Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am new to shell script. My requirement is to list user information from remote log files. For that purpose wrote shell script as below(For security reason masked real value)
Code
ssh -i /home/user/.ssh/id_rsa user@hostname zgrep -i -B8 "Decision from API: DECLINED" /path1/pah2/path3/logfile.gz|zgrep "API detection is enabled"
The issue is the above command, if executed from remote terminal will provide the result as expected, but if we run as shell script from the host server the output varies.
This i think grep stop searches after finding the first pattern("Decision from API") and returns the record which is having logs other than "Declined" also.
I am new to shell script. My requirement is to list user information from remote log files. For that purpose wrote shell script as below(For security reason masked real value)
Code
ssh -i /home/user/.ssh/id_rsa user@hostname zgrep -i -B8 "Decision from API: DECLINED" /path1/pah2/path3/logfile.gz|zgrep "API detection is enabled"
The issue is the above command, if executed from remote terminal will provide the result as expected, but if we run as shell script from the host server the output varies.
This i think grep stop searches after finding the first pattern("Decision from API") and returns the record which is having logs other than "Declined" also.
Could you please advise how to fix.
Remote and logon user has the same account privileges?
Are they logon also to the same profile with remote user?
Welcome to the forum. It helps to put [code] [/code] tags around actual code to make it more readable. The second zgrep should be a regular grep since it is dealing with regular text output from the first one:
Code:
ssh -i /home/user/.ssh/id_rsa user@hostname 'zgrep -i -h -B8 "Decision from API: DECLINED" /path1/pah2/path3/logfile.gz' \
| grep "API detection is enabled"
The zgrep runs on the remote computer. The grep runs on the local one.
The -h option might also help, since you won't need the file name included. See "man grep"
The ssh command is evaluated twice, once on the calling host and once on the remote host.
The calling host removes the "quotes", and they are missing on the remote site.
Some work-arounds:
Code:
ssh -i /home/user/.ssh/id_rsa user@hostname zgrep -i -B8 \"Decision from API: DECLINED\" /path1/pah2/path3/logfile.gz | zgrep "API detection is enabled"
The calling host replaces the escaped " by a ". The | zgrep ... runs on the calling host.
Code:
ssh -i /home/user/.ssh/id_rsa user@hostname 'zgrep -i -B8 "Decision from API: DECLINED" /path1/pah2/path3/logfile.gz' | zgrep "API detection is enabled"
The calling host sees the 'string in ticks' and removes the ticks. The | zgrep ... runs on the calling host.
Code:
ssh -i /home/user/.ssh/id_rsa user@hostname 'zgrep -i -B8 "Decision from API: DECLINED" /path1/pah2/path3/logfile.gz | zgrep "API detection is enabled"'
The calling host sees the 'string in ticks' and removes the ticks. The | zgrep ... runs on the remote host.
Welcome to the forum. It helps to put [code] [/code] tags around actual code to make it more readable. The second zgrep should be a regular grep since it is dealing with regular text output from the first one:
Code:
ssh -i /home/user/.ssh/id_rsa user@hostname 'zgrep -i -h -B8 "Decision from API: DECLINED" /path1/pah2/path3/logfile.gz' \
| grep "API detection is enabled"
The zgrep runs on the remote computer. The grep runs on the local one.
The -h option might also help, since you won't need the file name included. See "man grep"
The ssh command is evaluated twice, once on the calling host and once on the remote host.
The calling host removes the "quotes", and they are missing on the remote site.
Some work-arounds:
Code:
ssh -i /home/user/.ssh/id_rsa user@hostname zgrep -i -B8 \"Decision from API: DECLINED\" /path1/pah2/path3/logfile.gz | zgrep "API detection is enabled"
The calling host replaces the escaped " by a ". The | zgrep ... runs on the calling host.
Code:
ssh -i /home/user/.ssh/id_rsa user@hostname 'zgrep -i -B8 "Decision from API: DECLINED" /path1/pah2/path3/logfile.gz' | zgrep "API detection is enabled"
The calling host sees the 'string in ticks' and removes the ticks. The | zgrep ... runs on the calling host.
Code:
ssh -i /home/user/.ssh/id_rsa user@hostname 'zgrep -i -B8 "Decision from API: DECLINED" /path1/pah2/path3/logfile.gz | zgrep "API detection is enabled"'
The calling host sees the 'string in ticks' and removes the ticks. The | zgrep ... runs on the remote host.
If the last character in a line is a backslash \ then it tells the shell interpreter that things are continued on the next line. Sometimes it is easier to read when separate instructions are on separate lines even if they are piped from one to the next.
The single quote just groups things for sending to the remote server. Everything else after that is done locally.
Last edited by Turbocapitalist; 08-15-2018 at 06:14 AM.
Reason: spelling
Usually I avoid a \ at line ends, because copy/paste sometimes adds a space character at the very end.
Instead I break a long line into logical blocks, like this
Code:
ssh -i /home/user/.ssh/id_rsa user@hostname '
zgrep -i -B8 "Decision from API: DECLINED" /path1/pah2/path3/logfile.gz | grep "API detection is enabled"
'
The remote shell
sees the two empty lines and ignores them.
sees the indented command, and this has no impact.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.