How to grep several files or an entire directory in linux

If you have a Linux syslog-server, which you have not bothered to make a front end for, you may find it useful to grep through several files at once.
I am sure there is plentiful of other scenarios this applies as well, so here goes. =)

You can grep an entire directory and its files within, using the recursive-switch “-r” and you may also limit the grep to certain files using wild cards

root@Syslogsrv:~# grep -r 172.18.2.24 /var/log/FWsyslog/
/var/log/FWsyslog/2012-04-10:April 10 16:01:37 10.0.0.1 : %ASA-session-4-106023: Deny udp src clientintf:172.18.2.24/123 dst outside:8.8.8.8/123 by access-group “test_acl” [0x0, 0x0]
/var/log/FWsyslog/2012-04-10:April 10 16:02:41 10.0.0.1 : %ASA-session-4-106023: Deny udp src clientintf:172.18.2.24/123 dst outside:8.8.8.8/123 by access-group “test_acl” [0x0, 0x0]
/var/log/FWsyslog/2012-05-14:May 14 20:45:29 10.0.0.1 : %ASA-session-4-106023: Deny udp src clientintf:172.18.2.24/123 dst outside:8.8.8.8/123 by access-group “test_acl” [0x0, 0x0]
/var/log/FWsyslog/2012-05-14:May 14 20:45:33 10.0.0.1 : %ASA-session-4-106023: Deny udp src clientintf:172.18.2.24/123 dst outside:8.8.8.8/123 by access-group “test_acl” [0x0, 0x0]
root@Syslogsrv:~# grep -r 172.18.2.24 /var/log/FWsyslog/2012-05*
May 14 20:45:29 10.0.0.1 : %ASA-session-4-106023: Deny udp src clientintf:172.18.2.24/123 dst outside:8.8.8.8/123 by access-group “test_acl” [0x0, 0x0]
May 14 20:45:33 10.0.0.1 : %ASA-session-4-106023: Deny udp src clientintf:172.18.2.24/123 dst outside:8.8.8.8/123 by access-group “test_acl” [0x0, 0x0]
root@Syslogsrv:~# grep -r 172.18.2.24 /var/log/FWsyslog/2012-*10
April 10 16:01:37 10.0.0.1 : %ASA-session-4-106023: Deny udp src clientintf:172.18.2.24/123 dst outside:8.8.8.8/123 by access-group “test_acl” [0x0, 0x0]
April 10 16:02:41 10.0.0.1 : %ASA-session-4-106023: Deny udp src clientintf:172.18.2.24/123 dst outside:8.8.8.8/123 by access-group “test_acl” [0x0, 0x0]

root@Syslogsrv:~# grep -r 172.18.2.24 /var/log/FWsyslog/2012-*1*
/var/log/FWsyslog/2012-04-10:April 10 16:01:37 10.0.0.1 : %ASA-session-4-106023: Deny udp src clientintf:172.18.2.24/123 dst outside:8.8.8.8/123 by access-group “test_acl” [0x0, 0x0]
/var/log/FWsyslog/2012-04-10:April 10 16:02:41 10.0.0.1 : %ASA-session-4-106023: Deny udp src clientintf:172.18.2.24/123 dst outside:8.8.8.8/123 by access-group “test_acl” [0x0, 0x0]
/var/log/FWsyslog/2012-05-14:May 14 20:45:29 10.0.0.1 : %ASA-session-4-106023: Deny udp src clientintf:172.18.2.24/123 dst outside:8.8.8.8/123 by access-group “test_acl” [0x0, 0x0]
/var/log/FWsyslog/2012-05-14:May 14 20:45:33 10.0.0.1 : %ASA-session-4-106023: Deny udp src clientintf:172.18.2.24/123 dst outside:8.8.8.8/123 by access-group “test_acl” [0x0, 0x0]

From the examples above, you will see that a grep which only yields results from one file will omit the file name.
You can use the “-H” switch in order to print file name regardless.

root@Syslogsrv:~# grep -r -H 172.18.2.24 /var/log/FWsyslog/2012-05*
/var/log/FWsyslog/2012-05-14:May 14 20:45:29 10.0.0.1 : %ASA-session-4-106023: Deny udp src clientintf:172.18.2.24/123 dst outside:8.8.8.8/123 by access-group “test_acl” [0x0, 0x0]
/var/log/FWsyslog/2012-05-14:May 14 20:45:33 10.0.0.1 : %ASA-session-4-106023: Deny udp src clientintf:172.18.2.24/123 dst outside:8.8.8.8/123 by access-group “test_acl” [0x0, 0x0]

I have read several places that grep is one of the most powerful utilities in Linux and I hope this post may assist you in using Linux more effectively. =)

 

Gos

Download as PDF
5.00 avg. rating (99% score) - 1 vote

Author: Gos

Have been working in the IT business since 2003 and have had network and security as field of focus since 2008.

Leave a Reply

Your email address will not be published. Required fields are marked *