HOW TO GREP ON A KORN SHELL .SH_HISTORY FILE
If you've ever tried to "grep" through a Korn shell history file (.sh_history) you've noticed that it doesn't work.. Here is an example showing what happens when you try to do this. I am trying to grep for "rm" in the shell history file. You can "cat" the file and see the content, but when you grep it directly, or pipe cat to grep, nothing but blank lines appear:
The reason why this doesn't work is the .sh_history file is not just a text file, it has some extra non-printable characters in it. You can see some evidence of this in the weird characters shown on the first line of the file when it was displayed with cat. Also, if you do a "cat -v .sh_history" you can see this unprintable characters that are getting in the way of grep:
Also, if you run "file .sh_history" it will report as a "Ultrix-11 Stand-alone or boot executable". So the .sh_history file clearly has extra non-printable characters in it that are messing up our attempt to grep the file.
The solution to this is to use the "strings" utility. strings will look through a binary file and display sections of printable characters out of it. So we can run "strings .sh_history | grep rm" if we want to search through the .sh_history file for "rm"
However, there is one small problem with this... By default "strings" will only print sequences of 4 or more printable characters. So if you ran the command "ls" and then ran "strings .sh_history" it wouldn't show the "ls" line because it is less than 4 characters.
The solution to this is to run "strings -n 1 .sh_history | grep rm" which instructs "strings" to display all printable characters and thus every line in your .sh_history file will be searched by grep, regardless of length. In our example it doesn't make a difference since we don't have any commands less than 4 characters, but I just wanted to mention it in case anyone ever wonders why really short commands didn't show up with just the regular "strings .sh_history" command.
0 blogger-disqus:
Post a Comment