1 / 7

Grep

Grep. Searches for text in a file Can search for simple words: “chair” Can look for “regular expressions”; more complex character strings such as “chair” followed by any number of spaces, followed by a digit or lowercase letter. Grep usage.

zandra
Download Presentation

Grep

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Grep • Searches for text in a file • Can search for simple words: “chair” • Can look for “regular expressions”; more complex character strings such as “chair” followed by any number of spaces, followed by a digit or lowercase letter.

  2. Grep usage • grep “something” somefile.txt returns all lines with the word something from somefile.txt • grep -v “something” something.txt returns all lines that don't have the word something in them • grep -i “something” something.txt returns all lines with a mixed upper and lowercase something in them.

  3. Simple regular expressions • “[0-9]” look for any digit • “[a-zA-Z]” look for one upper or lowercase letter • “.” look for one character • “.*” any number of characters • “\.” a literal decimal point • “\.161:” dot, then 161, then colon • “\.161[: ]” dot, then 161, then colon or space

  4. Advanced regular expressions • Look for lines that hold either “dog” or “cat” • grep -e '(dog|cat)' animalfarm.txt • Lines that have cat followed by dog on the same line, but possibly with other characters in between: • grep 'cat.*dog' animalfarm.txt • cat has to be at the beginning of the line: • grep '^cat' animalfarm.txt • Look for it at the end of the line: • grep 'cat$' animalfarm.txt

  5. Ways to use it • Three identical ways to search in a file: • grep promiscuous messages • cat messages | grep promiscuous • grep promiscuous <messages • Look for something in multiple files: • (zcat /var/log/messages.*.gz ; cat /var/log/messages ) | grep 'promiscuous' | less

  6. Lab answers • SNMP probes: 161,162 • Grep “\.16[12][: ].*udp” firewall.log >snmp.txt • Inbound Unix traceroute • grep “\.33[45][0-9][0-9][: ].*udp” firewall.log >traceroute.txt • FW-1 • 256-259, 260-261, 264-265, 900, 18207 • grep -e “(\.25[6-9][: ]|\.26[0145][: ]|\.900[: ]|\.18207[: ])” firewall.log >fw1.txt • Half-life • grep “\.27015[: ].*udp” firewall.log >halflife.txt • AIX/broken PMTU • Size 1500 icmp echo request DF • grep “icmp: echo request (DF).*len 1500” firewall.log >aix.txt • Note we only get one of these (fw1?)

  7. firewall.log answers • 197,128 lines • “\.4040[: ]” #CipherIM: 11M! • “\.(80\|8080)[: ]” #Web 10.5M • “\.53[: ]” #DNS 0.16M • “\.22[: ].*( S \|ack)” #ssh 202K • “\.25[: ]” 30K • “arp” #26K • “ripv1” #4K • “148\.64\.147\.168” #118K • “\.123[: ]” 4K • Result: 5K, 150 lines

More Related