/nologin [usr-4@srv-3 usr-4]$ grep ^root /etc/passwd root:x:0:0:root:/root:/bin/bash |
Notice how adding the caret (which indicates the beginning of a line) returns only the entry we’re interested in.
Most useful tools have some form of negation, and grep has the “-v” flag, which means reVerse, or, as I like to remember it, grep the Very opposite. This is often useful for filtering out uninteresting log messages like “srv-3 modprobe: modprobe: Can’t locate module sound-slot-1”:
[root@srv-3 usr-4]# grep "Jun 13" /var/log/messages | grep -v sound Jun 13 01:00:00 srv-3 automount[3010]: attempting to mount entry /misc/share Jun 13 01:01:04 srv-3 automount[23407]: expired /misc/share Jun 13 09:17:38 srv-3 kde(pam_unix)[25120]: authentication failure; logname= uid=501 euid=501 tty=:0 ruser= rhost= user=usr-4 Jun 13 11:00:26 srv-3 su(pam_unix)[25534]: session opened for user root by usr-4(uid=501) Jun 13 11:48:48 srv-3 su(pam_unix)[20737]: session closed for user root Jun 13 12:49:23 srv-3 su(pam_unix)[25534]: session closed for user root Jun 13 13:09:55 srv-3 su(pam_unix)[26159]: session opened for user root by usr-4(uid=501) |
This command also illustrates grep’s use in a pipeline, where it is most helpful.
Grep “-l” simply Lists file names with matches, instead of listing the matching lines too. This flag comes in handy in command substitutions. For instance, I may want to edit all of the email lists which contain a certain user name.
[alias@srv-3 alias]$ vi `grep -l usr-4 .qmail*` |
The “-r” flag greps Recursively through a directory structure. I would use this if, for example, I wanted to find all invocations of grep in a directory struture full of old scripts.
[usr-4@srv-3 mis]$ grep -r grep *
bb/ext/bb-ldap.sh: set `$PS | $GREP "ldapsearch.*$HOST_IP " | $GREP -v grep`
bb/ext/fping.sh: $GREP "^0\.0\.0\.0[ ]" $BBHOME/etc/bb-hosts | $GREP
-v noconn | grep noping > $BBTMP/fping.$$
bb/ext/jrun.sh:set `ps auxwww | grep JRun | grep default | head -1`;shift;shift;
shift;shift;shift;echo $1 > /tmp/OUTPUT.$$
bb/ext/popchart.sh:popstatus=$(grep "closed" $TMPFILE)
bb/ext/swraid.sh:TEST0=`egrep ^md0 /proc/mdstat`
scripts/prefilter.sh:grep -v "\.jpg" $TEMP/${FATFILE}.2 > $TEMP/${FATFILE}
shutall/shutall.sh: up=`ping $machine -c 1 | grep "64 bytes from" | cut -f4 -d" "`
|
Grep can return lines of context in addition to the matching lines. For instance:
[root@srv-3 usr-4]# dmesg | grep -A 8 3c59x 3c59x: Donald Becker and others. www.scyld.com/network/vortex.html See Documentation/networking/vortex.txt 00:0d.0: 3Com PCI 3c905B Cyclone 100baseTx at 0xb800. Vers LK1.1.18-ac 00:50:04:7b:e2:de, IRQ 11 product code 5447 rev 00.9 date 03-22-99 Internal config register is 1800000, transceivers 0xa. 8K byte-wide RAM 5:3 Rx:Tx split, autoselect/Autonegotiate interface. MII transceiver found at address 24, status 782d. Enabling bus-master transmits and whole-frame receives. |
After matching the string “3c59x”, the “-A” flag grabs n lines of context After the matching line. There is a corresponding “-B” flag which grabs n lines of context Before the match. This can be very useful for grabbing event sequences out of system log files, parsing machine-generated alert emails, and anything where the data has a more-or-less fixed length which can be identified at the beginning or end by a pattern. You’ll know it when you have a use for this one.
Don’t forget that grep and find are two great tastes that taste great together.
[usr-4@srv-3 usr-4]$ find . -name *.sh -exec grep -i "grep" {} \;
|
And now, SuperGeek, with your powerful regular expressions, you grok what grep is all about.
