Linux/Unix – Searching for Text with grep.

The grep command comes in handy when you need to perform more advanced string searches in a file. In fact, the phrase to grep has actually entered the computer jargon as a verb, just as to Google has entered the popular language. Here are examples of the grep command:

$ grep francois myfile.txt

Show lines containing francois


grep 404 /var/log/httpd/access_log

Show lines containing 404

$ ps auwx | grep init

Show init lines from ps output


$ ps auwx | grep “\[*\]”

Show bracketed commands


$ dmesg | grep “[ ]ata\|^ata”

Show ata kernel device information

These command lines have some particular uses, beyond being examples of the grep command. By searching access_log for 404 you can see requests to your web server for pages that were not found (these could be someone fishing to exploit your system, or a web page you moved or forgot to create). Displaying bracketed commands that are output from the ps command is a way to see commands for which ps cannot display options. The last command checks the kernel buffer ring for any ATA device information, such as hard disks and CD-ROM drives. The grep command can also recursively search a few or a whole lot of files at the same time. The

following command recursively searches files in the /etc/httpd/conf and /etc/httpd/conf.d directories for the string VirtualHost:

$ grep -R VirtualHost /etc/httpd/conf*

Note that your system may not have any files with names starting with conf in the /etc/httpd directory, depending on what you have installed on your system. You can apply this technique to other files as well.

Add line numbers (-n) to your grep command to find the exact lines where the search terms occur:

$ grep -Rn VirtualHost /etc/httpd/conf*

To colorize the searched term in the search results, add the –color option:

$ grep –color -Rn VirtualHost /etc/httpd/conf*

By default, in a multifile search, the file name is displayed for each search result. Use the -h option to disable the display of file names. This example searches for the string sshd in the file auth.log:

$ grep -h sshd /var/log/auth.log

If you want to ignore case when you search messages, use the -i option:

$ grep -i selinux /var/log/messages    — Search file for selinux (any case)

To display only the name of the file that includes the search term, add the -l option:

$ grep -Rl VirtualHost /etc/httpd/conf*

To display all lines that do not match the string, add the -v option:

$ grep -v “ 200 “ /var/log/httpd/access_log*    — Show lines without “ 200 “

NOTE When piping the output of ps into grep, here’s a trick to prevent the grep process from appearing in the grep results:

# ps auwx | grep “[i]nit”


About msotela

This blog is for anyone who wants to access the power of a Linux system as a systems administrator or user. You may be a Linux enthusiast, a Linux professional, or possibly a computer professional who is increasingly finding the Windows systems in your data center supplanted by Linux boxes.

Posted on March 16, 2009, in Unix/Linux. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: