Linux find text in files


If you need to find text in file or multiple files on a Linux system you can use grep (global regular expression print) in a very efficient way to do so.  Here are few examples that I commonly use.


Find text in files into a directory

Use this command to find the text you are looking for within the directory

cd /path/to/directory/
grep "some text" *

If you want to select only those lines containing matches that form whole words use the -w switch (–word-regexp). If you search for “word” this will NOT display words like someword, word123, etc.

grep -w "match text" *

If you don’t know the capitalization of words and want to ignore case distinctions use the -i switch (–ignore-case). If you search for “word” it will display Word, WORD, word, wORD, etc.

grep -i "match text" *

And the most often used command for me is recursive search -r switch (–recursive)

grep -r "match text" .
# OR
grep -r "match text" /path/to/directory/

And finally few examples that i use the most


1. Find text in files recursive

Invoke -w (–word-regexp) and -r (–recursive) switch:

grep -wr "my string" /path/to/starting/directory/

2. Find text in files case insensitive and recursive

Invoke -i (–ignore-case) and -r (–recursive) switch

grep -ir "my string" /path/to/starting/directory/

3. Find multiple words in files

To find two different words you must use egrep

egrep -w "word1|word2" /path/to/starting/directory/

This days i use this to search trough logs, mostly apache, nginx and mail logs.

Also don’t forget to use zgrep. Zgrep  invokes  grep  on  compressed  or gzipped files.  All options specified are passed directly to grep.

For this we will use grep case insensitive because sometimes mail addresses can have Capital letters in the user First and Last Names.

grep -wi "[email protected]" /var/log/mail.*
zgrep -wi "[email protected]" /var/log/mail.*.gz

This will output file and date when the mail was sent to the user, and than you can grep the time to get all the logs for that time:

grep -wi "Feb 11 12:29:" /var/log/mail.log
zgrep -wi "Jan 17 00:05:" /var/log/mail.log.4.gz

You can now easy look at the log:

Feb 11 12:29:54 vmhost postfix/pickup[18821]: D177E38E466C: uid=5022 from=<web24>
Feb 11 12:29:55 vmhost postfix/cleanup[23697]: D177E38E466C: message-id=<[email protected]>
Feb 11 12:29:55 vmhost postfix/qmgr[26558]: D177E38E466C: from=<[email protected]>, size=1113, nrcpt=1 (queue active)
Feb 11 12:29:59 vmhost postfix/smtpd[23719]: connect from localhost[127.0.0.1]
Feb 11 12:29:59 vmhost postfix/smtpd[23719]: 608F938E4697: client=localhost[127.0.0.1]
Feb 11 12:29:59 vmhost postfix/cleanup[23697]: 608F938E4697: message-id=<[email protected]>
Feb 11 12:29:59 vmhost postfix/qmgr[26558]: 608F938E4697: from=<[email protected]>, size=1565, nrcpt=1 (queue active)
Feb 11 12:29:59 vmhost postfix/smtpd[23719]: disconnect from localhost[127.0.0.1]
Feb 11 12:29:59 vmhost amavis[15551]: (15551-15) Passed CLEAN, <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: xnXNT-pmznB1, Hits: 0.798, size: 1113, queued_as: 608F938E4697, 4153 ms
Feb 11 12:29:59 vmhost postfix/smtp[23700]: D177E38E466C: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.3, delays=0.91/0.16/0.13/4.1, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=15551-15, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 608F938E4697)
Feb 11 12:29:59 vmhost postfix/qmgr[26558]: D177E38E466C: removed

This ware just few command i usually use, look at the man page for more options.

grep man pagehttp://linuxcommand.org/man_pages/grep1.html



Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Advertisement