Every system admin has a moment when a simple “look at that file” turns
into a three-hour hunt for information. That’s where the old friends
grep, head, tail, cut, less and sed come in. They’re not
fancy new tools; they’re tried-and-true helpers that can save you hours
of repetitive work.
You might think, “I already know these.” Yet many junior admins skip
them entirely because the learning curve feels steep. The truth is: a
few quick commands give you instant power over logs, config files, and
data streams. Let’s revisit each tool with clear examples so you can put
them back into your daily toolkit.
1. grep – “find it fast”
grep searches for patterns in text. It’s the command-line equivalent
of a search box on your phone, but far more flexible.
# Find all lines containing "error" in Apache logs grep -i error /var/log/apache2/error.log
Tips
-i: ignore case.-n: show line numbers (great for later reference).-v: invert match – shows everything except the pattern.
Real-world use: Spotting failed login attempts in /var/log/auth.log.
grep "Failed password" /var/log/auth.log | tail -n 10
Here we pipe the result to tail (see below) to see only the last ten
failures.
2. head & tail – “quick peek”
head shows the first N lines, tail the last N. Default is 10 lines.
# First 20 lines of a config file head -n 20 /etc/nginx/nginx.conf # Last 5 lines of a log tail -n 5 /var/log/syslog
Combine with other tools
tail -f follows a file as it grows—useful for live logs.
tail -f /var/log/apache2/access.log
You can also combine head and grep.
# Show first 30 lines that contain "timeout" head /var/log/mysql/error.log | grep timeout
3. cut – “slice it”
cut extracts specific columns or fields from a file. Think of it as a
text-based spreadsheet slicer.
# Show just the usernames in /etc/passwd cut -d: -f1 /etc/passwd
-d:sets colon (:) as the delimiter.-f1grabs field one (the username).
Practical example: Pull all IP addresses from a hosts file.
cut -d' ' -f2 /etc/hosts
If your file is comma-separated:
cut -d',' -f3 data.csv
4. less – “read it all”
less lets you view large files page by page without loading the entire
file into memory.
less /var/log/kern.log
- Press
Spaceto go down a page,bto go back. /patternsearches forward;?patternbackward.nrepeats last search.
Why less over cat? cat dumps everything at once, which can scroll
past the line you need. less gives you control and speed.
5. sed – “edit it on-the-fly”
sed (stream editor) does quick text replacements or deletions without
opening an editor.
# Replace "foo" with "bar" in a file, show result only sed 's/foo/bar/g' /etc/hosts # Delete lines 10–20 sed '10,20d' myfile.txt
s/pattern/replacement/g– global substitution.ddeletes the matched line(s).
Common admin tasks
- Mask passwords in a config dump (never commit them!)
sed -E ‘s/(password=)[^&]+/\1******/’ secrets.conf > masked.conf - Insert a comment at the top of a file
sed -i ‘1 i # Generated by admin script’ /etc/ssh/sshd_config - Quickly change all
localhostto your server’s IP
sed -i ‘s/localhost/192.168.1.10/g’ /var/www/html/config.php
Putting it together: a mini-workflow
Suppose you’re troubleshooting why an Nginx worker keeps dying.
# 1. Look at the last few lines of the error log tail -n 20 /var/log/nginx/error.log | grep "worker" # 2. If the error mentions a file, show its first few lines head -n 5 /etc/nginx/conf.d/*.conf # 3. Check that all included files have correct syntax grep -r "include" /etc/nginx/ | cut -d' ' -f2 | while read f; do nginx -t -c "$f"; done
This simple chain of commands quickly surfaces the culprit without
opening an editor or manually scrolling through dozens of lines.
Bottom line
The command-line toolbox is small, but powerful. Mastering grep,head, tail, cut, less, and sed turns a tedious admin task into
a swift operation. They’re not just for “big data” scenarios; even
everyday log checks become effortless.
Next time you find yourself scrolling through 10 000-line logs, remember
that a single pipe can do the heavy lifting:
grep -i error /var/log/*.log | head -n 5 | less
Try these patterns in your environment. They’ll become second nature and
keep those hours of manual work at bay.
Happy hacking!
Tom's IT Cafe 