Searching an IP address with regular expressions

FrankGuthrie · April 2014

Ok, I have to go trough some log on a unix/linux syslog machine and I want to go through a bunch of log files.

Now if i want to look specifically for ip 192.168.1 What command should I use?

There are some *.gz files, so the command I use is:
zcat testfirewall-2014-04-* | grep 192.168.1

This however give me hits which are not exaclty matching my IP address.

Kinet1c · April 2014

Are you looking for one specific host or many hosts on a network?

The search you have provided is leaving out the last octet of the host address so you will only receive address using the 192.168.1.0 network.

FrankGuthrie · April 2014

Kinet1c wrote: »

Are you looking for one specific host or many hosts on a network?

The search you have provided is leaving out the last octet of the host address so you will only receive address using the 192.168.1.0 network.

Good catch.

I changed it to: zcat testfirewall-2014-04-* | grep 192.168.1.*

The problem is that its not matching the whole IP address string. but it look like the dots (.) are seprating the numbers. So I get hits on each individal number: 192, 168 and 1. How can I make it that it only searches for 192.168.1.* as a whole?

Using "" in front and back of the IP adress does also not work....

Kinet1c · April 2014

When I run the following: cat messages | grep 192.168.1.20 .... I get that specific IP address.

Edit: are you sure the formatting in the files have the network address in the format 192.168.1.20 as opposed to 192. 168. 1. 20 ?

Searching an IP address with regular expressions

Comments