Solved

how do i grep

Posted on 2014-02-24
14
267 Views
Last Modified: 2014-04-15
Hi, I am trying to grep a firewall log, however the results I am getting are far too broad.  I just want lines which have 1.1.1.1 in them.

I tried

grep "1.1.1.1"  * >dump

However, the results are pulling lines that are not 1.1.1.1.  Any suggestions?!?!
0
Comment
Question by:NYGiantsFan
  • 3
  • 2
  • 2
  • +6
14 Comments
 
LVL 14

Expert Comment

by:comfortjeanius
ID: 39882938
You could try....
grep -o "1.1.1.1"  * >dump

Open in new window

By default grep will show the line which matches the given pattern/string, but if you want the grep to show out only the matched string of the pattern then use the -o option.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 39882989
The syntax of the command as shown:

grep "1.1.1.1" * >dump

You are looking for 1.1.1.1 in any file and attempting to send the results to dump.

Using the ">" operator will overwrite each time.  Try using the ">>" to append. There should also be a space between the ">" and the file name "dump".

My guess is that you are getting results like 1.1.1.10, 1.1.1.11, etc.  To get just 1.1.1.1 try this:

grep -w "1.1.1.1" * >> dump
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39883050
Do you have sample data, result you are getting and what you are expected to see?
0
 
LVL 23

Expert Comment

by:savone
ID: 39883121
Also, grep will see the periods or dots as a regular expression.

Try this:

grep -w '1.1.1.1' *

with single quotes telling grep not to expand regular expressions.
0
 
LVL 15

Expert Comment

by:Insoftservice
ID: 39883308
grep -o '1.1.1.1' *>test.log

grep -w 1.1.11 *>test.log
0
 

Author Comment

by:NYGiantsFan
ID: 39883525
sudo grep -o "1.1.1.1" * > dump.log  is producing this output

10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131



sudo grep -w "1.1.1.1" * > dump.log is also not producing the wanted results.  

It appears both are reading the below as 1.1.1.1.  Any ideas?

10.212.10.2-20140221.log:Feb 21 04:48:35 10.212.10.2/10.212.10.2 %ASA-6-302014: Teardown TCP connection 510577569 for vlan1510-outside:141.131.19.197/88 to vlan510-inside:10.212.10.106/58769 duration 0:00:00 bytes 1684 TCP FINs
0
 
LVL 15

Expert Comment

by:Insoftservice
ID: 39883574
did you tried with single quotes

grep '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$' file.txt
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 26

Expert Comment

by:pony10us
ID: 39883575
Did you try single quotes as suggested by Savone in ID: 39883121
0
 
LVL 15

Expert Comment

by:Insoftservice
ID: 39883584
grep "1\.1\.1\.1$"  * > dump.log

Try out these one.

I hope its unique LOL
0
 

Author Comment

by:NYGiantsFan
ID: 39883694
grep "1\.1\.1\.1$"  * > dump.log  resulted in this Illegal variable name.
0
 
LVL 44

Expert Comment

by:Darr247
ID: 39883709
So, what does
grep -w '1.1.1.1' *  > dump.log
give?
0
 
LVL 23

Accepted Solution

by:
savone earned 500 total points
ID: 39884288
You should try all the examples given, it seems you ignored my answer.

QUOTE:
Also, grep will see the periods or dots as a regular expression.

Try this:

grep -w '1.1.1.1' *

with single quotes telling grep not to expand regular expressions.
0
 
LVL 5

Expert Comment

by:Dave Gould
ID: 39884952
savone is right.
the decimal points are seen as wild cards so you are looking for
1- anychar - 1 - any char - 1 - any char - 1 - anything else..

141.131.19.197 falls into this category quite nicely so is being picked out as a positive result.

putting the string in single quotes will stop the dots from being interpreted as wild cards and they will be treated as you intended. ie as dots.
0
 
LVL 3

Expert Comment

by:Kevin Pham
ID: 39967828
Because grep treats the dot and dash as syntax switch... so you'd have to instruct the shell to treat your arguments as literal ... to do that

$ grep -- '1.1.1.1' *

The double dash (--) tells the system to treat everything behind it as "literal" and NOT switches. Try this and update us if it works for you.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now