Searching for a program like tail or less which let me view my logs without lines that contain a certain string. For example view my syslog without UFW ([UFW BLOCK]) entry lines.
Asked
Active
Viewed 8,080 times
14
-
While it's not easy to provide a solution to your exact problem description with this feature, you might be interested to know that `less` offers the possibility to filter the displayed lines after a regex pattern. You can use this feature by typing `&` followed by the pattern, and you can revert it by typing `&` alone. – Aaron Jul 27 '17 at 14:00
5 Answers
13
The pattern match inversion option -v for grep is really helpful for this:
grep -v 'UFW BLOCK' /var/log/syslog
This will show you all lines not containing UFW BLOCK. As grep uses basic regular expressions by default, the inclusion of the brackets will make it search for any of the individual characters of 'UFW BLOCK' including the space. You'll probably end up with no output. If you need to ensure that there are brackets around the string, either escape them \[UFW BLOCK\], or use the -F option of grep to only include fixed strings (Thanks to Zanna and Steeldriver for the advice on this):
grep -Fv '[UFW BLOCK]' /var/log/syslog
You can make it easier to view by piping the output to a pager like less:
grep -v 'UFW BLOCK' /var/log/syslog | less
Or redirect the output to a file in your home directory for later viewing:
grep -v 'UFW BLOCK' /var/log/syslog > ~/filtered_syslog
Arronical
- 19,653
- 18
- 73
- 128
-
2You can also use the `fgrep` command which is equivalent to `grep -F` . – Tulains Córdova Jul 28 '17 at 05:40
-
2@TulainsCórdova grep's man says that "Direct invocation as either egrep or fgrep is deprecated, but is provided to allow historical applications that rely on them to run unmodified". I don't know if they will ever act on this deprecation, but I guess using these commands isn't best practice – Aaron Jul 28 '17 at 12:21
11
With less command's & option it's possible to filter out to display only desired matched pattern as below,
& /PATTERN/
in your case if you want filter lines with UFW BLOCK to don't display in output, you could simply use &! as below:
&! /UFW BLOCK/
αғsнιη
- 35,092
- 41
- 129
- 192
5
You can also use sed's d command to delete the lines with the pattern from the stream:
sed '/\[UFW BLOCK\]/d' /var/log/syslog
We escape [] as normally they denote a character class, meaning "match anything inside here"
Zanna
- 69,223
- 56
- 216
- 327
5
You can use any tool with editing capabilities. You've already been given solutions using grep and sed, here are a few other choices. All of these can easily be piped to less or more or anything else.
Perl
perl -ne 'print unless /\[UFW BLOCK\]/' /var/log/syslogSince this is Perl, TIMTOWDI!.
perl -pe '$_="" if /\[UFW BLOCK\]/' /var/log/syslog perl -ne '/\[UFW BLOCK\]/ || print' /var/log/syslog perl -ne 'print if !/\[UFW BLOCK\]/' /var/log/syslog perl -ne '!/\[UFW BLOCK\]/ && print' /var/log/syslog perl -ne '/\[UFW BLOCK\]/ ? "" : print' /var/log/syslogawk
awk '!/\[UFW BLOCK\]/' file
terdon
- 98,183
- 15
- 197
- 293
2
You can use awk too:
awk '!/PATTERN/' log
I use it when I've got more than of one "pattern" and I don't want to use two grep like:
... | grep -v foo | grep -v bar
which the syntax is:
awk '!/PATTERN/ && !/PATTERN2/' log
Ravexina
- 54,268
- 25
- 157
- 179
-
"I use it when I've got more than of one "pattern" and I don't want to use two grep like"------ `grep -Ev "foo|bar"`? – αғsнιη Jul 27 '17 at 13:32
-
You can also use `-e` to define multiple patterns. `grep -v -e 'foo' -e 'bar'` – Arronical Jul 27 '17 at 13:40
-
@AFSHIN (Don't know how my comment get removed), I meant for a logical and not or ;) – Ravexina Jul 27 '17 at 15:13