![]() Without any further delay, let’s jump into tar command examples. Note: hyphen ( – ) in the tar command while using options is optional. -z, –gzip : Compress and extract the archive through gzip.-J, –xz : Compress and extrach the archive through xz.-j, –bzip2 : Compress and extract archive through bzip2.-C, –directory=DIR: Change to DIR before performing any operations.-X, –exclude-from=file : exclude patterns listed in file.-u, –update : only append files newer than copy in archive.-r, –append : append files to the end of an archive.-d, –diff, –compare : find differences between archive and file system.-x, –extract, –get : extract files from an archive.-t, –list : list the contents of an archive.Therefore, we need to use single quotes to prevent expanding variable names when starting tar. : 22:18:10 security alert: 10 times failed login from the same IPĪs the test above shows, we have three empty filenames in the output, as the shell variable $TAR_FILENAME doesn’t exist when we start the tar command. : 17:07:14 Security alert: 10 Permission Denied Requests from the same IP. : 22:08:14 security alert: 10 times failed login from the same IP So, for example, if we double-quote COMMAND, the $TAR_FILENAME variable will be expanded by the shell when invoking the tar command: $ tar xzf app_ -to-command="grep -label=$TAR_FILENAME -Hi 'security alert' true" This is because the TAR_* variables are assigned during tar‘s execution and passed to COMMAND. Therefore, we add the true command at the end to make COMMAND always return 0 and suppress those error messages.Īnother point we should note is we’ve wrapped COMMAND with single quotes. This messes up the output, which is definitely not what we want. Tar: Exiting with failure status due to previous errors Logs/app2/user.log: 22:08:14 security alert: 10 times failed login from the same IP $ tar xzf app_ -to-command='grep -label=$TAR_FILENAME -Hi "security alert"' ![]() Therefore, zgrep can search the files’ content in a compressed archive, but it cannot tell which file inside the archive hits the match. Here, we use the -O option to ask the tar command to extract files to Stdout instead of disk. Simply put, zgrep uses gzip to decompress the files to Stdout and pipes it to grep to perform the search.īasically, it’s pretty similar to the command: tar xzfO app_ | grep -Hai 'security alert' That means we can read the source to understand how it works. usr/bin/zgrep: POSIX shell script, ASCII text executable Next, to figure out why it happens, we need to understand how zgrep works.įirst, zgrep is just a shell script: $ file $(which zgrep) However, if we take a closer look at the filenames in the output, we only see the tar.gz file’s name instead of the names of the log files in the archive.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |