If you work with Linux, you will eventually spend time reading logs, searching configuration files, and cleaning messy text output.
At first, many people try to do this manually.
Open file. Scroll. Search. Copy text. Repeat.
That works for small tasks.
But sysadmins do not work that way.
They use command-line tools that solve problems in seconds.
Three of the most useful tools are:
grepawksed
If you learn these well, your Linux troubleshooting speed improves a lot.
This post shows practical examples, not textbook definitions.
Why These Three Commands Matter
Imagine these real situations:
You want to find failed SSH login attempts.
You want to extract IP addresses from logs.
You want to replace a wrong server name in a config file.
You want to count repeated entries.
Doing this manually wastes time.
This is where these commands help.
Think of them like this:
-
grep= find text -
awk= extract and process columns -
sed= edit and transform text
1. grep: Find What Matters Fast
grep searches for matching text.
Basic syntax:
grep "pattern" filename
Example:
grep "error" app.log
Output:
database connection error
api timeout error
This finds lines containing the word error.
Useful grep Options
Ignore case
grep -i "error" app.log
Matches:
- Error
- ERROR
- error
Helpful when log formats are inconsistent.
Show line numbers
grep -n "server" nginx.conf
Output:
12:server_name example.com;
45:server_tokens off;
Good for config debugging.
Invert match
Show lines that do NOT match:
grep -v "INFO" app.log
Useful when removing noisy logs.
Recursive search
Search inside directories:
grep -r "Listen 80" /etc/apache2
Very useful for config hunting.
Real SysAdmin Example
Find failed SSH login attempts:
grep "Failed password" /var/log/auth.log
Sample output:
Failed password for root from 192.168.1.10
Failed password for admin from 10.0.0.5
This quickly shows suspicious login attempts.
2. awk: Extract and Process Data
awk is excellent when data has columns.
Example file:
alice 5000 IT
bob 7000 HR
john 6500 DevOps
Print first column:
awk '{print $1}' employees.txt
Output:
alice
bob
john
Explanation:
-
$1= first column -
$2= second column -
$3= third column
Print Multiple Columns
awk '{print $1, $3}' employees.txt
Output:
alice IT
bob HR
john DevOps
Filter by Condition
Show salaries above 6000:
awk '$2 > 6000 {print $1, $2}' employees.txt
Output:
bob 7000
john 6500
This is very useful for reports.
Real SysAdmin Example
Check logged-in users:
who
Example output:
pawan pts/0 2026-05-18 10:30
john pts/1 2026-05-18 11:00
Extract usernames:
who | awk '{print $1}'
Output:
pawan
john
3. sed: Stream Editing Made Simple
sed helps modify text.
Basic replacement:
sed 's/old/new/' file.txt
Example:
sed 's/dev/prod/' config.txt
If file contains:
server=dev
Output:
server=prod
Replace All Matches
Without global flag, only first match changes.
Use:
sed 's/error/warning/g' app.log
g = global replacement
Delete Lines
Delete blank lines:
sed '/^$/d' file.txt
Very useful when cleaning files.
Edit File Directly
sed -i 's/localhost/db-server/' config.ini
Be careful.
This changes the actual file.
Real SysAdmin Example
Update nginx config:
Before:
server_name oldsite.com;
Command:
sed -i 's/oldsite.com/newsite.com/' nginx.conf
Fast and practical.
Combining Commands Like a SysAdmin
The real power comes from combining tools.
Example:
Find failed SSH attempts and extract IP addresses:
grep "Failed password" /var/log/auth.log | awk '{print $11}'
Output:
192.168.1.10
10.0.0.5
Count repeated IPs:
grep "Failed password" /var/log/auth.log | awk '{print $11}' | sort | uniq -c
Sample output:
5 192.168.1.10
2 10.0.0.5
Now you know which IP is attacking most.
This is real troubleshooting.
Common Beginner Mistakes
Using grep for everything
Yes, grep is useful.
But if you need column processing, use awk.
Editing files with sed without backup
This:
sed -i 's/test/prod/' file.conf
changes the file immediately.
Safer:
cp file.conf file.conf.bak
then edit.
Forgetting quotes
Wrong:
grep error file.txt
Better:
grep "error" file.txt
Especially for complex patterns.
Quick Comparison
| Tool | Best Use |
|---|---|
| grep | Search matching text |
| awk | Extract/process columns |
| sed | Replace/edit text |
Top comments (0)