Sign in Subscribe
Linux

Linux Up Skill - Day 8

David Buhlman

2 min read
Linux Up Skill - Day 8
Photo by Roman Synkevych / Unsplash

Took a quick break and now I’m back to catching up. They posted lesson 11 yesterday so I’m not too far behind anymore. On to lesson eight of the Linux Up Skill Challenge. Today’s lesson is called “The infamous ‘grep’ and other text processors.” It looks like we are going to start looking into the logs being generated on the server. It looks like we’ll be using grep, cat, more, less, cut, awk, and tail. I’ve used some of these in the past but never in depth so it’ll be great to dig into them some more today. Today’s tasks

  • Dump out the complete contents of a file with cat.
  • Use less to open the same file.
  • Using less, look at a file, but practice moving around with gg, GG, /, n, and N.
  • View recent logins and sudo usage.
  • Look at the tail end of the file with tail.
  • Follow a log in real time with tail -f.
  • Take the output of one command and pipe it in as the input to another.
  • Use the cut command to select out most interesting portions of each line.
  • Use the -v option to invert the selection.

Let’s go! Starting by dumping out the complete contents of a file. cat /var/log/apache2/access.log. Then do the same with less, less /var/log/apache2/access.log. I do some practice moving around the file with less commands.

Next is viewing recent log ins with less. less /var/log/auth.log. Then with tail I can see just the end of a file. How cool! tail /var/log/apache2/access.log. tail -f /var/log/apache2/access.log allows me to follow along in real time.

Next we’re going to work with piping. cat /var/log/auth.log | grep "authenticating" actually returns nothing. I’m guessing because these lessons assume you have a cloud machine open to the internet that would be getting probed by others. So I’ll modify the command a bit to get an example, cat /var/log/auth.log | grep "root" returns a number of entries from when I was running sudo. This can be simplified to grep "root" /var/log/auth.log. I have to modify the next command in the lesson a little due to my previous modification. grep "root" /var/log/auth.log | grep "CRON" gives me just a list of CRON running.

We touch on some grep switches such as -f, -d, and -v. Then talk about using the operator > to redirect the output of a command to a file. It’s interesting the lesson is dependent on unscrupulous people attempting to access your server to fill the logs to play with. Not something I’m willing to do right now but shouldn’t be a big deal for me to complete the lessons. I may just have to get creative with what I parse against.