asked on

how do i grep

Hi, I am trying to grep a firewall log, however the results I am getting are far too broad. I just want lines which have 1.1.1.1 in them.

I tried

grep "1.1.1.1" * >dump

However, the results are pulling lines that are not 1.1.1.1. Any suggestions?!?!

comfortjeanius

You could try....

grep -o "1.1.1.1"  * >dump

Open in new window

By default grep will show the line which matches the given pattern/string, but if you want the grep to show out only the matched string of the pattern then use the -o option.

Steven Carnahan

The syntax of the command as shown:

grep "1.1.1.1" * >dump

You are looking for 1.1.1.1 in any file and attempting to send the results to dump.

Using the ">" operator will overwrite each time. Try using the ">>" to append. There should also be a space between the ">" and the file name "dump".

My guess is that you are getting results like 1.1.1.10, 1.1.1.11, etc. To get just 1.1.1.1 try this:

grep -w "1.1.1.1" * >> dump

Mazdajai

Do you have sample data, result you are getting and what you are expected to see?

Steven Vona

Also, grep will see the periods or dots as a regular expression.

Try this:

grep -w '1.1.1.1' *

with single quotes telling grep not to expand regular expressions.

Insoftservice inso

grep -o '1.1.1.1' *>test.log

grep -w 1.1.11 *>test.log

NYGiantsFan

ASKER

sudo grep -o "1.1.1.1" * > dump.log is producing this output

10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131
10.212.10.2-20140221.log:141.131

sudo grep -w "1.1.1.1" * > dump.log is also not producing the wanted results.

It appears both are reading the below as 1.1.1.1. Any ideas?

10.212.10.2-20140221.log:Feb 21 04:48:35 10.212.10.2/10.212.10.2 %ASA-6-302014: Teardown TCP connection 510577569 for vlan1510-outside:141.131.19.197/88 to vlan510-inside:10.212.10.106/58769 duration 0:00:00 bytes 1684 TCP FINs

Insoftservice inso

did you tried with single quotes

grep '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$' file.txt

Steven Carnahan

Did you try single quotes as suggested by Savone in ID: 39883121

Insoftservice inso

grep "1\.1\.1\.1$" * > dump.log

Try out these one.

I hope its unique LOL

NYGiantsFan

ASKER

grep "1\.1\.1\.1$" * > dump.log resulted in this Illegal variable name.

Darr247

So, what does
grep -w '1.1.1.1' * > dump.log
give?

ASKER CERTIFIED SOLUTION

Steven Vona

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Dave Gould

savone is right.
the decimal points are seen as wild cards so you are looking for
1- anychar - 1 - any char - 1 - any char - 1 - anything else..

141.131.19.197 falls into this category quite nicely so is being picked out as a positive result.

putting the string in single quotes will stop the dots from being interpreted as wild cards and they will be treated as you intended. ie as dots.

Kevin Pham

Because grep treats the dot and dash as syntax switch... so you'd have to instruct the shell to treat your arguments as literal ... to do that

$ grep -- '1.1.1.1' *

The double dash (--) tells the system to treat everything behind it as "literal" and NOT switches. Try this and update us if it works for you.