Usually, grep command is used for searching a string or regular expression against a file or files or an input stream. Here I am discussing the advanced grep options used for grep command, like grep -rl, grep -v ftpd, which is helpful for the system admin to get filtered results from the logs and other command outputs.
Counting the number of strings using grep
The option “-c” will give the line count of string existence in the file or in the input stream.
# grep -c suhesh test.txt # grep suhesh test.txt | wc -l
Usually, grep for the string and count the lines will output the line count with the string present. We can replace the use of multiple commands using the piped option with this grep option. There is no major difference for this option if the command is running individually. If the commands are used in the loop with thousands or more, then there should be some significant change in time difference.
Multiple lines using grep
Sometimes we need to print the next line after the string present and we can use the grep option “-A” and “-B” for getting this. This will print the lines with the provided digit with the option above or after the string present.
-A NUM, --after-context=NUM -B NUM, --before-context=NUM
One of the situation, I faced is getting the exim ( mail server) ID of the mails in the exim queue, where the recipient address is same. In that case, the line containing exim ID will not contact the recipient address and we need to use the above-mentioned option to get the expected result.
Multiple strings in grep
We can use multiple strings in the single check so that we will get lines with any of the strings mentioned in the command. This will help to reduce the overall running time for the command.
# grep 'string1\|string2' file.txt
A practical example of using multiple strings are getting the list of users which are not whitelisted.
Regular expression and grep
If the string we need to search is not a specific word or a range of words, then we can use a regular expression for searching in the text inside a file.
An example is we need to search for strings starting with numbers and end with “.txt” extension, we can use the following command to make it work.
# grep “[0-9].*\.txt” fileName.txt
Regular expression or simply regex are patterns used to match character combinations in strings. In order to understand the above regular expression, you need to learn more about it.
List of files from grep result
There is an option “-l” to list down the file name in which the string or pattern present. This option is very useful for finding the list of files contains a specific string.
# grep -rl 'localhost' /home/eazylinux/public_html/*
An example is finding the database details from a web application. For that, we check for the string “localhost” in all files by expecting localhost is set as the database server. Just review the files to get the database details.
Another example is for finding hacked file list. Find one hacked file and collect a string from the file and check the same under the document root for the site to get other hacked files. It will show the files with the same code.
Unmatched lines from grep result
Like every command, grep also has an option to print the unmatched lines. The option “-v” will give the unmatched lines.
# grep -v ftpd /var/log/messages
Above command will show the logs without ftp entries.
A good example of this option is log processing. In case of log processing, for finding the reason for the server down or unusual activity, we don’t know which process is causing the issues. So we first analyze the log and exclude some entries, which we feel it is fine and check for the rest. By excluding one by one, we get few lines of log entries and which give some hint about the unusual activity in the server.