5.8. grep, egrep, fgrep, rgrep - print lines matching a pattern-白红宇

5.8.1. 删除空行

$ cat file | grep '.'

5.8.2. -v, --invert-match

grep -v "grep"

[root@development ~]# ps ax | grep httpd 6284 ?        Ss     0:10 /usr/local/httpd-2.2.14/bin/httpd -k start 8372 ?        S      0:00 perl ./wrapper.pl -chdir -name httpd -class com.caucho.server.resin.Resin restart19136 ?        S      0:00 /usr/local/httpd-2.2.14/bin/httpd -k start19749 pts/1    R+     0:00 grep httpd31530 ?        Sl     0:57 /usr/local/httpd-2.2.14/bin/httpd -k start31560 ?        Sl     1:12 /usr/local/httpd-2.2.14/bin/httpd -k start31623 ?        Sl     1:06 /usr/local/httpd-2.2.14/bin/httpd -k start[root@development ~]# ps ax | grep httpd | grep -v grep 6284 ?        Ss     0:10 /usr/local/httpd-2.2.14/bin/httpd -k start 8372 ?        S      0:00 perl ./wrapper.pl -chdir -name httpd -class com.caucho.server.resin.Resin restart19136 ?        S      0:00 /usr/local/httpd-2.2.14/bin/httpd -k start31530 ?        Sl     0:57 /usr/local/httpd-2.2.14/bin/httpd -k start31560 ?        Sl     1:12 /usr/local/httpd-2.2.14/bin/httpd -k start31623 ?        Sl     1:06 /usr/local/httpd-2.2.14/bin/httpd -k start

5.8.3. Output control

5.8.3.1. -o, --only-matching show only the part of a line matching PATTERN

$ curl -s http://www.example.com | egrep -o '.*' | sed -e 's/.*href="\([^"]*\)".*/\1/'

$ mysqlshow | egrep -o "|\w(.*)\w|"Databasesinformation_schematest

$ cat file.html | grep -o \    -E '\b(([\w-]+://?|www[.])[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|/)))'$ cat file.html | grep -o -E 'href="([^"#]+)"'$ cat sss.html | grep -o -E 'thunder://([^<]+)'

5.8.3.1.1. IP 地址

# grep rhost /var/log/secure | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"

5.8.3.2. 递归操作

递归查询

$ sudo grep -r 'neo' /etc/*

递归替换

for file in $( grep -rl '8800.org' *  | grep -v .svn ); do    echo item: $file	[ -f $file ] && sed -e 's/8800\.org/sf\.net/g' -e 's/netkiller/neo/g' $file >$file.bak; cp $file.bak $file;done

5.8.3.3. -c, --count print only a count of matching lines per FILE

$ cat /etc/resolv.confnameserver localhostnameserver 208.67.222.222nameserver 208.67.220.220nameserver 202.96.128.166nameserver 202.96.134.133$ grep -c nameserver /etc/resolv.conf5

# grep -c GET /www/logs/access.log188460# grep -c POST /www/logs/access.log421

5.8.4. Context control

5.8.4.1. -A, --after-context=NUM print NUM lines of trailing context

返回匹配当前行至下面N行

# grep -A1 game /etc/passwdgames:x:12:100:games:/usr/games:/sbin/nologingopher:x:13:30:gopher:/var/gopher:/sbin/nologin# grep -A2 game /etc/passwdgames:x:12:100:games:/usr/games:/sbin/nologingopher:x:13:30:gopher:/var/gopher:/sbin/nologinftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

5.8.4.2. -B, --before-context=NUM print NUM lines of leading context

返回匹配当前行至上面N行

# grep -B1 game /etc/passwdoperator:x:11:0:operator:/root:/sbin/nologingames:x:12:100:games:/usr/games:/sbin/nologin# grep -B2 game /etc/passwduucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologinoperator:x:11:0:operator:/root:/sbin/nologingames:x:12:100:games:/usr/games:/sbin/nologin

5.8.4.3. -C, --context=NUM print NUM lines of output context

-NUM same as --context=NUM

neo@neo-OptiPlex-380:~$ grep -C 1 new /etc/passwdmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shneo@neo-OptiPlex-380:~$ grep -C 5 new /etc/passwdsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/sh# grep -3 game /etc/passwdmail:x:8:12:mail:/var/spool/mail:/sbin/nologinuucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologinoperator:x:11:0:operator:/root:/sbin/nologingames:x:12:100:games:/usr/games:/sbin/nologingopher:x:13:30:gopher:/var/gopher:/sbin/nologinftp:x:14:50:FTP User:/var/ftp:/sbin/nologinnobody:x:99:99:Nobody:/:/sbin/nologin

5.8.4.4. --color

# grep --color root  /etc/passwdroot:x:0:0:root:/root:/bin/bashoperator:x:11:0:operator:/root:/sbin/nologin

可以通过alias别名启用--color选项

alias egrep='egrep --color=auto'alias fgrep='fgrep --color=auto'alias grep='grep --color=auto'

加入.bashrc中，每次用户登录将自动生效

# enable color support of ls and also add handy aliasesif [ -x /usr/bin/dircolors ]; then    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"    alias ls='ls --color=auto'    #alias dir='dir --color=auto'    #alias vdir='vdir --color=auto'    alias grep='grep --color=auto'    alias fgrep='fgrep --color=auto'    alias egrep='egrep --color=auto'fi

5.8.5. Regexp selection and interpretation

n 开头

$ grep '^n' /etc/passwdnews:x:9:9:news:/var/spool/news:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shneo:x:1000:1000:neo chan,,,:/home/neo:/bin/bashnagios:x:116:127::/var/run/nagios2:/bin/false

bash 结尾

$ grep 'bash$' /etc/passwdroot:x:0:0:root:/root:/bin/bashneo:x:1000:1000:neo chan,,,:/home/neo:/bin/bashpostgres:x:114:124:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bashcvsroot:x:1001:1001:cvsroot,,,,:/home/cvsroot:/bin/bashsvnroot:x:1002:1002:subversion,,,,:/home/svnroot:/bin/bash

中间包含 root

$ grep '.*root' /etc/passwdroot:x:0:0:root:/root:/bin/bashcvsroot:x:1001:1001:cvsroot,,,,:/home/cvsroot:/bin/bashsvnroot:x:1002:1002:subversion,,,,:/home/svnroot:/bin/bash

5.8.5.1. .*

$ curl -s http://www.example.com | egrep -o '.*'

5.8.5.2. 2010:(13|14|15|16)

regular 匹配一组

egrep "2010:(13|14|15|16)"  access.2010-11-18.log > apache.log

ps ax |grep -E "mysqld|httpd|resin"

5.8.5.3. []与{}

源文件

# cat /etc/fstab## /etc/fstab# Created by anaconda on Sat Sep 10 00:25:46 2011## Accessible filesystems, by reference, are maintained under '/dev/disk'# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info#UUID=091f295e-ea6d-4f57-9314-e2333f7ebff7 /                       ext4    defaults        1 1UUID=b3661a0b-2c50-4e18-8030-be2d043cbfc4 /www                    ext4    defaults        1 2UUID=4d3468de-a2ac-451c-b693-3bdca8832096 swap                    swap    defaults        0 0tmpfs                   /dev/shm                tmpfs   defaults        0 0devpts                  /dev/pts                devpts  gid=5,mode=620  0 0sysfs                   /sys                    sysfs   defaults        0 0proc                    /proc                   proc    defaults        0 0

匹配每行包含4个连续字符的字符串的行。

# grep '[A-Z]\{4\}' /etc/fstabUUID=091f295e-ea6d-4f57-9314-e2333f7ebff7 /                       ext4    defaults        1 1UUID=b3661a0b-2c50-4e18-8030-be2d043cbfc4 /www                    ext4    defaults        1 2UUID=4d3468de-a2ac-451c-b693-3bdca8832096 swap                    swap    defaults        0 0

5.8.5.4. -P, --perl-regexp Perl正则表达式

Interpret PATTERN as a Perl regular expression. This is highly experimental and grep -P may warn of unimplemented features.

[neo@netkiller nginx]$ grep -Po '\w+\.js' www.netkiller.cn.access.logindex.jsmin.jsmin.jsmCustomScrollbar.jsmin.jsajax_gd.jsajax.jsvalidation.jsAC_RunActiveContent.jsWdatePicker.jscookie.jsmsg_modal.jsall.jscommon.jscommonjs.jsswfobject.jsdateutil.jsform.jslive800.jslang.jscycle2.jsmin.jscarousel.jstabify.jsimage.jsmin.jsctrl.jspacked.jsmin.jscommon.js

5.8.6. fgrep

^M 处理

fgrep -rl `echo -ne '\r'` .find . -type f -exec grep $'\r' {} +

5.8.7. egrep

egrep = grep -E 在egrep中不许看使用转意字符，例如

# grep '\(oo\).*\1' /etc/passwdroot:x:0:0:root:/root:/bin/bash# grep -E '(oo).*\1' /etc/passwdroot:x:0:0:root:/root:/bin/bash# egrep '(oo).*\1' /etc/passwdroot:x:0:0:root:/root:/bin/bash

$ snmpwalk -v2c -c public 172.16.1.254 | egrep -i 'if(in|out)'for pid in $(ps -axf |grep 'php-cgi' | egrep egrep "0:00.(6|7|8|9)"'{print $1}'); do kill -9 $pid; donefor pid in $(ps -axf |grep 'php-cgi' | egrep "0:(0|1|2|3|4|5)0.(6|7|8|9)" |awk '{print $1}'); do kill -9 $pid; done