最後更新: 2019-05-15
目錄
- 一個要小心的錯誤
- skip 某 Folder
- 好用的 -w (whole words)
- Disable regex
- 只找某格式的檔案
- grep 的 return
- 數有幾多行
- Line-Number
- 開頭與結尾(^, $)
- NOT OR AND
- 彩色
- egrep, fgrep
- 面對 Binary 檔
- Regular Expressions
- grep in ps without grep
- Context Line Control
- Line buffered
- 其他常用參數
- Tips
一個要小心的錯誤
grep -v "#" /etc/vsftpd.conf > /etc/vsftpd.conf
它會清空 vsftpd.conf .............
skip 某 Folder
# --exclude-dir=GLOB
* When searching recursively, skip any subdirectory whose base name matches GLOB
cd wordpress
grep -rni --exclude-dir wp-admin 'function ' wordpress
好用的 -w (whole words)
grep -w user /etc/passwd
# 當有 user, user1, user2 存在時, 只有 user 會中
# 會中的有效字 letters, digits, and the underscore
# 不過當 grep -w "test.123" file 時, 它會中 "testx123"
Disable regex
-F, --fixed-strings # Interpret PATTERN as a list of fixed strings
Matcher Selection
- -F, --fixed-strings
- -E, --extended-regexp # Default
- -P, --perl-regexp
只找某格式的檔案
[方案1] --include
grep -rl --include=*.txt YOUR_STRING .
[方案2] 配合 find
find . -name "*.php" -exec grep -rl YOUR_STRING '{}' \;
grep 的 return
- normally: 0
- found: 1
- error: 2
數有幾多行
cat file.txt | grep something |wc -l
何不:
grep -c something file.txt
Line-Number
-n, --line-number
開頭與結尾(^, $)
grep ^apple test.txt
grep apple$ test.txt
NOT OR AND
not:
grep -v "#" /etc/vsftpd.conf
or:
grep [ae] test.txt
grep -e apple -e banana test.txt
grep "app\|pear" test.txt
egrep 'app|pear' test.txt
and:
無次序:
grep apple test.txt | grep pear
有次序:
egrep apple.*pear test.txt
彩色
--color
egrep, fgrep
- egrep --> grep -E
- fgrep --> grep -F
面對 Binary 檔
-a, --text
Process a binary file as if it were text;
this is equivalent to the --binary-files=text option.
沒有加 "-a" 時
grep CONFIG_LOG_BUF_SHIFT /boot/config-*
Binary file /boot/config-3.10.0-1160.31.1.el7.x86_64 matches
Regular Expressions
- BRE(basic-regexp): 沒有 ?, +, {, |, (, and )
- ERE (extended-regexp) (-E, --extended-regexp)
- Perl regular expression(-P, --perl-regexp)
P.S.
很多時它們會配合 "-o, --only-matching" 使用
-o # Print only the matched (non-empty) parts of a matching line,
with each such part on a separate output line.
i.e. 只要 mail ID
mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- 11A60E0398 92617 Fri Sep 10 15:41:53 [email protected] ...
mailq | grep -oE [A-Z0-9]{10}
11A60E0398
Basic 可用的如下: (-G, --basic-regexp -e, --regexp)
- . # any single character, except a newline
- * # zero or more
- [^...] # not
- [0-9] # [[:digit:]]
- [a-z] # [[:lower:]]
- [A-Z] # [[:upper:]]
- [A-Za-z] # [[:alpha:]]
- [0-9A-Za-z] # [[:alnum:]] <-- \w is a synonym for [_[:alnum:]] ( \W= [^_[:alnum:]] )
- ' ' # [[:space:]]
- [ \t] # [[:blank:]]
- [A-Fa-f0-9] # [[:xdigit:]]
- ^, $ # 頭, 尾
- \< and \> # respectively match the empty string at the beginning and end of a word.
應用
在 maillog 找 from 某人時
# 不可以 "from=<*@remote.domain>", 因為 * 是形容前置字符數量
grep "from=<.*@remote.domain>" /var/log/maillog
from=<x@mydomain> to=<[email protected]>
解決
grep "from=<[[:alnum:]]*@remote.domain\>" /var/log/maillog
OR
grep "from=<[0-9A-Za-z]*@remote.domain\>" /var/log/maillog
簡寫
grep "from=<\w*@remote.domain\>" /var/log/maillog
Extended (-E, --extended-regexp)
- ? # zero or one
- + # one or more
- {n,m} # minimum n and the maximum m
- | # or
- (, ) # 對應 $1, $2
group
(?:) 名叫 Non capturing group
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png)$ no-gzip dont-vary
依上例, 它是沒有 Group1 的
\<(.+?)\> [^<]*? \</\1\>
grep in ps without grep
ps aux | grep perl | grep -v grep
OR
ps aux | grep [p]erl
Show line After/Before hit keyword
-B NUM, --before-context=NUM
Print NUM lines of trailing context after matching lines.
-A NUM, --after-context=NUM
Print NUM lines of trailing context after matching lines.
-C NUM, -NUM, --context=NUM
Print NUM lines of output context.
Example
grep -A 2 'keyword' /path/to/file
grep -B 2 'keyword' /path/to/file
docker info | grep 'Storage Driver' -A 4 Storage Driver: aufs Root Dir: /volume1/@docker/aufs Backing Filesystem: extfs Dirs: 14 Dirperm1 Supported: true
Line buffered
--line-buffered
Use line buffering on output. This can cause a performance penalty.
其他常用參數
- -i # 不分大小寫
- -r # 整個目錄及其下所有層
- -x # 中一整行
- -L # show files-without-match
- -l # input file
- -h, --no-filename # Suppress the prefixing of file names on output.
- -m NUM, --max-count=NUM # Stop reading a file after NUM matching lines
Tips
[1] 找出特定檔案有某字串
[錯誤] cat */.sieve | grep yahoo
[正確] grep -l yahoo */.sieve