Linux find text in files
If you need to find text in file or multiple files on a Linux system you can use grep (global regular expression print) in a very efficient way to do so. Here are few examples that I commonly use.
Find text in files into a directory
Use this command to find the text you are looking for within the directory
cd /path/to/directory/ grep "some text" *
If you want to select only those lines containing matches that form whole words use the -w switch (–word-regexp). If you search for “word” this will NOT display words like someword, word123, etc.
grep -w "match text" *
If you don’t know the capitalization of words and want to ignore case distinctions use the -i switch (–ignore-case). If you search for “word” it will display Word, WORD, word, wORD, etc.
grep -i "match text" *
And the most often used command for me is recursive search -r switch (–recursive)
grep -r "match text" . # OR grep -r "match text" /path/to/directory/
And finally few examples that i use the most
1. Find text in files recursive
Invoke -w (–word-regexp) and -r (–recursive) switch:
grep -wr "my string" /path/to/starting/directory/
2. Find text in files case insensitive and recursive
Invoke -i (–ignore-case) and -r (–recursive) switch
grep -ir "my string" /path/to/starting/directory/
3. Find multiple words in files
To find two different words you must use egrep
egrep -w "word1|word2" /path/to/starting/directory/
This days i use this to search trough logs, mostly apache, nginx and mail logs.
Also don’t forget to use zgrep. Zgrep invokes grep on compressed or gzipped files. All options specified are passed directly to grep.
For this we will use grep case insensitive because sometimes mail addresses can have Capital letters in the user First and Last Names.
grep -wi "[email protected]" /var/log/mail.* zgrep -wi "[email protected]" /var/log/mail.*.gz
This will output file and date when the mail was sent to the user, and than you can grep the time to get all the logs for that time:
grep -wi "Feb 11 12:29:" /var/log/mail.log zgrep -wi "Jan 17 00:05:" /var/log/mail.log.4.gz
You can now easy look at the log:
Feb 11 12:29:54 vmhost postfix/pickup[18821]: D177E38E466C: uid=5022 from=<web24> Feb 11 12:29:55 vmhost postfix/cleanup[23697]: D177E38E466C: message-id=<[email protected]> Feb 11 12:29:55 vmhost postfix/qmgr[26558]: D177E38E466C: from=<[email protected]>, size=1113, nrcpt=1 (queue active) Feb 11 12:29:59 vmhost postfix/smtpd[23719]: connect from localhost[127.0.0.1] Feb 11 12:29:59 vmhost postfix/smtpd[23719]: 608F938E4697: client=localhost[127.0.0.1] Feb 11 12:29:59 vmhost postfix/cleanup[23697]: 608F938E4697: message-id=<[email protected]> Feb 11 12:29:59 vmhost postfix/qmgr[26558]: 608F938E4697: from=<[email protected]>, size=1565, nrcpt=1 (queue active) Feb 11 12:29:59 vmhost postfix/smtpd[23719]: disconnect from localhost[127.0.0.1] Feb 11 12:29:59 vmhost amavis[15551]: (15551-15) Passed CLEAN, <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: xnXNT-pmznB1, Hits: 0.798, size: 1113, queued_as: 608F938E4697, 4153 ms Feb 11 12:29:59 vmhost postfix/smtp[23700]: D177E38E466C: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.3, delays=0.91/0.16/0.13/4.1, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=15551-15, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 608F938E4697) Feb 11 12:29:59 vmhost postfix/qmgr[26558]: D177E38E466C: removed
This ware just few command i usually use, look at the man page for more options.
grep man page: http://linuxcommand.org/man_pages/grep1.html