Linux – Grep not honoring –exclude-dir

greplinux

I'm having trouble searching in /var due to a hang at /var/run. I tried to exclude /var/run, but its not producing expected results:

$ sudo grep -IR --exclude-dir="/var/run" '45.78.157.165' /var | egrep -v '(audit|access)'
/var/log/secure:Jun 21 14:08:34 cryptopp sshd[19729]: error: Received disconnect from 199.91.135.157: 3: com.jcraft.jsch.JSchException: reject HostKey: 45.78.157.165 [preauth]
/var/log/secure-20160626:Jun 21 14:08:34 cryptopp sshd[19729]: error: Received disconnect from 199.91.135.157: 3: com.jcraft.jsch.JSchException: reject HostKey: 45.78.157.165 [preauth]
/var/log/secure-20160626:Jun 21 14:08:34 cryptopp sshd[19729]: error: Received disconnect from 199.91.135.157: 3: com.jcraft.jsch.JSchException: reject HostKey: 45.78.157.165 [preauth]
grep: /var/run/saslauthd/mux: No such device or address
grep: /var/run/dbus/system_bus_socket: No such device or address
grep: /var/run/rpcbind.sock: No such device or address
grep: /var/run/udev/control: No such device or address

I've tried both -exclude-dir=/var/run and -exclude-dir="/var/run". Both produce the same results.

Why is my grep failing?

How do I exclude /var/run from a recursive grep?

CentOS 7.2, with Grep:

$ grep --version
grep (GNU grep) 2.20
Copyright (C) 2014 Free Software Foundation, Inc.

Best Answer

I think it's probably because you're explicitly asking grep to search recursively from /var, and /var/run does not match a SUBDIRECTORY under /var.

See grep man page, which states:

--exclude-dir=glob
    [..] skip any subdirectory whose base name matches glob.  [..]

FIX

Therefore, to fix your command, change the exclude pattern, i.e.:

sudo grep -IR --exclude-dir="run" '45.78.157.165' /var | egrep -v '(audit|access)'
Related Question