Character Classes
A character class is a list of characters that are used to create a match. These characters are placed inside “[ ]”. The brackets represent a container that is used to house possible matches. A key to note is that the match is one character match in the set, it is not multiple characters. This example shows a character set that lists the contents of the /etc/postfix directory but only those files that start with “m” OR “v”.
ls /etc/postfix/ | grep ^[mv]
main.cf
main.cf.default
main.cf_orig
makedefs.out
master.cf
virtual
virtual_alias_domains
virtual_alias_domains.db
virtual_alias_maps
virtual_alias_maps.db
Once a match occurs the search is over. So if you had this command:
ls /etc/postfix/ | grep ^[main]
The search is for “m” or “a” or “i” or “n”…the search does not look for a string like “main”. This is key to understanding the difference with the use of parentheses which provides a totally different search.
Matching One of a Number of Characters
If you wanted to match one of two characters, case differences for example, place them in the “ [ ]” and the search will match either. in In the example, the text string will match either “fail” or “Fail” and you can see two separate examples are discovered in the logs.
grep [fF]ail secure
Sep 22 16:39:39 localhost sshd[20510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192-168-6-119
Sep 22 16:39:41 localhost sshd[20510]: Failed password for invalid user rob from 192.168.3.89 port 46083 ssh2
Comments on this entry are closed.