grep Pattern Matching
Pattern matching with grep - regular expressions, context, and file filtering.
Basic Search
Lines containing pattern
grep 'pattern' fileLines NOT containing pattern
grep -v 'pattern' fileCount matching lines
grep -c 'pattern' fileShow line numbers
grep -n 'pattern' fileCase insensitive
grep -i 'error' fileWhole word only
grep -w 'error' fileFiles containing pattern
grep -l 'pattern' *.txtFiles NOT containing pattern
grep -L 'pattern' *.txtRecursive Search
Recursive with line numbers
grep -rn 'pattern' /pathRecursive, filenames only
grep -rl 'pattern' /pathExclude directories
grep -r --exclude-dir='.git' 'pattern' .Include only specific extensions
grep -rn --include='*.adoc' 'pattern' docs/Context Lines
3 lines AFTER match
grep -A3 'pattern' file3 lines BEFORE match
grep -B3 'pattern' file3 lines BEFORE and AFTER
grep -C3 'pattern' fileExtract only matching part
grep -o 'pattern' fileMultiple Patterns
OR with -e flags
grep -e 'pat1' -e 'pat2' fileOR with ERE
grep -E 'error|warn|fatal' fileOR with BRE (escaped)
grep 'error\|warn' fileRegex Types
BRE - Basic (default)
grep 'go\+d' fileERE - Extended
grep -E 'go+d' filePCRE - Perl Compatible
grep -P '\d+' fileAnchors
Lines starting with pattern
grep '^#' fileLines ending with pattern
grep 'end$' fileEmpty lines
grep '^$' fileNon-empty lines
grep -v '^$' fileLines NOT starting with #
grep '^[^#]' fileCharacter Classes
Any digit
grep '[0-9]' fileAny letter
grep '[a-zA-Z]' filePOSIX digit class
grep '[[:digit:]]' filePOSIX alphanumeric
grep '[[:alnum:]]' filePCRE digit shortcut
grep -P '\d' filePCRE word character
grep -P '\w' fileQuantifiers
Zero or more (BRE)
grep 'go*d' fileOne or more (ERE)
grep -E 'go+d' fileZero or one (ERE)
grep -E 'go?d' fileExactly N times (ERE)
grep -E 'go{2}d' fileN to M times (ERE)
grep -E 'go{2,4}d' fileGroups and Backreferences
Grouping with alternation
grep -E 'gr(a|e)y' fileRepeated group
grep -E '(ab)+' fileBackreference - repeated character
grep -E '(.)\1' fileOutput Control
Only matching part
grep -o 'pattern' fileNo filename prefix
grep -h 'pattern' filesForce filename prefix
grep -H 'pattern' fileStop after N matches
grep -m5 'pattern' fileQuiet mode for scripts
grep -q 'pattern' file && echo "found"Force color output
grep --color=always 'pattern' fileFixed Strings (Faster)
Literal string, no regex
grep -F 'literal.string' fileMatch patterns from file
grep -F -f patterns.txt fileScripting
Check if pattern exists
grep -q 'pattern' file && echo "found" || echo "not found"Count and compare
count=$(grep -c 'ERROR' log); [[ $count -gt 10 ]] && echo "Too many: $count"Process matching files
grep -l 'pattern' *.py | while read f; do echo "Found in: $f"; doneHeaders
Document title (Level 1)
grep -n '^= ' file.adocLevel 2 headers
grep -n '^== ' file.adocLevel 3 headers
grep -n '^=== ' file.adocAll headers (outline)
grep -nE '^={1,5} ' file.adocHeaders containing keyword
grep -n '^={2,4}.*deploy' docs/**/*.adocAttributes
Document attributes
grep -nE '^:[a-z]' file.adocAntora attributes (4-space indent)
grep -E '^ [a-z]' antora.ymlAttribute usage in file
grep -n '{[a-z][a-z0-9-]*}' file.adocExtract unique attributes used
grep -oE '\{[a-z][a-z0-9-]*\}' file.adoc | sort -uEscaped attributes
grep -n '\\{' file.adocIncludes
All includes
grep -n 'include::' file.adocPartial includes
grep -n 'include::partial\$' file.adocExample includes
grep -n 'include::example\$' file.adocCross-component includes
grep -n 'include::[a-z-]*::' file.adocCross-References
All xrefs
grep -n 'xref:' file.adocSame-component xrefs
grep -nE 'xref:[^:]+\.adoc' file.adocCross-component xrefs
grep -nE 'xref:[a-z-]+::' file.adocXrefs with anchors
grep -n 'xref:.*#' file.adocExternal links
grep -nE 'https?://' file.adocSource Blocks
All source blocks
grep -n '\[source,' file.adocBash source blocks
grep -n '\[source,bash' file.adocYAML source blocks
grep -n '\[source,yaml' file.adocBlocks with attribute substitution
grep -n 'subs=attributes' file.adocAdmonitions
NOTE blocks
grep -n '^NOTE:' file.adocTIP blocks
grep -n '^TIP:' file.adocWARNING blocks
grep -n '^WARNING:' file.adocIMPORTANT blocks
grep -n '^IMPORTANT:' file.adocCAUTION blocks
grep -n '^CAUTION:' file.adocLists
Unordered list items
grep -n '^\* ' file.adocOrdered list items
grep -n '^\. ' file.adocUnchecked tasks
grep -n '\[ \]' file.adocChecked tasks
grep -n '\[x\]' file.adocTables
Table delimiters
grep -n '^\|===' file.adocTable column specs
grep -n '\[cols=' file.adocImages
Block images
grep -n '^image::' file.adocSVG diagrams
grep -n 'image::.*\.svg' file.adocMetadata
Description attribute
grep -n '^:description:' file.adocNav title
grep -n '^:navtitle:' file.adocTOC attributes (should NOT exist)
grep -n ':toc' file.adocAnchors
Block anchors
grep -n '\[\[' file.adocInline anchors
grep -n '\[#' file.adocAnchor references
grep -n '<<' file.adocPhase Navigation
Find all phases
grep -n '^=== Phase' runbook.adocFind phase with context (30 lines)
grep -n -A30 '^=== Phase 3:' runbook.adocList phase titles only
grep -oE '^=== Phase [0-9]+:.*' runbook.adocCount phases
grep -c '^=== Phase' runbook.adocFind phase by keyword
grep -n '^=== Phase.*firewall' runbook.adocShow all section headers
grep -nE '^={2,4} ' runbook.adocValidation Blocks
Find pre-validation sections
grep -n -A10 'Pre-Validation' runbook.adocFind post-validation sections
grep -n -A10 'Post-Validation' runbook.adocFind PRE-N labels
grep -nE '\*\*PRE-[0-9]+\*\*' runbook.adocFind POST-N labels
grep -nE '\*\*POST-[0-9]+\*\*' runbook.adocFind Expected output blocks
grep -n -A5 'Expected:' runbook.adocTask Tracking
Find uncompleted checkboxes
grep -n '\[ \]' runbook.adocFind completed checkboxes
grep -n '\[x\]' runbook.adocCount TODO vs DONE
echo "TODO: $(grep -c '\[ \]' runbook.adoc)"; echo "DONE: $(grep -c '\[x\]' runbook.adoc)"Find pending tasks with context
grep -n -B1 '\[ \]' runbook.adocCommand Extraction
Find all source blocks
grep -n '\[source,' runbook.adocFind bash command blocks
grep -n '\[source,bash' runbook.adocFind VyOS set commands
grep -n '^set ' runbook.adocFind kubectl commands
grep -n 'kubectl' runbook.adocFind ssh commands
grep -n '^ssh ' runbook.adocFind variable assignments
grep -nE '^[A-Z_]+=.' runbook.adocSession Variables
Find session variables section
grep -n -A50 'Session Variables' runbook.adocExtract variable definitions
grep -nE '^[A-Z_]+="' runbook.adocList all variable names
grep -oE '^[A-Z_]+=' runbook.adoc | sort -uCross-References
Find all xrefs
grep -n 'xref:' runbook.adocFind cross-component xrefs
grep -nE 'xref:[a-z-]+::' runbook.adocFind include directives
grep -n 'include::' runbook.adocAdmonitions
Find all warnings
grep -n 'WARNING:' runbook.adocFind all cautions
grep -n 'CAUTION:' runbook.adocFind all important notes
grep -n 'IMPORTANT:' runbook.adocFind warning with context
grep -n -A3 'WARNING:' runbook.adocStructure Analysis
Show document outline
grep -nE '^={1,4} ' runbook.adocCount sections by level
echo "L2: $(grep -c '^== ' runbook.adoc)"; echo "L3: $(grep -c '^=== ' runbook.adoc)"Find tables
grep -n '^\|===' runbook.adocRunbook complexity summary
echo "Phases: $(grep -c '^=== Phase' runbook.adoc)"; echo "Validations: $(grep -c 'PRE-\|POST-' runbook.adoc)"; echo "Commands: $(grep -c '\[source,bash\]' runbook.adoc)"IP Addresses
Find all IPv4 addresses
grep -E '([0-9]{1,3}\.){3}[0-9]{1,3}' fileExtract IPs only
grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' fileUnique IPs sorted
grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' file | sort -uIPv4 with CIDR notation
grep -E '([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}' fileDATA VLAN subnet
grep '10\.50\.1\.' fileMGMT VLAN subnet
grep '10\.50\.10\.' filePrivate IP ranges
grep -E '(10\.|172\.(1[6-9]|2[0-9]|3[01])\.|192\.168\.)' fileMAC Addresses
Colon-separated (Unix)
grep -Ei '([0-9a-f]{2}:){5}[0-9a-f]{2}' fileHyphen-separated (Windows)
grep -Ei '([0-9a-f]{2}-){5}[0-9a-f]{2}' fileDot-separated (Cisco)
grep -Ei '([0-9a-f]{4}\.){2}[0-9a-f]{4}' fileExtract MACs only
grep -oEi '([0-9a-f]{2}:){5}[0-9a-f]{2}' fileVMware OUI
grep -Ei '(00:0c:29|00:50:56):' filePorts
Port in URL format
grep -E ':[0-9]{1,5}(/|$| )' fileCommon service ports
grep -E '\b(22|80|443|389|636|53|88|123)\b' fileKubernetes ports
grep -E '\b(6443|10250|10251|10252)\b' fileWeb service ports
grep -E '\b(8080|8443|9090|9200)\b' fileVLANs
VLAN ID references
grep -iE 'vlan[[:space:]]*[0-9]+' fileExtract VLAN IDs
grep -oiE 'vlan[[:space:]]*[0-9]+' file | grep -oE '[0-9]+'Trunk configurations
grep -iE 'trunk|tagged|untagged' fileDNS
FQDN patterns
grep -E '[a-z0-9-]+\.[a-z0-9-]+\.[a-z]{2,}' fileInternal domain
grep '\.domusdigitalis\.dev' fileDNS record types
grep -iE '\b(A|AAAA|CNAME|MX|NS|PTR|SOA|SRV|TXT)\b' fileNameserver references
grep -iE 'nameserver|dns[_-]?server' fileFirewall
VyOS firewall commands
grep '^set firewall' fileFirewall zones
grep -E 'zone[[:space:]]+(LAN|WAN|DMZ|MGMT|DATA)' fileAllow/Deny rules
grep -iE '\b(accept|permit|allow|drop|deny|reject)\b' fileAddress groups
grep -E 'address-group|network-group' fileRouting
BGP patterns
grep -E 'bgp|as[[:space:]]*[0-9]+' fileBGP neighbors
grep -E 'neighbor[[:space:]]+[0-9]+\.' fileStatic routes
grep 'set protocols static' fileDefault gateway
grep -iE 'default[[:space:]]+(route|gateway)|0\.0\.0\.0/0' fileVRRP configuration
grep -iE 'vrrp|virtual[[:space:]]+router' fileInterfaces
Linux interface names
grep -E '\b(eth|ens|enp|eno)[0-9]+' fileBridge interfaces
grep -E 'br[0-9]+|bond[0-9]+' fileVyOS interface config
grep 'set interfaces ethernet' fileVLAN subinterfaces
grep -E 'eth[0-9]+\.[0-9]+' fileCertificates
Certificate paths
grep -E '/etc/ssl/certs|\.pem|\.crt|\.key' fileCertificate subjects
grep -E 'CN=|O=|OU=' filePEM markers
grep 'BEGIN CERTIFICATE\|END CERTIFICATE' fileServices
Infrastructure services
grep -iE '\b(vault|ise|bind|keycloak|wazuh|k3s)\b' fileService URLs
grep -E 'https?://[a-z0-9-]+\.[a-z]+' fileSystemd services
grep -E '\.service\b' fileHostnames
Host-NN pattern
grep -E '[a-z]+-[0-9]+' fileInfrastructure hosts
grep -E '(vault|ise|bind|k3s|kvm|vyos)-[0-9]+' fileList unique hosts
grep -oE '(vault|ise|bind|k3s|kvm|vyos|wazuh)-[0-9]+' file | sort -uExtract Definitions
All attributes from antora.yml
grep -E '^ [a-z]' antora.ymlAttribute names only
grep -oE '^ [a-z][a-z0-9-]*' antora.yml | tr -d ' 'Count total attributes
grep -c '^ [a-z]' antora.ymlBy Category
Vault attributes
grep -E '^ vault-' antora.ymlISE attributes
grep -E '^ ise-' antora.ymlk3s attributes
grep -E '^ k3s-' antora.ymlVyOS attributes
grep -E '^ vyos-' antora.ymlBIND attributes
grep -E '^ bind-' antora.ymlPort attributes
grep -E '^ port-' antora.ymlVLAN attributes
grep -E '^ vlan-' antora.ymlBy Type
IP attributes
grep -E '^ [a-z]+-ip:' antora.ymlHostname attributes
grep -E '^ [a-z]+-hostname:' antora.ymlMAC attributes
grep -E '^ [a-z-]+-mac:' antora.ymlFind Usage
All attribute refs in file
grep -n '{[a-z][a-z0-9-]*}' file.adocUnique attributes used
grep -oE '\{[a-z][a-z0-9-]*\}' file.adoc | sort -uCount attribute usage
grep -oE '\{[a-z][a-z0-9-]*\}' file.adoc | sort | uniq -c | sort -rnFind specific attribute usage
grep -rn '{vault-ip}' docs/Files using specific attribute
grep -rl '{ise-pan-ip}' docs/Validation
Check if attribute exists
grep -q '^ vault-ip:' antora.yml && echo "OK" || echo "MISSING"Find attribute value
grep '^ vault-ip:' antora.ymlMatch IP to attribute
grep '10.50.1.60' antora.ymlSource blocks with subs=attributes
grep -n 'subs=attributes' file.adocAudit Hardcoded
Hardcoded IPs (should be attributes)
grep -nE '([0-9]{1,3}\.){3}[0-9]{1,3}' file.adocHardcoded IPs excluding attribute lines
grep -nE '([0-9]{1,3}\.){3}[0-9]{1,3}' file.adoc | grep -v '{.*-ip}'Hardcoded hostnames
grep -nE '[a-z]+-[0-9]+\.inside\.domusdigitalis\.dev' file.adocIPs in backticks (bad pattern)
grep -n '`10\.' file.adocReports
Count hardcoded vs attributes
echo "Hardcoded: $(grep -cE '([0-9]{1,3}\.){3}[0-9]{1,3}' file.adoc)"; echo "Attributes: $(grep -c '{[a-z-]*-ip}' file.adoc)"Unique IPs in file
grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' file.adoc | sort -uMost used attributes
grep -rhE '\{[a-z][a-z0-9-]*\}' docs/**/*.adoc | sort | uniq -c | sort -rn | head -20Pre-Write Check
Verify attributes before writing
grep -oE '\{[a-z][a-z0-9-]+\}' file.adoc | tr -d '{}' | sort -u | while read attr; do grep -q "^ $attr:" antora.yml || echo "UNDEFINED: $attr"; doneFind undefined in staged files
git diff --cached --name-only -- '*.adoc' | xargs grep -ohE '\{[a-z][a-z0-9-]+\}' | tr -d '{}' | sort -u | while read attr; do grep -q "^ $attr:" antora.yml || echo "UNDEFINED: $attr"; doneHardcoded IPs
Find all hardcoded IPv4
grep -nE '([0-9]{1,3}\.){3}[0-9]{1,3}' file.adocExtract unique IPs
grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' file.adoc | sort -uRecursive in docs
grep -rnE '([0-9]{1,3}\.){3}[0-9]{1,3}' docs/**/*.adocExclude attribute lines
grep -nE '([0-9]{1,3}\.){3}[0-9]{1,3}' file.adoc | grep -v '{.*-ip}'Hardcoded Hostnames
FQDN patterns
grep -nE '[a-z]+-[0-9]+\.inside\.domusdigitalis\.dev' file.adocShort hostnames
grep -nE '\b(vault|ise|bind|k3s|kvm|vyos|wazuh)-[0-9]+\b' file.adocExclude attribute lines
grep -nE '[a-z]+-[0-9]+\.inside\.' file.adoc | grep -v '{.*-hostname}'Hardcoded Ports
Port numbers in config
grep -nE 'port[[:space:]]+[0-9]+' file.adocCommon service ports
grep -nE '\b(22|80|443|389|636|53|88|123|8443|6443)\b' file.adocExclude attribute lines
grep -nE 'port[[:space:]]+[0-9]+' file.adoc | grep -v '{port-'Hardcoded MACs
MAC addresses
grep -niE '([0-9a-f]{2}:){5}[0-9a-f]{2}' file.adocExclude attribute lines
grep -niE '([0-9a-f]{2}:){5}[0-9a-f]{2}' file.adoc | grep -v '{.*-mac}'Bad Patterns
IPs in backticks
grep -n '`10\.' file.adocHostnames in backticks
grep -nE '`[a-z]+-[0-9]+`' file.adocAttribute Verification
Check attribute exists
grep -q '^ vault-ip:' antora.yml && echo "OK" || echo "MISSING"List all attributes
grep -E '^ [a-z]' antora.ymlFind IP attributes
grep -E '^ [a-z]+-ip:' antora.ymlMatch IP to attribute
grep '10.50.1.60' antora.ymlComparison
Count hardcoded vs attributes
echo "Hardcoded: $(grep -cE '([0-9]{1,3}\.){3}[0-9]{1,3}' file.adoc)"; echo "Attributes: $(grep -c '{[a-z-]*-ip}' file.adoc)"Full audit summary
f="vyos-deployment.adoc"; echo "=== $f ==="; echo "IPs: $(grep -cE '([0-9]{1,3}\.){3}[0-9]{1,3}' $f)"; echo "Hosts: $(grep -cE '[a-z]+-[0-9]+\.inside\.' $f)"; echo "Attrs: $(grep -c '{[a-z-]*}' $f)"Pre-Commit
Hardcoded IPs in staged files
git diff --cached --name-only | xargs grep -lE '([0-9]{1,3}\.){3}[0-9]{1,3}'Undefined attributes in file
grep -oE '\{[a-z][a-z0-9-]+\}' file.adoc | tr -d '{}' | sort -u | while read attr; do grep -q "^ $attr:" antora.yml || echo "UNDEFINED: $attr"; done