grep is a very handy program even on it's own, when you combine it with other commands it's functions become limitless. If you've never used it before, grep is a program for matching strings in text. Usually that means outputting a complete line that has text that matches.
[root@host ~]# grep DENY /var/log/messages Dec 6 19:19:30 antonio kernel: Packet log: input DENY eth0 PROTO=17 212.214.131.62:28524 [root@host ~]#
It's important to remember that it will spit out the entire line on which the text matches instead of just the text itself. After all, what would be the use of just seeing the text that matches.
Another way to use grep is to search for a string in several files and send the names of files that have matching strings to stdout.
[root@host ~]# grep -L kernel /var/log/* /var/log/boot.log /var/log/cron /var/log/lastlog /var/log/maillog /var/log/netconf.log /var/log/pacct /var/log/savacct /var/log/secure /var/log/spooler /var/log/uucp /var/log/wtmp /var/log/xferlog [root@host ~]#
The -L option means to suppress the normal output of grep and instead spit out the name of each file from which output would normally have been made.
Another handy option to use in grep is -v, which means give the reverse output. In other words it will send each line or file that does not match the pattern.
[root@host ~]# grep "Dec/2000" /var/log/httpd/* > december-logs [root@host ~]# grep -v "Dec/2000" /var/log/httpd/* >other-months_logs
When you grep through mutliple files there are some useful options that you can use to control your output or the amount of files that you search. The first and most useful of those options is -R, which recurses directories. When you search multiple files the output of grep includes the name of the files that the line match is in, followed by a colon and then the matching line. You can suppress the filename in that output by using the -h option. I use this option all the time at work when we search through our firewall mail reports for a certain IP. Our mail is stored in Maildir/ directories, with multiple files inside.
rootmail@host:~$ grep -h 152.2.48.83 Maildir/cur/* > file rootmail@host:~$ cat file 09:10:12 152.2.48.83 2048 207.9.89.2 548 TCP 09:10:21 152.2.48.83 2048 207.9.89.2 548 TCP 09:10:39 152.2.48.83 2048 207.9.89.2 548 TCP 10:41:16 152.2.48.83 2050 207.9.89.2 548 TCP 12:22:08 152.2.48.83 2048 207.9.89.2 548 TCP 12:22:17 152.2.48.83 2048 207.9.89.2 548 TCP 20:55:01 152.2.48.83 2105 207.9.89.2 548 TCP 21:26:20 152.2.48.83 2048 207.9.89.2 548 TCP 21:26:37 152.2.48.83 2048 207.9.89.2 548 TCP rootmail@host:~$
Then we would read the file 'file' into a mail message to send out to the other ISP that is scanning our network.