grep filtering question

Alexmicu · 03-12-2022, 01:36 AM

in /tmp folder, i have around 30 web server log files, i want to retrieve lines with status code 4** and srcip not belong to 127.0.0.1 and 192.168.*.*
I go to /tmp and write below query:
cat *.log | grep "status code:4**"| grep ^127.0.0.1 and ^192.168.*.*
but it said ^127.0.0.1 no such file.
any idea? do we need to use regex?

pan64 · 03-12-2022, 02:03 AM

what you posted is syntactically incorrect.

Code:

grep 'status code: 4..' *.log | grep -v 127.0.0.1 | grep -v '192.168.*.*'

probably works better. Would be nice to learn grep (if you wish to use it)

ondoho · 03-12-2022, 04:58 AM

Quote:

Originally Posted by Alexmicu

in /tmp folder, i have around 30 web server log files, i want to retrieve lines with status code 4** and srcip not belong to 127.0.0.1 and 192.168.*.*
I go to /tmp and write below query:
cat *.log | grep "status code:4**"| grep ^127.0.0.1 and ^192.168.*.*
but it said ^127.0.0.1 no such file.
any idea? do we need to use regex?

Try

Code:

grep 'status code:4..' *.log | grep -vE '^127.0.0.1|^192.168.*'

Though I'm not sure about the syntax - are you sure it's always exactly "status code:" immediately followed by the 4xx status code, no spaces? Are you sure the srcip is always the first thing on each line?
etc.

Alexmicu · 03-12-2022, 08:49 PM

I want to filter out srcip=127.0.0.1 or 192.168.*.*
but we want dstip: 127.0.0.1 or 192.168.*.*

ondoho · 03-13-2022, 03:09 AM

Quote:

Originally Posted by Alexmicu

I want to filter out srcip=127.0.0.1 or 192.168.*.*
but we want dstip: 127.0.0.1 or 192.168.*.*

Sorry but this makes even less sense than your previous post

pan64 · 03-13-2022, 04:04 AM

Quote:

Originally Posted by ondoho

Sorry but this makes even less sense than your previous post

I guess that would be something like source ip and destination ip. Probably that makes some sense.

Quote:

Originally Posted by Alexmicu

any idea? do we need to use regex?

yes

boughtonp · 03-13-2022, 08:52 AM

Quote:

Originally Posted by Alexmicu

in /tmp folder, i have around 30 web server log files, i want to retrieve lines with status code 4** and srcip not belong to 127.0.0.1 and 192.168.*.*

Quote:

Originally Posted by Alexmicu

I want to filter out srcip=127.0.0.1 or 192.168.*.*
but we want dstip: 127.0.0.1 or 192.168.*.*

Post a handful of example lines from those log files, and whether they should be kept/excluded.

(If necessary, replace sensitive information with dummy strings, but don't change the format/structure of the line.)

Also, use "[code]..[/code]" to preserve formatting.