NYGiantsFan
asked on
how do i grep
Hi, I am trying to grep a firewall log, however the results I am getting are far too broad. I just want lines which have 1.1.1.1 in them.
I tried
grep "1.1.1.1" * >dump
However, the results are pulling lines that are not 1.1.1.1. Any suggestions?!?!
I tried
grep "1.1.1.1" * >dump
However, the results are pulling lines that are not 1.1.1.1. Any suggestions?!?!
The syntax of the command as shown:
grep "1.1.1.1" * >dump
You are looking for 1.1.1.1 in any file and attempting to send the results to dump.
Using the ">" operator will overwrite each time. Try using the ">>" to append. There should also be a space between the ">" and the file name "dump".
My guess is that you are getting results like 1.1.1.10, 1.1.1.11, etc. To get just 1.1.1.1 try this:
grep -w "1.1.1.1" * >> dump
grep "1.1.1.1" * >dump
You are looking for 1.1.1.1 in any file and attempting to send the results to dump.
Using the ">" operator will overwrite each time. Try using the ">>" to append. There should also be a space between the ">" and the file name "dump".
My guess is that you are getting results like 1.1.1.10, 1.1.1.11, etc. To get just 1.1.1.1 try this:
grep -w "1.1.1.1" * >> dump
Do you have sample data, result you are getting and what you are expected to see?
Also, grep will see the periods or dots as a regular expression.
Try this:
grep -w '1.1.1.1' *
with single quotes telling grep not to expand regular expressions.
Try this:
grep -w '1.1.1.1' *
with single quotes telling grep not to expand regular expressions.
grep -o '1.1.1.1' *>test.log
grep -w 1.1.11 *>test.log
grep -w 1.1.11 *>test.log
ASKER
sudo grep -o "1.1.1.1" * > dump.log is producing this output
10.212.10.2-20140221.log:1 41.131
10.212.10.2-20140221.log:1 41.131
10.212.10.2-20140221.log:1 41.131
10.212.10.2-20140221.log:1 41.131
10.212.10.2-20140221.log:1 41.131
10.212.10.2-20140221.log:1 41.131
10.212.10.2-20140221.log:1 41.131
10.212.10.2-20140221.log:1 41.131
sudo grep -w "1.1.1.1" * > dump.log is also not producing the wanted results.
It appears both are reading the below as 1.1.1.1. Any ideas?
10.212.10.2-20140221.log:F eb 21 04:48:35 10.212.10.2/10.212.10.2 %ASA-6-302014: Teardown TCP connection 510577569 for vlan1510-outside:141.131.1 9.197/88 to vlan510-inside:10.212.10.1 06/58769 duration 0:00:00 bytes 1684 TCP FINs
10.212.10.2-20140221.log:1
10.212.10.2-20140221.log:1
10.212.10.2-20140221.log:1
10.212.10.2-20140221.log:1
10.212.10.2-20140221.log:1
10.212.10.2-20140221.log:1
10.212.10.2-20140221.log:1
10.212.10.2-20140221.log:1
sudo grep -w "1.1.1.1" * > dump.log is also not producing the wanted results.
It appears both are reading the below as 1.1.1.1. Any ideas?
10.212.10.2-20140221.log:F
did you tried with single quotes
grep '^[0-9]\{1,3\}\.[0-9]\{1,3 \}\.[0-9]\ {1,3\}\.[0 -9]\{1,3\} $' file.txt
grep '^[0-9]\{1,3\}\.[0-9]\{1,3
Did you try single quotes as suggested by Savone in ID: 39883121
grep "1\.1\.1\.1$" * > dump.log
Try out these one.
I hope its unique LOL
Try out these one.
I hope its unique LOL
ASKER
grep "1\.1\.1\.1$" * > dump.log resulted in this Illegal variable name.
So, what does
grep -w '1.1.1.1' * > dump.log
give?
grep -w '1.1.1.1' * > dump.log
give?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
savone is right.
the decimal points are seen as wild cards so you are looking for
1- anychar - 1 - any char - 1 - any char - 1 - anything else..
141.131.19.197 falls into this category quite nicely so is being picked out as a positive result.
putting the string in single quotes will stop the dots from being interpreted as wild cards and they will be treated as you intended. ie as dots.
the decimal points are seen as wild cards so you are looking for
1- anychar - 1 - any char - 1 - any char - 1 - anything else..
141.131.19.197 falls into this category quite nicely so is being picked out as a positive result.
putting the string in single quotes will stop the dots from being interpreted as wild cards and they will be treated as you intended. ie as dots.
Because grep treats the dot and dash as syntax switch... so you'd have to instruct the shell to treat your arguments as literal ... to do that
$ grep -- '1.1.1.1' *
The double dash (--) tells the system to treat everything behind it as "literal" and NOT switches. Try this and update us if it works for you.
$ grep -- '1.1.1.1' *
The double dash (--) tells the system to treat everything behind it as "literal" and NOT switches. Try this and update us if it works for you.
Open in new window