Finding text using grep
Many times on a Linux server you will need to search for specific text. You might be looking for the text in one or more files. Or you might want to find the text string in the output of a command. The grep tool is the tool for you. The tool is very powerful with a lot of options. It will work with regular expressions for building the search filter for text. The name of the tool stands for global regular expression print. It actually comes from the (very old Unix) ed command g/re/p which did regular expression searches and display the result.
The most basic form of grep is to state some text you want to look for followed by the file to search. Say I want to find information on my account on the Linux server. The account information is in /etc/passwd file. It is dozens, or even hundreds, of lines long. I can do the following grep command to search for the line that is my account information.
The most basic form of grep is to state some text you want to look for followed by the file to search. Say I want to find information on my account on the Linux server. The account information is in /etc/passwd file. It is dozens, or even hundreds, of lines long. I can do the following grep command to search for the line that is my account information.
grep rusty /etc/passwd
If you run this command on your system for your login you will find a single line show up for your account. Try also searching for some other typically standard accounts on Linux like mail, news, nobody, and sshd. Then try to search for something that won't be there, say frodo. Notice how nothing is returned.
Most things on Linux are case sensitive. This is true also of grep. So you need to know the case of the letters in the phrase you are searching for. If you don't know the case of the search string then you can tell grep to do a case insensitive search using the -i command line switch.
Most things on Linux are case sensitive. This is true also of grep. So you need to know the case of the letters in the phrase you are searching for. If you don't know the case of the search string then you can tell grep to do a case insensitive search using the -i command line switch.
grep -i Backup /etc/passwd
Of course when you use the -i switch you are making the entire search phrase case insensitive. So in the example above we would find backup, Backup, baCKup, and backUP. Many times that is fine, especially for a single word search. I have known some people that get lazy and simply put -i in every one of their grep searches. This reduces the power of grep a lot though. As I mentioned before grep works with regular expressions. This is not a tutorial on regular expressions. There are whole books on how to use regular expressions. And that is another topic you should make sure to get solid knowledge on. Regular expressions are the powerhouse of string handling in so many commands and programming languages.
So let's say you don't know if the first character is upper or lower case but know the rest is lower case. You can do the following grep statement. We enclose a list (this time just two) of characters in square brackets to match in the first spot of the word. So this time we will match backup and Backup, but not backUP or BACKUP.
So let's say you don't know if the first character is upper or lower case but know the rest is lower case. You can do the following grep statement. We enclose a list (this time just two) of characters in square brackets to match in the first spot of the word. So this time we will match backup and Backup, but not backUP or BACKUP.
grep [bB]ackup /etc/passwd
Sometimes you need to know if a search phrase is in one of a number of files. The grep command is useful for that task too. You simply list the directory that contains all the files, or use a wildcard search for some of the files. So let's say you know you did an ldif import of users into your directory that all had the attribute company populated with the phrase Acme Novelty Products. You keep every one of your ldif files and cannot remember which of them has the list of users. And that folder has a bunch of other files besides just the ldif files. You could do the following grep command.
grep "Acme Novelty Products" /home/rusty/data/*.ldif
Notice I put the search phrase in quotes. This will help to make sure grep gets the phrase with the spaces and all. When you run this command you will get a listing of the matching lines from any file that has the phrase in it. You will also see the name of the file at the beginning of the line. If you want to search through subdirectories also then simply add the -r switch to the command before the search pattern. So I could do the same command above to look through my home directory and all subdirectories with the following.
grep -r "Acme Novelty Products" /home/rusty/
Using grep to search the output of commands
Many times you will run a Linux command that returns an avalanche of information. One of the nice things with the Linux shell is being able to pipe the output of one command into the input of the next command. So quick reminder we call it piping as an allusion to plumbing. Think of each command as a device with an in port and an out port. By default the out port is the screen. But you can send that data into other commands in their in port. That is piping. The | character is the pipe character or command. It is often found over the backslash key on the keyboard, but not always. Sometimes it will be two short lines one above the other. So you type in the the first command then the pipe command then the second command. You can pipe through multiple commands one after another to get to the ultimate end point.
So how might this work in real life? Let's say you are doing an ldap search against a directory. The ldap search will always return the full dn of the user and whatever attributes you specify. Say you want only a listing of the email address of the people in a department. You can do the ldap search and have it return the mail attribute and use grep to filter out everything else except that line for each person. So it would go something like this. I am not giving the full ldap search command because the point is the grep.
So how might this work in real life? Let's say you are doing an ldap search against a directory. The ldap search will always return the full dn of the user and whatever attributes you specify. Say you want only a listing of the email address of the people in a department. You can do the ldap search and have it return the mail attribute and use grep to filter out everything else except that line for each person. So it would go something like this. I am not giving the full ldap search command because the point is the grep.
ldapsearch -h server -b mybase department=it mail | grep "mail: "
The ldapsearch command will run and give a listing of all the users where department is equal to it. Each user object returned will have one line for the full dn of the user and one that starts "mail: " that then has the value of each users email. The output of the command then goes into the grep command and it will search for the string "mail: " and it will output only those lines to the screen. If you want to save that output to a file you can then redirect the output from grep to a file instead of the screen.
Let's consider another that is often used. You want to find out if a particular process is running, say httpd. You can use the ps -ef command to get a listing of the running processes. But often that is a very large list on servers. You know that you want only the httpd process. So you can pipe the output of the ps command into grep to filter out the other items.
Of course you can now take the output of the grep command and pipe it into the input of other commands. The line you are getting from grep is "mail: [email protected]". You probably would only want the email address itself. So you could pipe the output into something like sed or cut to then get rid of the "mail: " part of each line leaving you with just the email address itself.
Let's consider another that is often used. You want to find out if a particular process is running, say httpd. You can use the ps -ef command to get a listing of the running processes. But often that is a very large list on servers. You know that you want only the httpd process. So you can pipe the output of the ps command into grep to filter out the other items.
Of course you can now take the output of the grep command and pipe it into the input of other commands. The line you are getting from grep is "mail: [email protected]". You probably would only want the email address itself. So you could pipe the output into something like sed or cut to then get rid of the "mail: " part of each line leaving you with just the email address itself.
ps -ef | grep "httpd"
So now your output is going to be just any line that has httpd in it. Now you can easily find the httpd process if it is running. One note on this particular example. You will get one line item that is actually the grep command looking for the httpd string. So if the web server is running you will get at least two lines output to the screen. One of them will be the grep command itself. So be mindful of that little tidbit when grepping for processes.
There are a lot of additional options you can use with grep. We will cover just one more very useful basic one in this tutorial. Sometimes you are looking for a full word that could also possibly be a string inside other words. For example say you are looking for the name Sue. This could also be part of SueEllen and SueAnna. If you use grep normally it would find all three of those. Or you can use the -w switch to tell grep that you need to search for a whole word. Now grep will find and return Sue, but not SueEllen or SueAnna.
There are a lot of additional options you can use with grep. We will cover just one more very useful basic one in this tutorial. Sometimes you are looking for a full word that could also possibly be a string inside other words. For example say you are looking for the name Sue. This could also be part of SueEllen and SueAnna. If you use grep normally it would find all three of those. Or you can use the -w switch to tell grep that you need to search for a whole word. Now grep will find and return Sue, but not SueEllen or SueAnna.
grep -w Sue mytest.txt
Make a file with a list of names. Make sure some names are substrings of longer names. Try the grep command on them.
So that is the basics of grep. This is one of the most used Linux utilities you will learn.
So that is the basics of grep. This is one of the most used Linux utilities you will learn.
Home |
About |
Services |
Copyright © 2016