Grep tips
Contents
print every email address in every file
This prints a list every email address found in every file in the current working directory and every subdirectory. This is not optimized for speed. Each email address is printed once with a count of the number of times it was found. The list is reverse sorted on the counts.
find . -exec cat {} \; | grep -Eio '([[:alnum:]_.-]+@[[:alnum:]_.-]+?\.[[:alpha:].]{2,6})' | sort | uniq -c | sort -r > email_addresses.txt
search multiple patterns at once
You can grep for multiple patterns simultaneously without using extended regex syntax (--extended-regexp). Instead you can use multiple -e options. Each -e specifies a separate expression to match and `grep` will match each expression individually -- like an "or" subpattern.
For example the following greps for "ssh" in a `ps` listing, but also includes the column header which would otherwise be lost if you only grepped for "ssh":
# ps axwwo pid,ppid,etime,euser,cmd | grep -i -e ^\\s*PID -e ssh PID PPID ELAPSED EUSER CMD 5167 1 5-21:11:30 root /usr/sbin/sshd 6339 6291 5-21:11:06 noah /usr/bin/ssh-agent x-session-manager 18562 1 4-01:16:17 noah xterm -e ssh noah@web10 18563 18562 4-01:16:17 noah ssh noah@web10
This is equivalent to:
# ps axwwo pid,ppid,etime,euser,cmd | grep -i --extended-regexp ^\\s*PID\|ssh
The first form using multiple -e options makes it easier to add on extra patterns without having to append it to an existing extended regex pattern. This makes it easy to make a nice 'psg' alias (ps grep):
alias psg='ps axwwo pid,ppid,pcpu,pmem,stat,etime,euser,cmd | grep -i -e ^\\s*PID -e '
highlight matches without filtering non-matching lines
Sometimes I want to display a file or output from watching a log with tail -f and highlight pattern matches. I want to actually display all lines. I don't want to filter non-matching lines. This is a bit of an abuse of grep. This is using it as a high-lighting pager.
cat /var/log/auth.log | egrep --color 'root|$'
ack-grep and glark
There there are similar tools to grep that make highlighting easier. One is called `ack-grep` and the other is called `glark`. The `ack-grep` tool is a perl script that works much like grep.
Unfortunately, `glark` is quite a bit slower than `grep`, but this probably doesn't matter in most cases.
One nice feature of `glark` is that it will highlight multiple regex patterns with different colors. The '-o' option below specifies two regexes.
cat /var/log/auth.log | glark --no-filter --highlight=multi -o "root" "noah"
For `ack-grep` the '--passthru' option tells it to print every line even if there is no match. The --color option tells it to color matches even if the output is redirected to a file or pipe. This is useful for piping to a pager.
Highlight all bash shells running:
ps auxww --forest | ack-grep --passthru --color bash
Highlight requests from 127.0.0.1 in an httpd log:
tail -f /var/www/logs/access_log | ack-grep --passthru --color 127.0.0.1