I am using "tail -f /var/log/fail2ban.log -f /var/log/ufw.log | grep -e Ban -e BLOCK -e ALLOW" (without the quotes) and it is working but I want to exclude the results that have the words UDP and ICMP in them. When I try "tail -f /var/log/fail2ban.log -f /var/log/ufw.log | grep -e Ban -e BLOCK -e ALLOW -v UDP -v ICMP" I get an error "grep: UDP: No such file or directory" It seems as though using -v to exclude words does not work when piping.
Asked
Active
Viewed 402 times
2 Answers
0
You can just pipe the first output to another grep and use it as another "filter" like:
tail -f /var/log/fail2ban.log -f /var/log/ufw.log | grep "Ban\|BLOCK\|ALLOW" | grep -v "UDP\|ICMP"
Note that grep can stack different strings even regex when you use double quotes separating it by a pipe "|" but you should scape the character with "\" to not get weird things.
The -v parameter literally says in man
-v, --invert-match Invert the sense of matching, to select non-matching lines.
So it seems to just invert the match you determine, so you cannot parametrize it.
Like in you see in the synopsis you can give 3 types of parameters. Options, a pattern and a file.
Options are a whole always start with - or -- and you can put a bunch of them.
You can determine a single pattern or a specific type of pattern with -e or -f or withouth anithing.
And always the last should be the file/s or directory (Directories needs -R parameter to recurse them or you can just put directory/*). if not specified it will try to read the stdin like you are doing.
SYNOPSIS
grep [OPTION...] PATTERNS [FILE...]
grep [OPTION...] -e PATTERNS ... [FILE...]
grep [OPTION...] -f PATTERN_FILE ... [FILE...]
Anyway this is already answered in a more basic way
Angel Porlan
- 80
- 8
-
Your solution makes sense, it's logical and reasonable but when I tried it I got no results and no error. Just a prompt. – Greg Azar Sep 07 '21 at 10:41
-
Then you should check if you really aren't getting desired matches and adjust the filter. – Angel Porlan Sep 07 '21 at 10:46
0
I have a work-around for this using 2 ssh sessions I pipe the results of the first grep statement into a file and then in the 2nd ssh session I tail the results piped into grep. (1st ssh session) - tail -f /var/log/fail2ban.log -f /var/log/ufw.log | grep -v ICMP >/home/user/staging (2nd ssh session) - tail -f /home/user/staging | grep -e ALLOW -e BLOCK a bit unconventional but it works.
Greg Azar
- 1
- 2
-
Please add further details to expand on your answer, such as working code or documentation citations. – Community Sep 08 '21 at 18:30