Grep tips

Jump to navigationJump to search

search multiple patterns at once

You can grep for multiple patterns simultaneously without using extended regex sytax (--extended-regexp). Instead you can use multiple -e options. Each -e specifies a separate expression to match and `grep` will match each expression individually -- like an "or" subpattern.

For example the following greps for "ssh" in a `ps` listing, but also includes the column header which would otherwise be lost if you only grepped for "ssh":

# ps axwwo pid,ppid,etime,euser,cmd | grep -i -e ^\\s*PID -e ssh
 5167     1  5-21:11:30 root     /usr/sbin/sshd
 6339  6291  5-21:11:06 noah     /usr/bin/ssh-agent x-session-manager
18562     1  4-01:16:17 noah     xterm -e ssh noah@web10
18563 18562  4-01:16:17 noah     ssh noah@web10

This is equivalent to:

# ps axwwo pid,ppid,etime,euser,cmd | grep -i --extended-regexp ^\\s*PID\|ssh

The first form using multiple -e options makes it easier to add on extra patterns without having to append it to an existing extended regex pattern. This makes it easy to make a nice 'psg' alias (ps grep):

alias psg='ps axwwo pid,ppid,pcpu,pmem,stat,etime,euser,cmd | grep -i -e ^\\s*PID -e '

highlight matches without filtering non-matching lines

Sometimes I want to display a file or output from watching a log with tail -f and highlight pattern matches. I want to actually display all lines. I don't want to filter non-matching lines. This is a bit of an abuse of grep. This is using it as a high-lighting pager.

cat /var/log/auth.log | egrep --color 'root|$'

ack-grep and glark

There there are similar tools to grep that make highlighting easier. One is called `ack-grep` and the other is called `glark`. The `ack-grep` tool is a perl script that works much like grep.

Unfortunately, `glark` is quite a bit slower than `grep`, but this probably doesn't matter in most cases.

One nice feature of `glark` is that it will highlight multiple regex patterns with different colors. The '-o' option below specifies two regexes.

cat /var/log/auth.log | glark --no-filter --highlight=multi -o "root" "noah"

For `ack-grep` the '--passthru' option tells it to print every line even if there is no match. The --color option tells it to color matches even if the output is redirected to a file or pipe. This is useful for piping to a pager.

Highlight all bash shells running:

ps auxww --forest | ack-grep --passthru --color bash

Highlight requests from in an httpd log:

tail -f /var/www/logs/access_log | ack-grep --passthru --color