Linux Admin – Grep Command

Linux Admin - Grep Command

This topic is about Linux Admin – Grep Command.

grep is commonly used by administrators to −

  • Find files with a specific text string
  • Search for a text string in logs
  • Filter command out, focusing on a particular string

Following is a list of common switches used with grep.

SwitchAction
-E *Interpret pattern as a regular expression
-G *Interpret pattern as a basic regular expression
-cSuppress normal output, only show the number of matches
-lList files with matches
-nPrefix each
-mStop reading after the number of matching lines
-oPrint only the matching parts of matching lines, per line (useful with pattern matches)
-vInvert matches, showing non-matches
-iCase insensitive search
-rUse grep recursively

Search for errors X Server errors in Xorg logs −

[root@centosLocal log]# grep error ./Xorg*.log 
   ./Xorg.0.log:   (WW) warning, (EE) error, (NI) not implemented, (??) unknown. 
   ./Xorg.1.log:   (WW) warning, (EE) error, (NI) not implemented, (??) unknown. 
   ./Xorg.9.log:   (WW) warning, (EE) error, (NI) not implemented, (??) unknown. 
[root@centosLocal log]#

Check for possible RDP attacks on an imported Windows Server firewall log.

[root@centosLocal Documents]# grep 3389 ./pfirewall.log | grep " 146." | wc -l 
326
[root@centosLocal Documents]#

As seen in the above example, we had 326 Remote Desktop login attempts from IPv4 class A range in less than 24 hours. The offending IP Address has been hidden for privacy reasons. These were all from the same IPv4 address. Quick as that, we have tangible evidence to block some IPv4 ranges in firewalls.

grep can be a fairly complex command. However, a Linux administrator needs to get a firm grasp on. In an average day, a Linux System Admin can use a dozen variations of grep.

InIn this chapter we learned about Linux Admin – Grep Command. To know more : Click Here .

This Post Has One Comment

Leave a Reply