Grep tips
Contents
search multiple patterns at once
You can grep for multiple patterns simultaneously without using extended regex sytax (--extended-regexp). Instead you can use multiple -e options. Each -e specifies a separate expression to match and `grep` will match each expression individually -- like an "or" subpattern.
For example the following greps for "ssh" in a `ps` listing, but also includes the column header which would otherwise be lost if you only grepped for "ssh":
# ps axwwo pid,ppid,etime,euser,cmd | grep -i -e ^\\s*PID -e ssh PID PPID ELAPSED EUSER CMD 5167 1 5-21:11:30 root /usr/sbin/sshd 6339 6291 5-21:11:06 noah /usr/bin/ssh-agent x-session-manager 18562 1 4-01:16:17 noah xterm -e ssh noah@web10 18563 18562 4-01:16:17 noah ssh noah@web10
This is equivalent to:
# ps axwwo pid,ppid,etime,euser,cmd | grep -i --extended-regexp ^\\s*PID\|ssh
The first form using multiple -e options makes it easier to add on extra patterns without having to append it to an existing extended regex pattern. This makes it easy to make a nice 'psg' alias (ps grep):
alias psg='ps axwwo pid,ppid,pcpu,pmem,stat,etime,euser,cmd | grep -i -e ^\\s*PID -e '
Use grep to highlight matches without filtering non-matching lines
Sometimes I want to display a file or output from watching a log with tail -f and highlight pattern matches. I want to actually display all lines. I don't want to filter non-matching lines. This is a bit of an abuse of grep. This is using it as a high-lighting pager.
cat /var/log/auth.log | egrep --color 'root|$'
ack-grep and glark
There there is a tool similar to grep that just does highlighting called ack or `ack-grep`. It's perl script that works much like grep. The '--passthru' option tells it to print every line even if there is no match. The --color option tells it to color matches even if the output is redirected to a file or pipe. This is useful for piping to a pager.
Unfortunately, `glark` is quite a bit slower than `grep`, but this probably doesn't matter in most cases.
One nice feature of `glark` is that it will highlight multiple regex patterns with different colors. The '-o' option below specifies two regexes.
cat /var/log/auth.log | glark --no-filter --highlight=multi -o "root" "noah"
Highlight all bash shells running:
ps auxww --forest | ack-grep --passthru --color bash
Highlight requests from 127.0.0.1 in an httpd log:
tail -f /var/www/logs/access_log | ack-grep --passthru --color 127.0.0.1