shell stuff: highlight matches within files

Sometimes one has to deal with a number of log files where you want to see all the logging lines as they occur, but also highlight certain arbitrary strings within those files.

Say for example, you want to (almost) realtime monitor the following log files:

/var/log/daemon.log
/var/log/auth.log
/var/log/secure.log

The easiest way to monitor those files is to use tail:

% tail -f /var/log/daemon.log /var/log/auth.log /var/log/fooapp.log

Now imagine that you want to highlight certain important keyword as they occur in one of those files. grep will not work in that case because it only displays the lines containing found matches and omits the rest.

So, if you want to see all lines as they appear in the logs and highlight the matches for arbitrary patterns, you can use the small ack tool. Depending on your distribution the tool may have various names, for the distributions used here (Mandriva, debian) installation is simple:

for Mandriva: % urpmi ack
for debian: % apt-get install ack-grep

To highlight something, you can use the –passthru parameter:
% tail -f /var/log/daemon.log /var/log/auth.log /var/log/fooapp.log | ack –passthru attack

==> /var/log/daemon.log <==
Feb 5 15:08:14 artio fooapp: starting up
Feb 5 15:08:27 artio dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port 67

Feb 5 15:10:14 artio fooapp: attack in progress, blocking access

==> /var/log/auth.log <==
Feb 5 15:08:14 artio sshd: pam_tcp: login successfull
Feb 5 15:09:36 artio su: pam_tcb(su:auth): Authentication passed for root from fred(uid=500)
Feb 5 15:10:14 artio fooapp: pam_iris: attack detected

==> /var/log/fooapp.log <==
Feb 5 15:08:14 artio fooapp: FooApp Version 1.27b initializing
Feb 5 15:08:14 artio fooapp: starting up
Feb 5 15:08:14 artio fooapp: loaded the following modules:
Feb 5 15:08:14 artio fooapp: * mod_attack
Feb 5 15:08:14 artio fooapp: * mod_strike
Feb 5 15:08:14 artio fooapp: * mod_block
Feb 5 15:08:14 artio fooapp: up and running
Feb 5 15:10:14 artio fooapp: attack in progress, blocking access

Other than that, ack is quite similar to “ordinary” grep.

Spread the love

Leave a Reply

2 Comments on "shell stuff: highlight matches within files"

avatar
  Subscribe  
newest oldest most voted
Notify of
Andy Lester
Guest

I suggest that ack is similar to ordinary grep, but with many tricks for programmers that make it an ideal text searching tool. See http://betterthangrep.com/

thesel
Guest

wow, the “top 10 reasons to use ack” on that site look impressive, indeed!

Just ack’s ability to exclude binaries from the search makes it work dropping grep instantly.

I wish I had come across this tool earlier 🙂

Post Navigation