LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   grep filtering question (https://www.linuxquestions.org/questions/linux-general-1/grep-filtering-question-4175709307/)

Alexmicu 03-12-2022 01:36 AM
grep filtering question
 
in /tmp folder, i have around 30 web server log files, i want to retrieve lines with status code 4** and srcip not belong to 127.0.0.1 and 192.168.*.*
I go to /tmp and write below query:
cat *.log | grep "status code:4**"| grep ^127.0.0.1 and ^192.168.*.*
but it said ^127.0.0.1 no such file.
any idea? do we need to use regex?

pan64 03-12-2022 02:03 AM
what you posted is syntactically incorrect.
Code:
grep 'status code: 4..' *.log | grep -v 127.0.0.1 | grep -v '192.168.*.*'
probably works better. Would be nice to learn grep (if you wish to use it)

ondoho 03-12-2022 04:58 AM
Quote:
Originally Posted by Alexmicu (Post 6337389)
in /tmp folder, i have around 30 web server log files, i want to retrieve lines with status code 4** and srcip not belong to 127.0.0.1 and 192.168.*.*
I go to /tmp and write below query:
cat *.log | grep "status code:4**"| grep ^127.0.0.1 and ^192.168.*.*
but it said ^127.0.0.1 no such file.
any idea? do we need to use regex?
Try
Code:
grep 'status code:4..' *.log | grep -vE '^127.0.0.1|^192.168.*'
Though I'm not sure about the syntax - are you sure it's always exactly "status code:" immediately followed by the 4xx status code, no spaces? Are you sure the srcip is always the first thing on each line?
etc.

Alexmicu 03-12-2022 08:49 PM
I want to filter out srcip=127.0.0.1 or 192.168.*.*
but we want dstip: 127.0.0.1 or 192.168.*.*

ondoho 03-13-2022 03:09 AM
Quote:
Originally Posted by Alexmicu (Post 6337710)
I want to filter out srcip=127.0.0.1 or 192.168.*.*
but we want dstip: 127.0.0.1 or 192.168.*.*
Sorry but this makes even less sense than your previous post :scratch:

pan64 03-13-2022 04:04 AM
Quote:
Originally Posted by ondoho (Post 6337774)
Sorry but this makes even less sense than your previous post :scratch:
I guess that would be something like source ip and destination ip. Probably that makes some sense.

Quote:
Originally Posted by Alexmicu (Post 6337389)
any idea? do we need to use regex?
yes

boughtonp 03-13-2022 08:52 AM
Quote:
Originally Posted by Alexmicu (Post 6337389)
in /tmp folder, i have around 30 web server log files, i want to retrieve lines with status code 4** and srcip not belong to 127.0.0.1 and 192.168.*.*
Quote:
Originally Posted by Alexmicu (Post 6337710)
I want to filter out srcip=127.0.0.1 or 192.168.*.*
but we want dstip: 127.0.0.1 or 192.168.*.*
Post a handful of example lines from those log files, and whether they should be kept/excluded.

(If necessary, replace sensitive information with dummy strings, but don't change the format/structure of the line.)

Also, use "[code]..[/code]" to preserve formatting.


All times are GMT -5. The time now is 11:33 PM.