Solved

how do i grep

Posted on 2014-02-24
14
275 Views
Last Modified: 2014-04-15
Hi, I am trying to grep a firewall log, however the results I am getting are far too broad.  I just want lines which have 1.1.1.1 in them.

I tried

grep "1.1.1.1"  * >dump

However, the results are pulling lines that are not 1.1.1.1.  Any suggestions?!?!
0
Comment
Question by:NYGiantsFan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +6
14 Comments
 
LVL 14

Expert Comment

by:comfortjeanius
ID: 39882938
You could try....
grep -o "1.1.1.1"  * >dump

Open in new window

By default grep will show the line which matches the given pattern/string, but if you want the grep to show out only the matched string of the pattern then use the -o option.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 39882989
The syntax of the command as shown:

grep "1.1.1.1" * >dump

You are looking for 1.1.1.1 in any file and attempting to send the results to dump.

Using the ">" operator will overwrite each time.  Try using the ">>" to append. There should also be a space between the ">" and the file name "dump".

My guess is that you are getting results like 1.1.1.10, 1.1.1.11, etc.  To get just 1.1.1.1 try this:

grep -w "1.1.1.1" * >> dump
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39883050
Do you have sample data, result you are getting and what you are expected to see?
0
Tutorials alone can't teach real engineering

So we built better training tools.

-Hands-on Labs
-Instructor Mentoring
-Scenario-Based Tests
-Dedicated Cloud Servers

All at your fingertips. What are you waiting for?

 
LVL 23

Expert Comment

by:savone
ID: 39883121
Also, grep will see the periods or dots as a regular expression.

Try this:

grep -w '1.1.1.1' *

with single quotes telling grep not to expand regular expressions.
0
 
LVL 15

Expert Comment

by:Insoftservice
ID: 39883308
grep -o '1.1.1.1' *>test.log

grep -w 1.1.11 *>test.log
0
 

Author Comment

by:NYGiantsFan
ID: 39883525
sudo grep -o "1.1.1.1" * > dump.log  is producing this output

10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131



sudo grep -w "1.1.1.1" * > dump.log is also not producing the wanted results.  

It appears both are reading the below as 1.1.1.1.  Any ideas?

10.212.10.2-20140221.log:Feb 21 04:48:35 10.212.10.2/10.212.10.2 %ASA-6-302014: Teardown TCP connection 510577569 for vlan1510-outside:141.131.19.197/88 to vlan510-inside:10.212.10.106/58769 duration 0:00:00 bytes 1684 TCP FINs
0
 
LVL 15

Expert Comment

by:Insoftservice
ID: 39883574
did you tried with single quotes

grep '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$' file.txt
0
 
LVL 26

Expert Comment

by:pony10us
ID: 39883575
Did you try single quotes as suggested by Savone in ID: 39883121
0
 
LVL 15

Expert Comment

by:Insoftservice
ID: 39883584
grep "1\.1\.1\.1$"  * > dump.log

Try out these one.

I hope its unique LOL
0
 

Author Comment

by:NYGiantsFan
ID: 39883694
grep "1\.1\.1\.1$"  * > dump.log  resulted in this Illegal variable name.
0
 
LVL 44

Expert Comment

by:Darr247
ID: 39883709
So, what does
grep -w '1.1.1.1' *  > dump.log
give?
0
 
LVL 23

Accepted Solution

by:
savone earned 500 total points
ID: 39884288
You should try all the examples given, it seems you ignored my answer.

QUOTE:
Also, grep will see the periods or dots as a regular expression.

Try this:

grep -w '1.1.1.1' *

with single quotes telling grep not to expand regular expressions.
0
 
LVL 5

Expert Comment

by:Dave Gould
ID: 39884952
savone is right.
the decimal points are seen as wild cards so you are looking for
1- anychar - 1 - any char - 1 - any char - 1 - anything else..

141.131.19.197 falls into this category quite nicely so is being picked out as a positive result.

putting the string in single quotes will stop the dots from being interpreted as wild cards and they will be treated as you intended. ie as dots.
0
 
LVL 3

Expert Comment

by:Kevin Pham
ID: 39967828
Because grep treats the dot and dash as syntax switch... so you'd have to instruct the shell to treat your arguments as literal ... to do that

$ grep -- '1.1.1.1' *

The double dash (--) tells the system to treat everything behind it as "literal" and NOT switches. Try this and update us if it works for you.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question