grep — Search Inside Files in Linux
Introduction
grep is one of the most fundamental and powerful text-search tools in Linux. It scans files or input streams for matching text patterns and prints the lines that contain those matches.
Tool Snapshot
- Core Function: Universal text pattern matching through content scanning.
- Primary Benefit: Ubiquitous availability and seamless integration with Linux pipes.
- Where to Use: Log debugging, searching within specific files, and basic pattern matching.
- Logic: Reads file contents directly or from stdin.
Unlike locate or fd, which search by filename, grep searches inside file contents.
It is commonly used for:
- Log analysis
- WordPress debugging
- Configuration inspection
- SQL dump review
- Malware scanning
- Automation and scripting
grep works efficiently on large text files and integrates seamlessly with pipelines.
Prerequisites
- Linux VPS (Ubuntu or similar)
- Basic understanding of file paths (
/var/log/,/var/www/html/) - Familiarity with text files (PHP, logs, configs, SQL dumps)
- WordPress environment (for practical examples)
Syntax & Expression Rules
The command follows a logical structure that reads almost like a sentence:
grep [OPTION] PATTERN [FILE...]
[OPTION]: Flags to modify behavior (e.g.,-ifor ignore case,-rfor recursive).[PATTERN]: The text or regex to search for.[FILE]: One or more files to search (if omitted, reads from stdin).
Pattern Types
PATTERN may be plain text or regular expression.
Plain Text
grep "index.php" wp-config.php
Matches exact text.
Case-Insensitive Search
grep -i "error" error.log
Fixed String (No Regex Interpretation)
grep -F "a+b" file.txt
Treats special characters literally.
Basic Regex (Default)
| Pattern | Meaning |
|---|---|
| - | - |
. | Any single character |
* | Zero or more of previous character |
[] | Character class |
[^] | Negated class |
^ | Start of line |
$ | End of line |
Extended Regex (-E)
grep -E "cat|dog" file.txt
Adds support for:
|+?()
Perl-Compatible Regex (-P)
grep -P "\d{4}-\d{2}-\d{2}" error.log
Supports:
\d,\w,\s- Lookaheads/lookbehinds
- Advanced repetition
Availability depends on system build.
Core Options
Basic Matching
| Option | Description |
|---|---|
| -- | |
-i | Ignore case |
-v | Invert match |
-w | Match whole word |
-x | Match entire line |
Output Control
| Option | Description |
|---|---|
| -- | |
-n | Show line numbers |
-H | Show filename |
-h | Hide filename |
-c | Count matches |
-o | Print only matching text |
-q | Quiet mode (exit code only) |
--color=auto | Highlight matches |
Context Control
| Option | Description |
|---|---|
| -- | |
-A NUM | Show NUM lines after match |
-B NUM | Show NUM lines before match |
-C NUM | Show NUM lines around match |
Recursive & File Filters
| Option | Description |
|---|---|
| - | |
-r | Recursive search |
-R | Recursive + follow symlinks |
--include=GLOB | Include matching files only |
--exclude=GLOB | Exclude files |
--exclude-dir=DIR | Exclude directory |
-m NUM | Stop after NUM matches |
--text | Treat binary as text |
Working with Files
Single File
grep "define" wp-config.php
Multiple Files
grep "index" *.php
Recursive Directory Search
grep -r "pattern" wp-content/
Recursive with File Filter
grep -r --include="*.php" "add_action" wp-content/
Exclude Directory
grep -r --exclude-dir=cache "define" wp-content/
Piped Input
cat error.log | grep "error"
Pattern List from File
grep -f patterns.txt file.txt
WordPress / VPS Examples
1. Search WordPress config
grep "define" wp-config.php
2. Case-insensitive log search
grep -i "error" /var/log/nginx/error.log
3. Count total errors
grep -c "error" error.log
4. Show line numbers
grep -n "DB_USER" wp-config.php
5. Whole-word match
grep -w "admin" users.txt
6. Invert match
grep -v "cache" plugins.txt
7. Match start of line
grep "^define" wp-config.php
8. Match end of line
grep "php$" filelist.txt
9. Recursive plugin scan
grep -r "wp_enqueue_script" wp-content/
10. Extract URLs only
grep -o "https://[a-zA-Z0-9./]*" index.php
11. Show context after match
grep -A2 "DB_NAME" wp-config.php
12. Show context around match
grep -C1 "DB_NAME" wp-config.php
13. Quiet check for automation
grep -q "DB_PASSWORD" wp-config.php && echo "Found"
14. Malware scan for eval usage
grep -r "eval(" wp-content/plugins/
15. Stop after first match
grep -m1 "error" error.log
16. Force text mode
grep --text "php" backup.img
Benefits
- Fast text searching inside files
- Powerful regex support
- Works seamlessly with pipelines
- Essential for debugging and auditing
- Lightweight and universally available
Best Practices
- Use
-iwhen case does not matter. - Use
-rwith--includeto limit search scope. - Combine with
lessfor large outputs:
grep "error" log.txt | less
- Use
-qin scripts for silent checks. - Use
-Ffor literal strings to improve performance. - Add
--color=autofor easier visual scanning.
Troubleshooting Matrix
| Problem | Cause | Solution |
|---|---|---|
| -- | - | |
| No results | Case mismatch | Add -i |
| Too many results | Broad pattern | Use -w or refine regex |
| Slow performance | Large directory tree | Add --include filter |
| No line numbers in pipe | Output to non-TTY | Add -nH |
| Binary file warnings | File treated as binary | Use --text |
Cheat Sheet
grep "pattern" file.txt
grep -i "error" error.log
grep -n "define" wp-config.php
grep -r "pattern" dir/
grep -c "error" log.txt
grep -A2 "pattern" file.txt
grep -o "https://.*" file.txt
grep --color=auto "error" log.txt
Mini Quiz
- What does
grep -ido? - How do you search recursively only in
.phpfiles? - What is the difference between
-vand-w? - How do you display 3 lines after a match?
- Which option prints only the matched text?