RSS Feed

The Joel on Software Discussion Group (CLOSED)

I am not a guru on regular exprssions or unix, could you help me out with the following grep query.

I have firewall logs for a server and I would like to grep for all IPs but one.

i.e. grep 127.0.0 filename: returns all the lines containing 127.0.0

How do I extract all lines but the one containing the IP 127.0.0?

Thanks for your help.

The -v flag prints lines that don't match, so:

grep -v 127.0.0 filename

-v

sed or awk may be better than grep in this case.

The following command may do what you need:

sed -e '/127\.0\.0\.[0-9]+/d' input_file > output_file

This deletes all lines that contain 127.0.0.* where * is a number.

However, please keep in mind that I'm writing this off the top of my head and I'm not certain that I remember the regular expression rules correctly. I recommend you read up on sed and test the code before you rely on it in a production environment.

Err...  to be more precise...  I think the grep -v flag looks for exact matches.  It will screen out 127.0.0 but it will keep 127.0.0.0, 127.0.0.1, 127.0.0.2 and so on.

If you want to omit loopback (localhost) references from the logs, you need to...

grep -v 127.0.0.1 log_filename

If you want to omit all machines on your local area network, then you will need to use wild card characters or pattern matching.

No, grep -v "127.0.0" will not keep lines with "127.0.0.0" or "127.0.0.1" because both of these have sub-expressions that match the grep argument.

However, I do believe that there is an additional argument you can pass to grep to say the argument must be a word unto itself, though I can't say I've used it. If you used that argument with -v then perhaps your statement would be true.

Try


    egrep -vD -e "127.0.0.*" logfile

where -e says interpret as a regular expression

Hmm...  I didn't know that.

That's the nice thing about UNIX, it gives you so many ways to shoot yourself in the foot.  :)

This should do what you're looking for:

grep -P '^(?!.*127\.0\.0).*$' logfile

It performs a negative lookahead for the '127.0.0' string. If that string appears anywhere in the line, then the line doesn't match.

>That's the nice thing about UNIX, it gives you so many
>ways to shoot yourself in the foot.  :)

At least it does allow you to shoot yourself in the foot.
It doesn't say "shooting feet isn't supported"
Or you can shoot yourself in the foot by writing a management console plugin that will pass the data to Word using VBA and then call Excel via com to split it into columns and then write an activeX control to get the columns back as ..........