The Joel on Software Discussion Group (CLOSED)

A place to discuss Joel on Software. Now closed.

This community works best when people use their real names. Please register for a free account.

Other Groups:
Joel on Software
Business of Software
Design of Software (CLOSED)
.NET Questions (CLOSED)
TechInterview.org
CityDesk
FogBugz
Fog Creek Copilot


The Old Forum


Your hosts:
Albert D. Kallal
Li-Fan Chen
Stephen Jones

Question on grep - can you help me out?

I am not a guru on regular exprssions or unix, could you help me out with the following grep query.

I have firewall logs for a server and I would like to grep for all IPs but one.

i.e. grep 127.0.0 filename: returns all the lines containing 127.0.0

How do I extract all lines but the one containing the IP 127.0.0?

Thanks for your help.
Hank
Thursday, June 08, 2006
 
 
The -v flag prints lines that don't match, so:

grep -v 127.0.0 filename
MarkL
Thursday, June 08, 2006
 
 
-v
Dennis Forbes Send private email
Thursday, June 08, 2006
 
 
sed or awk may be better than grep in this case.

The following command may do what you need:

sed -e '/127\.0\.0\.[0-9]+/d' input_file > output_file

This deletes all lines that contain 127.0.0.* where * is a number.

However, please keep in mind that I'm writing this off the top of my head and I'm not certain that I remember the regular expression rules correctly. I recommend you read up on sed and test the code before you rely on it in a production environment.
TheDavid
Thursday, June 08, 2006
 
 
Err...  to be more precise...  I think the grep -v flag looks for exact matches.  It will screen out 127.0.0 but it will keep 127.0.0.0, 127.0.0.1, 127.0.0.2 and so on.

If you want to omit loopback (localhost) references from the logs, you need to...

grep -v 127.0.0.1 log_filename

If you want to omit all machines on your local area network, then you will need to use wild card characters or pattern matching.
TheDavid
Thursday, June 08, 2006
 
 
No, grep -v "127.0.0" will not keep lines with "127.0.0.0" or "127.0.0.1" because both of these have sub-expressions that match the grep argument.

However, I do believe that there is an additional argument you can pass to grep to say the argument must be a word unto itself, though I can't say I've used it. If you used that argument with -v then perhaps your statement would be true.
Dave Send private email
Thursday, June 08, 2006
 
 
Try


    egrep -vD -e "127.0.0.*" logfile

where -e says interpret as a regular expression

Thursday, June 08, 2006
 
 
Hmm...  I didn't know that.

That's the nice thing about UNIX, it gives you so many ways to shoot yourself in the foot.  :)
TheDavid
Thursday, June 08, 2006
 
 
This should do what you're looking for:

grep -P '^(?!.*127\.0\.0).*$' logfile

It performs a negative lookahead for the '127.0.0' string. If that string appears anywhere in the line, then the line doesn't match.
BenjiSmith Send private email
Thursday, June 08, 2006
 
 
>That's the nice thing about UNIX, it gives you so many
>ways to shoot yourself in the foot.  :)

At least it does allow you to shoot yourself in the foot.
It doesn't say "shooting feet isn't supported"
Or you can shoot yourself in the foot by writing a management console plugin that will pass the data to Word using VBA and then call Excel via com to split it into columns and then write an activeX control to get the columns back as ..........
Martin Send private email
Thursday, June 08, 2006
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz