Linux Admin – Grep Command

  • Post author:
  • Post category:Linux
  • Post comments:0 Comments

grep is commonly used by administrators to −

  • Find files with a specific text string
  • Search for a text string in logs
  • Filter command out, focusing on a particular string

Following is a list of common switches used with grep.

SwitchAction
-E *Interpret pattern as a regular expression
-G *Interpret pattern as a basic regular expression
-cSuppress normal output, only show the number of matches
-lList files with matches
-nPrefix each
-mStop reading after the number of matching lines
-oPrint only the matching parts of matching lines, per line (useful with pattern matches)
-vInvert matches, showing non-matches
-iCase insensitive search
-rUse grep recursively

Search for errors X Server errors in Xorg logs −

[[email protected] log]# grep error ./Xorg*.log

   ./Xorg.0.log:   (WW) warning, (EE) error, (NI) not implemented, (??) unknown.

   ./Xorg.1.log:   (WW) warning, (EE) error, (NI) not implemented, (??) unknown.

   ./Xorg.9.log:   (WW) warning, (EE) error, (NI) not implemented, (??) unknown.

[[email protected] log]#

Check for possible RDP attacks on an imported Windows Server firewall log.

[[email protected] Documents]# grep 3389 ./pfirewall.log | grep ” 146.” | wc -l

326

[[email protected] Documents]#

As seen in the above example, we had 326 Remote Desktop login attempts from the IPv4 class A range in less than 24 hours. The offending IP Address has been hidden for privacy reasons. These were all from the same IPv4 address. Quick as that, we have tangible evidence to block some IPv4 ranges in firewalls.

grep can be a fairly complex command. However, a Linux administrator needs to get a firm grasp of it. On an average day, a Linux System Admin can use a dozen variations of grep.

Leave a Reply

WC Captcha + 76 = 77