Searching for a program like tail or less which let me view my logs without lines that contain a certain string. For example view my syslog without UFW ([UFW BLOCK]) entry lines.
5 Answers
The pattern match inversion option -v for grep is really helpful for this:
grep -v 'UFW BLOCK' /var/log/syslogThis will show you all lines not containing UFW BLOCK. As grep uses basic regular expressions by default, the inclusion of the brackets will make it search for any of the individual characters of 'UFW BLOCK' including the space. You'll probably end up with no output. If you need to ensure that there are brackets around the string, either escape them \[UFW BLOCK\], or use the -F option of grep to only include fixed strings (Thanks to Zanna and Steeldriver for the advice on this):
grep -Fv '[UFW BLOCK]' /var/log/syslogYou can make it easier to view by piping the output to a pager like less:
grep -v 'UFW BLOCK' /var/log/syslog | lessOr redirect the output to a file in your home directory for later viewing:
grep -v 'UFW BLOCK' /var/log/syslog > ~/filtered_syslog 2 You can also use sed's d command to delete the lines with the pattern from the stream:
sed '/\[UFW BLOCK\]/d' /var/log/syslogWe escape [] as normally they denote a character class, meaning "match anything inside here"
You can use any tool with editing capabilities. You've already been given solutions using grep and sed, here are a few other choices. All of these can easily be piped to less or more or anything else.
Perl
perl -ne 'print unless /\[UFW BLOCK\]/' /var/log/syslogSince this is Perl, TIMTOWDI!.
perl -pe '$_="" if /\[UFW BLOCK\]/' /var/log/syslog perl -ne '/\[UFW BLOCK\]/ || print' /var/log/syslog perl -ne 'print if !/\[UFW BLOCK\]/' /var/log/syslog perl -ne '!/\[UFW BLOCK\]/ && print' /var/log/syslog perl -ne '/\[UFW BLOCK\]/ ? "" : print' /var/log/syslogawk
awk '!/\[UFW BLOCK\]/' file
With less command's & option it's possible to filter out to display only desired matched pattern as below,
& /PATTERN/in your case if you want filter lines with UFW BLOCK to don't display in output, you could simply use &! as below:
&! /UFW BLOCK/ You can use awk too:
awk '!/PATTERN/' logI use it when I've got more than of one "pattern" and I don't want to use two grep like:
... | grep -v foo | grep -v barwhich the syntax is:
awk '!/PATTERN/ && !/PATTERN2/' log 3