Regular Expressions with grep

Intermediate Linux Fundamentals
grepegrepgrep -Egrep -Pregex

Objective

Write regular expressions to match, filter, and extract text patterns using grep and its extended/Perl-compatible modes.

Tools & Technologies

  • grep
  • egrep
  • grep -E
  • grep -P
  • regex

Key Commands

grep -E '^[0-9]{1,3}(\.[0-9]{1,3}){3}$' file
grep -rn 'ERROR' /var/log/
grep -v '^#' /etc/ssh/sshd_config
grep -oP '(?<=user=)\w+'

Architecture Overview

flowchart TD INPUT[Input Stream] --> PATTERN{Regex Pattern\nMatches?} PATTERN -->|Yes| PRINT[Print Line] PATTERN -->|No| SKIP[Skip Line] PRINT --> NEXT[Next Line] SKIP --> NEXT NEXT -->|more lines| PATTERN NEXT -->|EOF| DONE[Done] style PATTERN fill:#1a1a2e,stroke:#00d4ff,color:#e0e0e0 style PRINT fill:#1a1a2e,stroke:#00ff88,color:#e0e0e0

Step-by-Step Process

01
Basic Patterns

Anchors, character classes, and quantifiers form the core of regex.

# Anchors
grep '^root' /etc/passwd   # starts with root
grep 'bash$' /etc/passwd   # ends with bash

# Character classes
grep '[0-9]' file          # any digit
grep '[a-zA-Z]' file       # any letter
grep '[^#]' config         # NOT a #

# Quantifiers
grep 'o*' file   # zero or more o
grep 'o+' file   # one or more (needs -E)
grep 'o?' file   # zero or one (needs -E)
02
Useful grep Flags

grep's flags dramatically extend its usefulness.

grep -i 'error' log       # case insensitive
grep -n 'TODO' *.py        # show line numbers
grep -r 'password' /etc/   # recursive
grep -l 'pattern' files    # files only, not lines
grep -v '^#' sshd_config   # invert match
grep -c 'ERROR' app.log    # count matches
grep -A3 'FAIL' log        # 3 lines after
grep -B2 'FAIL' log        # 2 lines before
grep -C2 'FAIL' log        # 2 lines context
03
Extended Regex (-E)

Extended regex adds |, +, ?, and () grouping without backslash escaping.

grep -E 'cat|dog' file        # alternation
grep -E 'colou?r' file        # optional u
grep -E '[0-9]{3}-[0-9]{4}'   # phone numbers
grep -E '^(WARN|ERROR|CRIT)'  # log levels
04
Practical Examples

Real-world grep one-liners for sysadmin and development work.

# Find failed SSH logins
grep 'Failed password' /var/log/auth.log

# Extract IP addresses
grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' access.log

# Active listening ports
ss -tuln | grep LISTEN

# Find files with TODOs
grep -rn 'TODO\|FIXME\|HACK' src/

Challenges & Solutions

  • Regex syntax differs between BRE (grep), ERE (grep -E), and PCRE (grep -P)
  • grep -r on / will take forever and error on /proc — add --exclude-dir

Key Takeaways

  • grep -P enables Perl-compatible regex including lookaheads and named groups
  • Always quote regex patterns to prevent shell glob expansion