• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 281
  • Last Modified:

how do i grep

Hi, I am trying to grep a firewall log, however the results I am getting are far too broad.  I just want lines which have 1.1.1.1 in them.

I tried

grep "1.1.1.1"  * >dump

However, the results are pulling lines that are not 1.1.1.1.  Any suggestions?!?!
0
NYGiantsFan
Asked:
NYGiantsFan
  • 3
  • 2
  • 2
  • +6
1 Solution
 
comfortjeaniusCommented:
You could try....
grep -o "1.1.1.1"  * >dump

Open in new window

By default grep will show the line which matches the given pattern/string, but if you want the grep to show out only the matched string of the pattern then use the -o option.
0
 
pony10usCommented:
The syntax of the command as shown:

grep "1.1.1.1" * >dump

You are looking for 1.1.1.1 in any file and attempting to send the results to dump.

Using the ">" operator will overwrite each time.  Try using the ">>" to append. There should also be a space between the ">" and the file name "dump".

My guess is that you are getting results like 1.1.1.10, 1.1.1.11, etc.  To get just 1.1.1.1 try this:

grep -w "1.1.1.1" * >> dump
0
 
MazdajaiCommented:
Do you have sample data, result you are getting and what you are expected to see?
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
savoneCommented:
Also, grep will see the periods or dots as a regular expression.

Try this:

grep -w '1.1.1.1' *

with single quotes telling grep not to expand regular expressions.
0
 
InsoftserviceCommented:
grep -o '1.1.1.1' *>test.log

grep -w 1.1.11 *>test.log
0
 
NYGiantsFanAuthor Commented:
sudo grep -o "1.1.1.1" * > dump.log  is producing this output

10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131



sudo grep -w "1.1.1.1" * > dump.log is also not producing the wanted results.  

It appears both are reading the below as 1.1.1.1.  Any ideas?

10.212.10.2-20140221.log:Feb 21 04:48:35 10.212.10.2/10.212.10.2 %ASA-6-302014: Teardown TCP connection 510577569 for vlan1510-outside:141.131.19.197/88 to vlan510-inside:10.212.10.106/58769 duration 0:00:00 bytes 1684 TCP FINs
0
 
InsoftserviceCommented:
did you tried with single quotes

grep '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$' file.txt
0
 
pony10usCommented:
Did you try single quotes as suggested by Savone in ID: 39883121
0
 
InsoftserviceCommented:
grep "1\.1\.1\.1$"  * > dump.log

Try out these one.

I hope its unique LOL
0
 
NYGiantsFanAuthor Commented:
grep "1\.1\.1\.1$"  * > dump.log  resulted in this Illegal variable name.
0
 
Darr247Commented:
So, what does
grep -w '1.1.1.1' *  > dump.log
give?
0
 
savoneCommented:
You should try all the examples given, it seems you ignored my answer.

QUOTE:
Also, grep will see the periods or dots as a regular expression.

Try this:

grep -w '1.1.1.1' *

with single quotes telling grep not to expand regular expressions.
0
 
Dave GouldOnsite SupportCommented:
savone is right.
the decimal points are seen as wild cards so you are looking for
1- anychar - 1 - any char - 1 - any char - 1 - anything else..

141.131.19.197 falls into this category quite nicely so is being picked out as a positive result.

putting the string in single quotes will stop the dots from being interpreted as wild cards and they will be treated as you intended. ie as dots.
0
 
Kevin PhamCommented:
Because grep treats the dot and dash as syntax switch... so you'd have to instruct the shell to treat your arguments as literal ... to do that

$ grep -- '1.1.1.1' *

The double dash (--) tells the system to treat everything behind it as "literal" and NOT switches. Try this and update us if it works for you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
  • 2
  • +6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now