I built precise extended regular expressions with grep to extract IPs, error codes, and tokens from logs and source. Anchoring patterns and using character classes turned broad, false-positive-heavy searches into exact matches.

Objective & Context

Regex is the universal text-matching language across grep, sed, and code. This lab develops ERE fluency – anchors, classes, quantifiers, and groups – the precision tool behind log triage and the Python string lab.

Environment & Prerequisites

  • Linux with GNU grep (supports -E and -P).
  • Sample logs containing IPs and status codes.
  • A regex reference for ERE syntax.

Step-by-Step Execution

1. Match IPv4 addresses

grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' access.log | sort -u

2. Anchor to whole-line status codes

grep -E ' (4[0-9]{2}|5[0-9]{2}) ' access.log

3. Case-insensitive context search

grep -iC2 'failed password' /var/log/auth.log
203.0.113.45
198.51.100.7

Validation & Testing

Run the IP and status-code patterns against a known log and confirm matches against a manual count, checking for false positives. Pass criteria: patterns match exactly the intended tokens with anchors preventing partial or stray matches.

Advanced: Troubleshooting
  • Too many matches: anchor with ^/$ or word boundaries to tighten scope.
  • BRE vs ERE: use -E for +/?/| without backslashes.
  • Greedy capture: grep is line-oriented; for multiline or lazy matching use -P (PCRE).

Key Results

  • Extracted unique IPs from logs with one anchored pattern.
  • Isolated 4xx/5xx errors precisely with alternation.
  • Reduced false positives by anchoring and using classes.
  • Built reusable patterns shared with the sed/awk lab.