HPE Community
Operating System - HP-UX
1819535 Members
383 Online
109603 Solutions
New Discussion юеВ

Grep a tar.gz file

 
Richard Briggs
Regular Advisor

тАО04-26-2004 02:43 AM

тАО04-26-2004 02:43 AM

Grep a tar.gz file

I have a huge log file (syslogs from other boxes)...and it is tar'd and then gzip'd.

I'd like to grep for an IP within this monster file on the fly without unzipping and untarring it in separate steps...

is there a way to grep an IP out of this log file in one command that will leave the tar.gz file in place while temporarily inflating to search the text?

#find / -name coffee | cup < cream
0 Kudos
Reply
9 REPLIES 9
Jeff_Traigle
Honored Contributor

тАО04-26-2004 07:57 AM

тАО04-26-2004 07:57 AM

Re: Grep a tar.gz file

For one log file, why tar it? If it's only gzip'd, you could do gzcat file | grep IP.
--
Jeff Traigle
0 Kudos
Reply
Geoff Wild
Honored Contributor

тАО04-26-2004 08:03 AM

тАО04-26-2004 08:03 AM

Re: Grep a tar.gz file

How about:

tar zxvf tar.gz |grep ip


Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
doug mielke
Respected Contributor

тАО04-26-2004 08:06 AM

тАО04-26-2004 08:06 AM

Re: Grep a tar.gz file

The only tool I can think of is strings, but a zipped ind tar'd file? MAy be woorth a shot.
0 Kudos
Reply
Richard Briggs
Regular Advisor

тАО04-26-2004 08:09 AM

тАО04-26-2004 08:09 AM

Re: Grep a tar.gz file

tar zxvf ...


.... tar: z: unknown option. tar: usage tar {txruc}[eONvVwAfblhm{op}][0-7[lmh]] [tapefile] [blocksize] [[-C directory] file] ...


I'm guessing "z" don't work ;-)
#find / -name coffee | cup < cream
0 Kudos
Reply
Geoff Wild
Honored Contributor

тАО04-26-2004 08:12 AM

тАО04-26-2004 08:12 AM

Re: Grep a tar.gz file

Ah - sorry - you need the gnu tar with option z:

http://hpux.ee.ualberta.ca/hppd/hpux/Gnu/tar-1.13.25/

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Jeff_Traigle
Honored Contributor

тАО04-26-2004 08:29 AM

тАО04-26-2004 08:29 AM

Re: Grep a tar.gz file

And even with GNU tar, aren't you missing an argument for the f option, Geoff? Shouldn't it be:

tar zxf - tar.gz | grep ip

Of course, without GNU tar and having the log file tar'd anyway, I believe you can still accomplish the same thing with

gzcat tar.gz | tar xf - | grep ip

At least I think I got that syntax correct. It's proving to be a long day. :)
--
Jeff Traigle
0 Kudos
Reply
H.Merijn Brand (procura
Honored Contributor

тАО04-26-2004 10:02 AM

тАО04-26-2004 10:02 AM

Re: Grep a tar.gz file

if it is indeed only one file only in the file, the change is low that the pattern is in the tar archive header, and you can ignore the tar format

# gzip -d < file.tar.gz | grep pattern

that's because tar does store the files unmodified. Same for GNU tar, which you don't need here.

Enjoy, Have FUN! H.Merijn
Enjoy, Have FUN! H.Merijn
0 Kudos
Reply
Rodney Hills
Honored Contributor

тАО04-26-2004 10:08 AM

тАО04-26-2004 10:08 AM

Re: Grep a tar.gz file

I think you will have restore the file from the tar archive before you can look for an "IP".

Doing a tar zxf file | grep ip will not work since tar (or even gnu tar) will restore content, not display the contents of an archived file.

If the tar archive truly only contains your one log file, then it would be better to just compress the log file and not deal with tar.

Then you could do a command like-
zcat mylogfile.Z | grep 10.10.10.10

HTH

-- Rod Hills
There be dragons...
0 Kudos
Reply
Stuart Browne
Honored Contributor

тАО04-26-2004 12:01 PM

тАО04-26-2004 12:01 PM

Re: Grep a tar.gz file

I agree with Merijn, but if you want to go the whole-hog, you could always:

gzip -cd file.tar.gz | tar xvf - | grep

But this does pretty much the same as what Merijn said.

But as has already been said, why 'tar' a single file? The whole point of 'tar' (tape archive) is to concatenate multiple-files into a single-file stream good for outputting to a tape device. The basic syntax is very similar to 'ar', used for making static-link libraries and other basic archive files.

Anybody know the history of the two, code wise?

Anyway, getting side tracked..

Admittadly not many use it for that purpose any more as there are much better backup routines/commands available, but instead use it to dump to a local filesystem, thus the '.tar' file ;)
One long-haired git at your service...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.