When using the linux shell daily we encounter situations when we need to search specific strings in one or more archives. If you are wondering how to search in archives for different patterns or strings, this tutorial will show you how.
You might have an archived log file and you want to search for the word “error”, here’s how you can do it.
Presenting zcat:
zcat is a linux console utility that takes as input compressed data files and send to stdout the results. Used with advanced utilities like cut, grep or awk, zcat becomes a very powerful application that helps the linux system administrator to search through archived files.
Here’s an example.
[root@nyx /]# zcat httpd-log_20140821.gz | awk -F ";" '($6~"error") [Wed Aug 27 11:08:27 2014] [error] [client 91.196.46.169] PHP Warning: date_default_timezone_get(): It is not safe to rely on the system's timezone settings.
The explaining:
zcat parses httpd-log_20140821.gz, outputs the lines that have the word “error” in the 6th column of the log file.
Another example:
zcat logs_2014082* | awk -F ";" '($1=="Transaction timed out") | sort -u Alert: a Transaction timed out error was received at 2014-08-20 1:33 Alert: a Transaction timed out error was received at 2014-08-21 10:03
The explanation:
zcat parses the archived files hat start with ” logs_2014082″, searches if the 1st column contains “Transaction timed out” then sorts the output and removes duplicate lines.
Introducing zgrep.
Like the similar grep command, zgrep is a linux utility that was developed for the sole purpose of matching patters or strings inside an archived file.
Example:
zgrep error httpd.log.gz [Sat Aug 23 06:12:20 2014] [error] [client 141.8.147.29] File does not exist: /www/html/nixware.net/httpdocs/index [Sat Aug 23 06:12:21 2014] [error] [client 37.58.100.76] File does not exist: /www/html/nixware.net/httpdocs/forum
The explanation: zgrep searches the httpd.log.gz file for the “error” word and sends the output to stdout.
zmore:
– allows you to filter archived or plain text files one screen a a time. As it’s name says it does basically the same thing as more but it can search.