Download presentation
Presentation is loading. Please wait.
1
Grep Searches for text in a file Can search for simple words: “chair”
Can look for “regular expressions”; more complex character strings such as “chair” followed by any number of spaces, followed by a digit or lowercase letter.
2
Grep usage grep “something” somefile.txt returns all lines with the word something from somefile.txt grep -v “something” something.txt returns all lines that don't have the word something in them grep -i “something” something.txt returns all lines with a mixed upper and lowercase something in them.
3
Simple regular expressions
“[0-9]” look for any digit “[a-zA-Z]” look for one upper or lowercase letter “.” look for one character “.*” any number of characters “\.” a literal decimal point “\.161:” dot, then 161, then colon “\.161[: ]” dot, then 161, then colon or space
4
Advanced regular expressions
Look for lines that hold either “dog” or “cat” grep -e '(dog|cat)' animalfarm.txt Lines that have cat followed by dog on the same line, but possibly with other characters in between: grep 'cat.*dog' animalfarm.txt cat has to be at the beginning of the line: grep '^cat' animalfarm.txt Look for it at the end of the line: grep 'cat$' animalfarm.txt
5
Ways to use it Three identical ways to search in a file: grep promiscuous messages cat messages | grep promiscuous grep promiscuous <messages Look for something in multiple files: (zcat /var/log/messages.*.gz ; cat /var/log/messages ) | grep 'promiscuous' | less
6
Lab answers SNMP probes: 161,162 Grep “\.16[12][: ].*udp” firewall.log >snmp.txt Inbound Unix traceroute grep “\.33[45][0-9][0-9][: ].*udp” firewall.log >traceroute.txt FW-1 , , , 900, 18207 grep -e “(\.25[6-9][: ]|\.26[0145][: ]|\.900[: ]|\.18207[: ])” firewall.log >fw1.txt Half-life grep “\.27015[: ].*udp” firewall.log >halflife.txt AIX/broken PMTU Size 1500 icmp echo request DF grep “icmp: echo request (DF).*len 1500” firewall.log >aix.txt Note we only get one of these (fw1?)
![Lab answers SNMP probes: 161,162. Grep \.16[12][: ].*udp firewall.log >snmp.txt. Inbound Unix traceroute.](http://slideplayer.com./slide/14546912/90/images/6/Lab+answers+SNMP+probes%3A+161%2C162.+Grep+%5C.16%5B12%5D%5B%3A+%5D.%2Audp+firewall.log+%3Esnmp.txt.+Inbound+Unix+traceroute..jpg "grep \.33[45][0-9][0-9][: ].*udp firewall.log >traceroute.txt. FW , , , 900, grep -e (\.25[6-9][: ]|\.26[0145][: ]|\.900[: ]|\.18207[: ]) firewall.log >fw1.txt. Half-life. grep \.27015[: ].*udp firewall.log >halflife.txt. AIX/broken PMTU. Size 1500 icmp echo request DF. grep icmp: echo request (DF).*len 1500 firewall.log >aix.txt. Note we only get one of these (fw1 )")
7
firewall.log answers 197,128 lines “\.4040[: ]” #CipherIM: 11M!
“\.(80\|8080)[: ]” #Web 10.5M “\.53[: ]” #DNS 0.16M “\.22[: ].*( S \|ack)” #ssh 202K “\.25[: ]” 30K “arp” #26K “ripv1” #4K “148\.64\.147\.168” #118K “\.123[: ]” 4K Result: 5K, 150 lines
![firewall.log answers 197,128 lines \.4040[: ] #CipherIM: 11M!](http://slideplayer.com./slide/14546912/90/images/7/firewall.log+answers+197%2C128+lines+%5C.4040%5B%3A+%5D+%23CipherIM%3A+11M%21.jpg "\.(80\|8080)[: ] #Web 10.5M. \.53[: ] #DNS 0.16M. \.22[: ].*( S \|ack) #ssh 202K. \.25[: ] 30K. arp #26K. ripv1 #4K. 148\.64\.147\.168 #118K. \.123[: ] 4K. Result: 5K, 150 lines.")
Similar presentations
