I'm having trouble searching in /var
due to a hang at /var/run
. I tried to exclude /var/run
, but its not producing expected results:
$ sudo grep -IR --exclude-dir="/var/run" '45.78.157.165' /var | egrep -v '(audit|access)'
/var/log/secure:Jun 21 14:08:34 cryptopp sshd[19729]: error: Received disconnect from 199.91.135.157: 3: com.jcraft.jsch.JSchException: reject HostKey: 45.78.157.165 [preauth]
/var/log/secure-20160626:Jun 21 14:08:34 cryptopp sshd[19729]: error: Received disconnect from 199.91.135.157: 3: com.jcraft.jsch.JSchException: reject HostKey: 45.78.157.165 [preauth]
/var/log/secure-20160626:Jun 21 14:08:34 cryptopp sshd[19729]: error: Received disconnect from 199.91.135.157: 3: com.jcraft.jsch.JSchException: reject HostKey: 45.78.157.165 [preauth]
grep: /var/run/saslauthd/mux: No such device or address
grep: /var/run/dbus/system_bus_socket: No such device or address
grep: /var/run/rpcbind.sock: No such device or address
grep: /var/run/udev/control: No such device or address
I've tried both -exclude-dir=/var/run
and -exclude-dir="/var/run"
. Both produce the same results.
Why is my grep failing?
How do I exclude /var/run
from a recursive grep?
CentOS 7.2, with Grep:
$ grep --version
grep (GNU grep) 2.20
Copyright (C) 2014 Free Software Foundation, Inc.
Best Answer
I think it's probably because you're explicitly asking
grep
to search recursively from/var
, and/var/run
does not match a SUBDIRECTORY under/var
.See grep man page, which states:
FIX
Therefore, to fix your command, change the exclude pattern, i.e.: