1
00:00:06,570 --> 00:00:09,810
- In this video, you are going
to meet your new best friend,

2
00:00:09,810 --> 00:00:11,520
the grep utility.

3
00:00:11,520 --> 00:00:12,540
I'm not kidding.

4
00:00:12,540 --> 00:00:16,890
Grep is one of the most
useful utilities in Linux.

5
00:00:16,890 --> 00:00:19,200
But why? Well, that is because grep

6
00:00:19,200 --> 00:00:21,690
is what you use to find text.

7
00:00:21,690 --> 00:00:25,830
You can use find text using
strings or regular expressions,

8
00:00:25,830 --> 00:00:28,470
which are special patterns
that we'll discuss

9
00:00:28,470 --> 00:00:29,700
in the next lesson.

10
00:00:29,700 --> 00:00:31,590
And you can find text in files,

11
00:00:31,590 --> 00:00:35,435
as well as using a pipe in command output.

12
00:00:35,435 --> 00:00:36,870
And grep, seriously, is one

13
00:00:36,870 --> 00:00:39,360
of the most important tools on Linux.

14
00:00:39,360 --> 00:00:41,493
You will be using it so often.

15
00:00:42,510 --> 00:00:43,890
Let's have a look at two examples.

16
00:00:43,890 --> 00:00:45,553
If you would to "grep linda *",

17
00:00:46,590 --> 00:00:47,520
that's a basic use

18
00:00:47,520 --> 00:00:49,620
where you will search the text "linda"

19
00:00:49,620 --> 00:00:52,440
in all files in the current directory.

20
00:00:52,440 --> 00:00:54,120
And you can use it in a pipe,

21
00:00:54,120 --> 00:00:57,300
as in "ps aux | grep http",

22
00:00:57,300 --> 00:00:58,260
which uses a pipe

23
00:00:58,260 --> 00:01:01,020
to show all lines that
contain the text "http"

24
00:01:01,020 --> 00:01:02,433
in the output of PS.

25
00:01:03,270 --> 00:01:04,920
For advanced grep use,

26
00:01:04,920 --> 00:01:07,800
regular expressions can be
used to match file patterns.

27
00:01:07,800 --> 00:01:10,380
We'll discuss that in the next lesson.

28
00:01:10,380 --> 00:01:14,160
For now, we need to
understand the basic grep use.

29
00:01:14,160 --> 00:01:15,540
So let's first talk about some

30
00:01:15,540 --> 00:01:17,073
of the most useful options.

31
00:01:18,360 --> 00:01:22,530
To start with, there's minus
i. Minus i is to ignore case.

32
00:01:22,530 --> 00:01:24,420
So if you're looking for
"linda", you don't know

33
00:01:24,420 --> 00:01:26,550
if you created "linda" with an uppercase L

34
00:01:26,550 --> 00:01:28,620
or not, use minus i.

35
00:01:28,620 --> 00:01:30,690
Minus v is convenient.

36
00:01:30,690 --> 00:01:34,080
It will exclude a pattern.

37
00:01:34,080 --> 00:01:37,260
Minus l lists files
that contain a pattern,

38
00:01:37,260 --> 00:01:39,300
without showing matching lines.

39
00:01:39,300 --> 00:01:42,240
And then we have a couple of options,

40
00:01:42,240 --> 00:01:45,630
minus A5, minus B5, minus C5,

41
00:01:45,630 --> 00:01:49,800
to show you also the lines
before and the lines after.

42
00:01:49,800 --> 00:01:54,800
And minus C, is for combined
minus A as well as minus B.

43
00:01:55,080 --> 00:01:59,460
And grep minus R, we are
recursively search for a pattern.

44
00:01:59,460 --> 00:02:01,010
Let me show you how this works.

45
00:02:04,200 --> 00:02:09,200
All right, let me start with
"sudo grep linda /etc/*",

46
00:02:09,510 --> 00:02:11,880
which will look in "*" in "etc"

47
00:02:11,880 --> 00:02:15,240
to see if there is occurrence
of the text "linda".

48
00:02:15,240 --> 00:02:16,290
There we go.

49
00:02:16,290 --> 00:02:19,080
And oh boy, I'm getting a lot of messages.

50
00:02:19,080 --> 00:02:23,190
Like, "Is a directory" and whatever else.

51
00:02:23,190 --> 00:02:25,470
That is one side effect of grep.

52
00:02:25,470 --> 00:02:27,870
If it finds a file that is a directory,

53
00:02:27,870 --> 00:02:29,880
it'll tell you, "Hey, I have directory."

54
00:02:29,880 --> 00:02:30,810
I don't wanna see this.

55
00:02:30,810 --> 00:02:33,420
So I'm using "2>/dev/null".

56
00:02:33,420 --> 00:02:36,810
We've already seen that
this is redirecting errors

57
00:02:36,810 --> 00:02:39,540
to the null device, which
makes you don't see them.

58
00:02:39,540 --> 00:02:41,010
And here we see the result.

59
00:02:41,010 --> 00:02:43,230
In the result, it starts with a file name,

60
00:02:43,230 --> 00:02:45,780
and after the file name,
you see the matching line.

61
00:02:46,650 --> 00:02:48,870
If you don't want to
see the matching line,

62
00:02:48,870 --> 00:02:50,190
and just the file name,

63
00:02:50,190 --> 00:02:53,130
you can also consider using "grep -l".

64
00:02:53,130 --> 00:02:56,490
Grep minus l is filtering out

65
00:02:56,490 --> 00:02:57,393
all of this.

66
00:02:58,560 --> 00:02:59,460
Right.

67
00:02:59,460 --> 00:03:00,670
Another use is

68
00:03:01,844 --> 00:03:02,677
"ps aux

69
00:03:03,910 --> 00:03:05,550
| grep

70
00:03:05,550 --> 00:03:07,350
http".

71
00:03:07,350 --> 00:03:08,190
The use case?

72
00:03:08,190 --> 00:03:10,920
I wanna know if my HTTP
server is up and running,

73
00:03:10,920 --> 00:03:13,770
so I'm using "ps aux", and what do we get?

74
00:03:13,770 --> 00:03:15,480
Well, we get a result.

75
00:03:15,480 --> 00:03:17,340
And the fact that we get a result

76
00:03:17,340 --> 00:03:20,550
is maybe not what you want to occur.

77
00:03:20,550 --> 00:03:24,960
You can see in the result
"grep --color=auto http".

78
00:03:24,960 --> 00:03:26,580
This is my grep command.

79
00:03:26,580 --> 00:03:27,690
In case you are wondering

80
00:03:27,690 --> 00:03:30,420
where does this "--color" come from?

81
00:03:30,420 --> 00:03:32,580
Well, that's a shell
setting that automatically

82
00:03:32,580 --> 00:03:35,700
showing you colors in grep
to make it more usable.

83
00:03:35,700 --> 00:03:37,410
We'll talk about that later.

84
00:03:37,410 --> 00:03:39,420
But the thing is, if I am checking

85
00:03:39,420 --> 00:03:42,630
if HTTP is up or running, or not,

86
00:03:42,630 --> 00:03:45,510
then I don't wanna see the
grep command in the result.

87
00:03:45,510 --> 00:03:48,330
I just wanna see whether
or not HTTP is running.

88
00:03:48,330 --> 00:03:51,510
So I want to exclude lines

89
00:03:51,510 --> 00:03:53,707
that contain the text "grep",

90
00:03:53,707 --> 00:03:54,540
"grep -v

91
00:03:56,397 --> 00:03:57,450
grep".

92
00:03:57,450 --> 00:03:58,447
And in case you are thinking,

93
00:03:58,447 --> 00:04:00,870
"Hey Sanor, can't you
read that for yourself,

94
00:04:00,870 --> 00:04:01,703
that this is wrong?"

95
00:04:01,703 --> 00:04:03,090
Of course I can read it,

96
00:04:03,090 --> 00:04:06,420
but if you use it like this,
then we can automate it.

97
00:04:06,420 --> 00:04:08,850
I mean, you can write a shell script

98
00:04:08,850 --> 00:04:10,860
and in that shell script,
you can do something

99
00:04:10,860 --> 00:04:12,720
if HTTP is not running.

100
00:04:12,720 --> 00:04:14,700
And then really, you need the grep command

101
00:04:14,700 --> 00:04:17,433
to produce the proper result.

102
00:04:18,540 --> 00:04:20,263
Right, so more, "grep -A5

103
00:04:23,364 --> 00:04:26,910
linda /etc/passwd",

104
00:04:26,910 --> 00:04:30,060
which is showing us the five lines after.

105
00:04:30,060 --> 00:04:32,370
Apparently there are no five lines after.

106
00:04:32,370 --> 00:04:34,290
How about minus B5?.

107
00:04:34,290 --> 00:04:37,920
There it is working,
the five lines before.

108
00:04:37,920 --> 00:04:40,927
So I guess we should be using "grep -A3"

109
00:04:43,740 --> 00:04:47,580
on "tcpdump" in "/etc/passwd".

110
00:04:47,580 --> 00:04:50,910
So "tcpdump", so that
at least you can see,

111
00:04:50,910 --> 00:04:53,700
that the lines after is working as well.

112
00:04:53,700 --> 00:04:56,640
And how about we make that "C3"?

113
00:04:56,640 --> 00:04:59,700
Then we see the lines
before and the lines after.

114
00:04:59,700 --> 00:05:00,780
Is that useful?

115
00:05:00,780 --> 00:05:02,760
Well, not so very much in this case,

116
00:05:02,760 --> 00:05:05,187
but if you are going to look
for configuration files,

117
00:05:05,187 --> 00:05:07,140
and in the configuration files

118
00:05:07,140 --> 00:05:09,150
you want to see

119
00:05:09,150 --> 00:05:12,510
the lines just before the
line that you are looking for,

120
00:05:12,510 --> 00:05:15,360
this can be really convenient.

121
00:05:15,360 --> 00:05:18,360
For now, that's all I want
to show you about grep.

122
00:05:18,360 --> 00:05:21,010
But we will be grepping some
more in the next lesson.