A basic, but very useful command I use in the day to day management of my servers is the Unix find command. The find command will search through directories looking for files that match your search criteria.
The most command tasks I use the find command for are to:
- Find files greater than X kBytes, especially log files that are getting big.
- Find files modified in the last X days. This is useful for finding old log files and deleting them.
- Finding files that have a certain keyword in their file name. For example, finding everything named *.txt.
- Using find to execute grep to look through the content of the files for certain keywords.
I’m not going to go into an exhaustive review of every single option to the command find, you can do that on your own by typing the command man find from your shell prompt.
However, I will share the structure of the most common commands I use. These commands have been used on RedHat Linux servers and the syntax may be slightly different for other flavors of unix.
To search for files that have a certain keyword in their name, use the find command as follows, specifying the directory to start looking in (/usr/bin), and the filename expression to match (*conf*).
find /usr/bin -name "*conf*"
Next, to find files log files that haven’t been touched in the last 14 days, I use a command as follows:
find /var/log -mtime +14 -name "*.log" -exec ls -l {} \;
The command will start looking in the /var/log directory, use the mtime command to specify files not modified in 14 or more days, filter the filename to those ending in .log, and lastly we execute the ls –l command on the file to display its size, attributes, etc.
The –exec option requires a little explaining on its structure and purpose. Once you master it you will add a lot of power to your find scripts. Basically, the –exec option tells find to execute the command you specify on each file it finds. First of all, we need to tell the find command to execute a command. This is why we specify the –exec option. Next we list the command we want to run. In our case above, we tell it to run ls –l. Lastly we include the argument {} which inserts each file found by find into the command to execute. The \; argument at the end tells find that it is the end of the exec command. The full exec component to the command is then -exec ls -l {} \;
To continue the example above, instead of running the ls command on the files, lets say we want to delete them. Here is the command:
find /var/log -mtime +14 -name "*.log" -exec rm -f {} \;
Now, lets say we want to take all the files ending in .sh in the current directory, and set their privileges to 755. Here is the command:
find ./ -name *.sh -exec chmod 755 {} \;
Another common task I do is to search for files greater than 50MB. I typically do this to find unknown log files that are growing too large. The command for this is:
find / -size +50000k -exec ls -l {} \;
The above command will start at the root directory and list every file that is 50,000 Kilobytes or more. This will typically get me a base listing of all files, and then I may search for common file extensions and filter the list further to zone in on specific file types. For example, I may add the –name “*.log” option to the command to just get log files.
The last powerful thing I use find for is to help me identify and fix shell scripts when I do system migrations or upgrades. For example, at one point in my career I had a bunch of shell scripts that had hard coded paths to our Oracle 8i bin directory. We were upgrading to Oracle 9.0.5, and I wanted to find all of these scripts. Well, I was able to use the find command to search through all files to see if they contain a specific string. It took a while to run, but it worked. An example is:
find . -exec grep -l "8.0.4" '{}' \; -print
Or, lets say I want to search through my apache server logs all at once for a specific IP address. The command looks like:
find /var/log/httpd -exec grep -l "192.168.1.1" '{}' \; -print
Hopefully you’ll find this simple example useful! Another really useful utility on my Linux systems is the locate command. I hope you’ll check that one out also by doing a man locate.
del.icio.us
Digg
StumbleUpon