An Introduction To The Grep Command
Linux distributions ship with a great many tools designed to make using a computer simpler. With the design of Linux being that just about everything is a file or directory, and most of the files consist of plain text, it follows that a lot of the tools are designed for working with text files. One such tool that is possibly the most useful and most used is the grep tool.
What is Grep?
Grep is a pattern matching tool. It will search a file or list of files for lines that contain a match for the provided search pattern, and will then return a list of those matched lines. Grep’s pattern matching makes use of regular expressions to provide a lot of flexibility to the search rather than simple explicit text matches. While regular expressions make use of certain characters to perform specific functions in the pattern to be matched, most plain text and number searches can be performed without needing to worry about how they work. For this tutorial we’ll be looking over the basic usage of grep.
To start with, we’ll look at searching for the word “cron” in the /var/log/syslog file:
grep cron /var/log/syslog
Something you can see from the output is that the matched term is highlighted in red bold text. It’s worth noting that the matching is case sensitive, and to match any case you’ll need to use the -i flag:
grep -i cron /var/log/syslog
Due to the way that grep pattern matches, you’ll see that the matches can consist of parts of words as well as words in their entirety. If you only want to match full words you can use the -w flag:
grep -w cron /var/log/syslog
Now let’s imagine you want to search for something, and you know the directory it’s in but not the exact file. In this case you can search by directory name, and with the -r flag also through subdirectories of this directory:
grep -r cron /var/log/
As can be seen from this, when carrying out this search the matched lines are prefixed by the filename of the file that they were matched in. If you’d also like to see the line number of the matching line then you’ll need to use the -n flag:
grep -n cron /var/log/syslog
This is fine if you want to match a search term in a line, but what if you want the lines that don’t contain the search term? Well, that’s possible with the -v flag:
grep -v cron /var/log/syslog
Sometimes it’s not just the line that matches your search that you are interested in but the lines around it that may have the information that you need. There are also flags to show you a number of lines each side of the matched line.
- The first is -C which shows a specified number of lines each side of the matched line.
- The -A flag shows a specified number of lines after each matched line.
- The -B flag shows the specified number of lines before each matched line.
They all work in the same way, and you just type the number directly after the flag with no spaces, for example:
grep -A4 cron /var/log/syslog
Something that is probably obvious by now is that spaces are used to separate the search term from the files to be search, so what happens when you want to search for something containing a space? To do this you need to put the search inside single quotes:
grep ‘authentication failure’ /var/log/auth.log
Finally, let’s look at some basic pattern matching. For this we’ll have the wildcard character which is the dot (.), Which will match any character. This can be followed with an asterisk (*), which requests a match of the previous character 0 or more times. For example:
grep ‘authentication failure.*root’ /var/log/auth.log
The previous command highlights all the failed authentication attempts for the root user.
We’ve now covered pretty much all the basics of using the grep command. This is a basic introduction; there’s a lot more to it, of course, and the man page gives more useful information. Regular expressions really help unlock the power of grep and are something we’ll look at in more detail another time.