Searching an IP address with regular expressions

Ok, I have to go trough some log on a unix/linux syslog machine and I want to go through a bunch of log files.

Now if i want to look specifically for ip 192.168.1 What command should I use?

There are some *.gz files, so the command I use is:
zcat testfirewall-2014-04-* | grep 192.168.1

This however give me hits which are not exaclty matching my IP address.

Find more posts tagged with

SAVE $250 on Your CompTIA Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CompTIA Boot Camps

Comments

Kinet1c

Are you looking for one specific host or many hosts on a network?

The search you have provided is leaving out the last octet of the host address so you will only receive address using the 192.168.1.0 network.

FrankGuthrie

Kinet1c wrote: »

Are you looking for one specific host or many hosts on a network?

The search you have provided is leaving out the last octet of the host address so you will only receive address using the 192.168.1.0 network.

Good catch.

I changed it to: zcat testfirewall-2014-04-* | grep 192.168.1.*

The problem is that its not matching the whole IP address string. but it look like the dots (.) are seprating the numbers. So I get hits on each individal number: 192, 168 and 1. How can I make it that it only searches for 192.168.1.* as a whole?

Using "" in front and back of the IP adress does also not work....

Kinet1c

When I run the following: cat messages | grep 192.168.1.20 .... I get that specific IP address.

Edit: are you sure the formatting in the files have the network address in the format 192.168.1.20 as opposed to 192. 168. 1. 20 ?