Grep Cheat Sheet


Active Member
Jan 2, 2016
Hello Linux lovers and haters,

grep is most certainly amazing whether you have a headache or get excited about 'er.

Here are some exciting ways to use grep to check for important information within logs.

Who has logged in today?

You may use w | grep "root" or who | grep "root" to find out who is currently in a root session. If you wanted to do something such as send a text message to your phone or email every 10 minutes showing the logged in users you could just create a cron job. If no one is logged in of course then you would be receiving no alerts. Kind of an interesting idea for a low volume sign-in server. Or maybe it could only go off if there are more than 1 root sessions in the event someone shares root credentials and more root sessions are active than normal or within a certain time frame. E.g. 2 root sessions within 1 minute alert.

Checking the security log on CentOS for failed:
grep "failed" /var/log/secure

More coming soon.

With nmap installed you could find open ports locally via:
nmap -O localhost | grep "open"

Who is accessing the website admin panel?
grep "GET /admin" /var/log/httpd/access_log
grep "POST /admin" /var/log/httpd/access_log

Why does SELinux use crystal meth?
grep "SELinux" /var/log/messages
Last edited: