Tools

Tools: How to Use grep, awk, and sed Like a SysAdmin (2026)

2026-05-18 0 views admin
Tools: How to Use grep, awk, and sed Like a SysAdmin (2026)

Useful grep Options

Show line numbers

Invert match

Recursive search

Real SysAdmin Example

2. awk: Extract and Process Data

Print Multiple Columns

Filter by Condition

Real SysAdmin Example

3. sed: Stream Editing Made Simple

Replace All Matches

Delete Lines

Edit File Directly

Real SysAdmin Example

Combining Commands Like a SysAdmin

Common Beginner Mistakes

Using grep for everything

Editing files with sed without backup

Forgetting quotes

Quick Comparison If you work with Linux, you will eventually spend time reading logs, searching configuration files, and cleaning messy text output. At first, many people try to do this manually. Open file. Scroll. Search. Copy text. Repeat. That works for small tasks. But sysadmins do not work that way. They use command-line tools that solve problems in seconds. Three of the most useful tools are: If you learn these well, your Linux troubleshooting speed improves a lot. This post shows practical examples, not textbook definitions. Why These Three Commands Matter

Imagine these real situations: You want to find failed SSH login attempts. You want to extract IP addresses from logs. You want to replace a wrong server name in a config file. You want to count repeated entries. Doing this manually wastes time. This is where these commands help. Think of them like this: 1. grep: Find What Matters Fast

grep searches for matching text. This finds lines containing the word error. Helpful when log formats are inconsistent. Good for config debugging. Show lines that do NOT match: Useful when removing noisy logs. Search inside directories: Very useful for config hunting. Find failed SSH login attempts: This quickly shows suspicious login attempts. awk is excellent when data has columns. Show salaries above 6000: This is very useful for reports. Check logged-in users: sed helps modify text. Without global flag, only first match changes. g = global replacement Very useful when cleaning files. This changes the actual file. The real power comes from combining tools. Find failed SSH attempts and extract IP addresses: Now you know which IP is attacking most. This is real troubleshooting. But if you need column processing, use awk. changes the file immediately. Especially for complex patterns. Templates let you quickly answer FAQs or store snippets for re-use. Are you sure you want to ? It will become hidden in your post, but will still be visible via the comment's permalink. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse

Code Block

Copy

grep "pattern" filename grep "pattern" filename grep "pattern" filename grep "error" app.log grep "error" app.log grep "error" app.log database connection error api timeout error database connection error api timeout error database connection error api timeout error grep -i "error" app.log grep -i "error" app.log grep -i "error" app.log grep -n "server" nginx.conf grep -n "server" nginx.conf grep -n "server" nginx.conf 12:server_name example.com; 45:server_tokens off; 12:server_name example.com; 45:server_tokens off; 12:server_name example.com; 45:server_tokens off; grep -v "INFO" app.log grep -v "INFO" app.log grep -v "INFO" app.log grep -r "Listen 80" /etc/apache2 grep -r "Listen 80" /etc/apache2 grep -r "Listen 80" /etc/apache2 grep "Failed password" /var/log/auth.log grep "Failed password" /var/log/auth.log grep "Failed password" /var/log/auth.log Failed password for root from 192.168.1.10 Failed password for admin from 10.0.0.5 Failed password for root from 192.168.1.10 Failed password for admin from 10.0.0.5 Failed password for root from 192.168.1.10 Failed password for admin from 10.0.0.5 alice 5000 IT bob 7000 HR john 6500 DevOps alice 5000 IT bob 7000 HR john 6500 DevOps alice 5000 IT bob 7000 HR john 6500 DevOps awk '{print $1}' employees.txt awk '{print $1}' employees.txt awk '{print $1}' employees.txt alice bob john alice bob john alice bob john awk '{print $1, $3}' employees.txt awk '{print $1, $3}' employees.txt awk '{print $1, $3}' employees.txt alice IT bob HR john DevOps alice IT bob HR john DevOps alice IT bob HR john DevOps awk '$2 > 6000 {print $1, $2}' employees.txt awk '$2 > 6000 {print $1, $2}' employees.txt awk '$2 > 6000 {print $1, $2}' employees.txt bob 7000 john 6500 bob 7000 john 6500 bob 7000 john 6500 who pawan pts/0 2026-05-18 10:30 john pts/1 2026-05-18 11:00 pawan pts/0 2026-05-18 10:30 john pts/1 2026-05-18 11:00 pawan pts/0 2026-05-18 10:30 john pts/1 2026-05-18 11:00 who | awk '{print $1}' who | awk '{print $1}' who | awk '{print $1}' pawan john sed 's/old/new/' file.txt sed 's/old/new/' file.txt sed 's/old/new/' file.txt sed 's/dev/prod/' config.txt sed 's/dev/prod/' config.txt sed 's/dev/prod/' config.txt server=dev server=prod server=prod server=prod sed 's/error/warning/g' app.log sed 's/error/warning/g' app.log sed 's/error/warning/g' app.log sed '/^$/d' file.txt sed '/^$/d' file.txt sed '/^$/d' file.txt sed -i 's/localhost/db-server/' config.ini sed -i 's/localhost/db-server/' config.ini sed -i 's/localhost/db-server/' config.ini server_name oldsite.com; server_name oldsite.com; server_name oldsite.com; sed -i 's/oldsite.com/newsite.com/' nginx.conf sed -i 's/oldsite.com/newsite.com/' nginx.conf sed -i 's/oldsite.com/newsite.com/' nginx.conf grep "Failed password" /var/log/auth.log | awk '{print $11}' grep "Failed password" /var/log/auth.log | awk '{print $11}' grep "Failed password" /var/log/auth.log | awk '{print $11}' 192.168.1.10 10.0.0.5 192.168.1.10 10.0.0.5 192.168.1.10 10.0.0.5 grep "Failed password" /var/log/auth.log | awk '{print $11}' | sort | uniq -c grep "Failed password" /var/log/auth.log | awk '{print $11}' | sort | uniq -c grep "Failed password" /var/log/auth.log | awk '{print $11}' | sort | uniq -c 5 192.168.1.10 2 10.0.0.5 5 192.168.1.10 2 10.0.0.5 5 192.168.1.10 2 10.0.0.5 sed -i 's/test/prod/' file.conf sed -i 's/test/prod/' file.conf sed -i 's/test/prod/' file.conf cp file.conf file.conf.bak cp file.conf file.conf.bak cp file.conf file.conf.bak grep error file.txt grep error file.txt grep error file.txt grep "error" file.txt grep "error" file.txt grep "error" file.txt - grep = find text - awk = extract and process columns - sed = edit and transform text - $1 = first column - $2 = second column - $3 = third column

🏷️ Tags

toolsutilitiessecurity toolssysadminusefuloptionsnumbersinvert

More from Tools

Tools: SSH died. Spent 3 hours fixing the wrong thing. (2026)

Tools: SSH died. Spent 3 hours fixing the wrong thing. (2026)

2026-05-20 0
Tools: Ultimate Guide: MainWP vs ManageWP vs custom scripts: how I manage 15+ WordPress sites in 2025

Tools: Ultimate Guide: MainWP vs ManageWP vs custom scripts: how I manage 15+ WordPress sites in 2025

2026-05-20 0
Tools: Metrics: How cAdvisor and CRI Collect Kubernetes Stats Kubelet

Tools: Metrics: How cAdvisor and CRI Collect Kubernetes Stats Kubelet

2026-05-20 0
Tools: Essential Guide: GPU Observability for Workloads That Cannot Phone Home

Tools: Essential Guide: GPU Observability for Workloads That Cannot Phone Home

2026-05-20 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views