[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

how do i grep

Posted on 2014-02-24
14
Medium Priority
?
279 Views
Last Modified: 2014-04-15
Hi, I am trying to grep a firewall log, however the results I am getting are far too broad.  I just want lines which have 1.1.1.1 in them.

I tried

grep "1.1.1.1"  * >dump

However, the results are pulling lines that are not 1.1.1.1.  Any suggestions?!?!
0
Comment
Question by:NYGiantsFan
  • 3
  • 2
  • 2
  • +6
14 Comments
 
LVL 14

Expert Comment

by:comfortjeanius
ID: 39882938
You could try....
grep -o "1.1.1.1"  * >dump

Open in new window

By default grep will show the line which matches the given pattern/string, but if you want the grep to show out only the matched string of the pattern then use the -o option.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 39882989
The syntax of the command as shown:

grep "1.1.1.1" * >dump

You are looking for 1.1.1.1 in any file and attempting to send the results to dump.

Using the ">" operator will overwrite each time.  Try using the ">>" to append. There should also be a space between the ">" and the file name "dump".

My guess is that you are getting results like 1.1.1.10, 1.1.1.11, etc.  To get just 1.1.1.1 try this:

grep -w "1.1.1.1" * >> dump
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39883050
Do you have sample data, result you are getting and what you are expected to see?
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 23

Expert Comment

by:savone
ID: 39883121
Also, grep will see the periods or dots as a regular expression.

Try this:

grep -w '1.1.1.1' *

with single quotes telling grep not to expand regular expressions.
0
 
LVL 15

Expert Comment

by:Insoftservice
ID: 39883308
grep -o '1.1.1.1' *>test.log

grep -w 1.1.11 *>test.log
0
 

Author Comment

by:NYGiantsFan
ID: 39883525
sudo grep -o "1.1.1.1" * > dump.log  is producing this output

10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131



sudo grep -w "1.1.1.1" * > dump.log is also not producing the wanted results.  

It appears both are reading the below as 1.1.1.1.  Any ideas?

10.212.10.2-20140221.log:Feb 21 04:48:35 10.212.10.2/10.212.10.2 %ASA-6-302014: Teardown TCP connection 510577569 for vlan1510-outside:141.131.19.197/88 to vlan510-inside:10.212.10.106/58769 duration 0:00:00 bytes 1684 TCP FINs
0
 
LVL 15

Expert Comment

by:Insoftservice
ID: 39883574
did you tried with single quotes

grep '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$' file.txt
0
 
LVL 26

Expert Comment

by:pony10us
ID: 39883575
Did you try single quotes as suggested by Savone in ID: 39883121
0
 
LVL 15

Expert Comment

by:Insoftservice
ID: 39883584
grep "1\.1\.1\.1$"  * > dump.log

Try out these one.

I hope its unique LOL
0
 

Author Comment

by:NYGiantsFan
ID: 39883694
grep "1\.1\.1\.1$"  * > dump.log  resulted in this Illegal variable name.
0
 
LVL 44

Expert Comment

by:Darr247
ID: 39883709
So, what does
grep -w '1.1.1.1' *  > dump.log
give?
0
 
LVL 23

Accepted Solution

by:
savone earned 2000 total points
ID: 39884288
You should try all the examples given, it seems you ignored my answer.

QUOTE:
Also, grep will see the periods or dots as a regular expression.

Try this:

grep -w '1.1.1.1' *

with single quotes telling grep not to expand regular expressions.
0
 
LVL 5

Expert Comment

by:Dave Gould
ID: 39884952
savone is right.
the decimal points are seen as wild cards so you are looking for
1- anychar - 1 - any char - 1 - any char - 1 - anything else..

141.131.19.197 falls into this category quite nicely so is being picked out as a positive result.

putting the string in single quotes will stop the dots from being interpreted as wild cards and they will be treated as you intended. ie as dots.
0
 
LVL 3

Expert Comment

by:Kevin Pham
ID: 39967828
Because grep treats the dot and dash as syntax switch... so you'd have to instruct the shell to treat your arguments as literal ... to do that

$ grep -- '1.1.1.1' *

The double dash (--) tells the system to treat everything behind it as "literal" and NOT switches. Try this and update us if it works for you.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month17 days, 17 hours left to enroll

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question