Searching for patterns of text in files or text streams is one of the most common tasks you'll perform in your sysadmin career. This is a valuable skill that allows you to check a variety of system configurations, analyze data, troubleshoot logs, and perform many other activities.
The most common way to find text in a Linux system is using the command-line utility
grep. This utility was originally developed for the Unix operating system in the early 1970s. Grep evolved over the years, and the most common version available today for Linux, GNU grep, has additional features such as colored output. However, its main functionality is still the same.
This article covers how to use the
grep command to find text.
Find text in a file
The most basic way to use
grep is searching for text in a single file. To do this, type
grep followed by the text pattern to search for and the file name to search in. For example, to find which port the Secure Shell (SSH) daemon uses, search for
Port in file
$ grep Port /etc/ssh/sshd_config Port 22 #GatewayPorts no
grep finds all lines that match the text pattern regardless of where the pattern is located.
[ Download the Linux grep command cheat sheet. ]
Extend grep with regular expressions
In the previous example, when you searched for
Port in the SSH configuration file,
grep returned two lines. The line you were looking for, Port 22, and an additional line containing the search pattern. In some cases, that's exactly what you want. In other cases,
grep could find too many entries that you're not interested in, requiring you to sort through them to find the desired information.
To avoid that, you can use regular expressions to be more specific about what you're looking for. For example, to find only lines that start with the word
Port, you can use the regular expression operator
^, like this:
$ grep ^Port /etc/ssh/sshd_config Port 22
grep returned only the line that started with
Port since, in the second line, the expression
Port is in the middle.
You can also use extended regular expressions with the command-line parameter
-E. For example, to search for a pattern that contains the word
Port followed by numbers, use this regular expression:
$ grep -E "Port [1-9]+" /etc/ssh/sshd_config Port 22
You can also look for lines that end with a text pattern by using the
$ operator. For example, to find all lines that end with
grep like this:
$ grep none$ /etc/ssh/sshd_config #RekeyLimit default none #AuthorizedPrincipalsFile none #AuthorizedKeysCommand none #ChrootDirectory none #VersionAddendum none #Banner none
Regular expressions are a big part of
grep, making it powerful and flexible. However, regular expressions are a huge topic. For additional information, look at Regular expression on Wikipedia or Regular expressions 101.
Find text in multiple files and directories
Similar to finding text patterns in a single file, you can use
grep to find text in multiple files or directories. To find text in multiple files simultaneously, specify which files to search from after the first file name, or use a shell wildcard such as
* for all files. For example, to search for a configuration in two files:
$ grep Port /etc/ssh/sshd_config /etc/ssh/ssh_config /etc/ssh/sshd_config:Port 22 /etc/ssh/sshd_config:#GatewayPorts no /etc/ssh/ssh_config:# Port 22
When you use multiple files,
grep shows the name of the file where it found a match before showing the matched line.
[ Keep your most commonly used commands handy with the Linux commands cheat sheet. ]
To run the search recursively in multiple subdirectories, use the command line flag
$ grep -R ^Port /etc /etc/ssh/sshd_config:Port 22
grep command is fast and returns results quickly, but it may take a long time if you specify too many files or subdirectories to search.
Find text in another command's output
Similar to other Unix utilities,
grep also acts on
stdin when you pipe the output of another command into it. This is a fast and useful way to filter a command's output to match the text pattern you're looking for.
For example, if you want to check whether the package
openssh is installed in your Fedora or Red Hat Enterprise Linux (RHEL) operating system, you can pipe the output of command
rpm -qa, which lists all installed packages, into
grep to search for the pattern:
$ rpm -qa | grep ssh libssh-config-0.9.6-4.fc36.noarch libssh-0.9.6-4.fc36.x86_64 openssh-8.8p1-1.fc36.1.x86_64
You can filter long command outputs with
grep, making finding useful information easier.
[ Get the guide to installing applications on Linux. ]
Additional useful options
grep command provides many options to change how it searches for patterns or displays results. So far in this article, you've seen some of them. While I can't list all options, here are some other useful examples:
-ifor a case-insensitive search.
- Use option
-vto invert the search and display lines that do not match the pattern.
- Use option
-wto search for entire words only instead of patterns in the middle of other words.
- Use option
--colorfor colored output, making it easier to spot the matched pattern.
For a complete list of
grep options, consult the man pages.
The GNU grep utility is flexible and useful, helping you accomplish many tasks in your daily sysadmin activities. The more you use
grep, the more comfortable you will become, and soon you'll notice you're relying on it all the time.
For more information about
grep, look at some of these links:
You can also find more information about
grep in your Linux system by using
man grep or quick, valuable examples with the