-   Linux - General (
-   -   tail and grep issue (

Wim Sturkenboom 02-04-2008 07:28 AM

tail and grep issue
I'm trying to access a non-existing page on 'my' webserver. When I run tail -f /var/log/httpd/error_log, I immediately see the error in the log. However, when I run tail -f /var/log/httpd/error_log |grep -v favico |grep -v cc.css, I have to request the non-existing page 5 times before the 5 expected errors are displayed.

Removing one of the 2 greps (it does not matter which one) also gives the expected results.

Can someone explain why this would be the case?

PS 1
The non-existing page is an example, it also happens in other situations.

PS 2
Just in case it's relevant, Slackware 12 without updates and running the commands as root.

nileshgr 02-04-2008 07:48 AM

use this-


tail -f /var/log/httpd/error_log | egrep ^favico$
this should work.

Matir 02-04-2008 08:10 AM

The delay is probably due to grep performing some sort of buffering as the lines come in. Try using grep --line-buffered or similar.

Wim Sturkenboom 02-05-2008 12:06 AM

Thanks for the replies.

Sorry, but your solution did not work; as far as I understand regexps, the '^' in your code indicates beginning of line and not invert result. I might be wrong but I think that that's why it did not work.

That did the trick.

nilesh' answer however triggered another question.

The man pages state that egrep and grep -e are the same. I however can not figure out how that is the case. From the below, I understand that egrep is a link to another egrep which in turn is a link to grep. Nowhere the -e option is passed which makes me wonder if -e is not the default behaviour of grep.

wim@lbtd-techweb01:~$ ls -l /usr/bin/egrep
lrwxrwxrwx 1 root root 15 2007-09-19 09:37 /usr/bin/egrep -> ../../bin/egrep*
wim@lbtd-techweb01:~$ ls -l /bin/egrep
lrwxrwxrwx 1 root root 4 2007-09-19 09:37 /bin/egrep -> grep*
wim@lbtd-techweb01:~$ ls -l /bin/grep
-rwxr-xr-x 1 root root 129768 2006-08-07 02:53 /bin/grep*

former33t 02-05-2008 08:16 AM

You'll see this often with *nix programs. A single program (one binary with several links to the binary) can be given several names. When the program is run, one of the parameters passed to the program by the OS (even if you don't pass any) is the name of the progam. Running egrep (which invokes the grep binary) internally just does the same thing as passing the -e flag.

Wim Sturkenboom 02-05-2008 10:51 PM

Thanks. Your explanation was not 100% clear to me, but other sources filled the missing holes and now it's clear


You missed the fact that argv[0] recalls the name of the binary being executed. In other words, grep violates GNU Coding standards (which say that a binary should behave independently of the name it was called by) in order to implicitly turn on -e if invoked by the name 'egrep'.
Thanks again.

former33t 02-06-2008 08:19 AM

No problem. I was trying to keep it simple and keep terms like argv[0] out of the explanation. Glad it helped.

All times are GMT -5. The time now is 01:43 PM.