Join Log in
Score:0
Greg Azar avatar Server

I want to exclude specific words from the results when piping tail into grep

fi flag
Greg Azar

I am using "tail -f /var/log/fail2ban.log -f /var/log/ufw.log | grep -e Ban -e BLOCK -e ALLOW" (without the quotes) and it is working but I want to exclude the results that have the words UDP and ICMP in them. When I try "tail -f /var/log/fail2ban.log -f /var/log/ufw.log | grep -e Ban -e BLOCK -e ALLOW -v UDP -v ICMP" I get an error "grep: UDP: No such file or directory" It seems as though using -v to exclude words does not work when piping.

enter image description here

54
2 + 0
Score:0
Greg Azar avatar Server
fi flag
Greg Azar

I have a work-around for this using 2 ssh sessions I pipe the results of the first grep statement into a file and then in the 2nd ssh session I tail the results piped into grep. (1st ssh session) - tail -f /var/log/fail2ban.log -f /var/log/ufw.log | grep -v ICMP >/home/user/staging (2nd ssh session) - tail -f /home/user/staging | grep -e ALLOW -e BLOCK a bit unconventional but it works.

0 + 1
Score:0
Angel Porlan avatar Server
vn flag
Angel Porlan

You can just pipe the first output to another grep and use it as another "filter" like:

tail -f /var/log/fail2ban.log -f /var/log/ufw.log | grep "Ban\|BLOCK\|ALLOW" | grep -v "UDP\|ICMP"

Note that grep can stack different strings even regex when you use double quotes separating it by a pipe "|" but you should scape the character with "\" to not get weird things.

The -v parameter literally says in man

-v, --invert-match Invert the sense of matching, to select non-matching lines.

So it seems to just invert the match you determine, so you cannot parametrize it.

Like in you see in the synopsis you can give 3 types of parameters. Options, a pattern and a file.

Options are a whole always start with - or -- and you can put a bunch of them.

You can determine a single pattern or a specific type of pattern with -e or -f or withouth anithing.

And always the last should be the file/s or directory (Directories needs -R parameter to recurse them or you can just put directory/*). if not specified it will try to read the stdin like you are doing.

   SYNOPSIS
   grep [OPTION...] PATTERNS [FILE...]
   grep [OPTION...] -e PATTERNS ... [FILE...]
   grep [OPTION...] -f PATTERN_FILE ... [FILE...]

Anyway this is already answered in a more basic way

0 + 2
Greg Azar avatar
fi flag
Greg Azar
Your solution makes sense, it's logical and reasonable but when I tried it I got no results and no error. Just a prompt.
0
Reply
Angel Porlan avatar
vn flag
Angel Porlan
Then you should check if you really aren't getting desired matches and adjust the filter.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.