Thursday, March 21, 2013

A look at the reverse of Unix "cat"

 
How to look at log events with the opposite of our unix cat commands. The opposite of “Cat” is a “Dog” , but in this post was are going to look at “tac” which is the linux version of "cat", but backwards.


The linux command tac , is one of the most helpful linux command  & with regards to log parsing. And most don’t know about it,  or that it even exists.

Here’s a cat btw;




tac, allows for one to start at the ending of the page and work your way back up. It’s similar to how cat starts at the top of the file and works it’s way downward.

So let’s say you have a text.file of ip address;
[kfelix@aa1ab:~]> cat file | more
172.16.0.1

172.16.0.2

172.16.0.3

172.16.0.4

172.16.0.5

172.16.0.6

172.16.0.7

172.16.0.8

172.16.0.9

172.16.0.10

172.16.0.11

172.16.0.12

172.16.0.13

172.16.0.14

172.16.0.15

172.16.0.16

172.16.0.17

172.16.0.18

172.16.0.19

172.16.0.20

172.16.0.21

172.16.0.22

172.16.0.23

172.16.0.24

172.16.0.25

172.16.0.26

172.16.0.27

172.16.0.28

172.16.0.29

172.16.0.30
(and so on)

So If I wanted to  review the bottom of the  file and work my way back up, I could use the unix tac cmd to achieve this.

[kfelix@aa1ab:~]> tac file | more

172.16.0.254

172.16.0.253

172.16.0.252

172.16.0.251

172.16.0.250

172.16.0.249

172.16.0.248

172.16.0.247

172.16.0.246

172.16.0.245

172.16.0.244

172.16.0.243

172.16.0.242

172.16.0.241

172.16.0.240

(and so on )


So it’s the reverse of the standard unix cat. Great for stringing logged data from bottom to top, like in a systems log file. With grep and tac, you can easily find information within a text log file, from most current to past.

Note:  tac is a utility for most linux distros, it has no availability to read compressed files in the same manner of  zcat

Reference

http://unixhelp.ed.ac.uk/CGI/man-cgi?cat
http://unixhelp.ed.ac.uk/CGI/man-cgi?zcat
http://unixhelp.ed.ac.uk/CGI/man-cgi?tac


So remember, that we have tac as an alternative to cat, and both commands are helpful with parsing logs or other files.


Ken Felix
Freelance Network/Security Engineer
kfelix a-t hyperfeed d-o-t com

Posted by at

2 comments:

  1. jfMarch 21, 2013 at 7:18 AM

    Why not simply using less +G 1x.txt? :)
    cheers,

    ReplyDelete
    Replies
    1. socpuppetsMarch 21, 2013 at 10:29 AM

      Your correct, but the jest of this post was showing the cmd tac and how it relates to cat. That's why cat was bold numerous times in this thread.

      Your less example, is doable and their's 5 different ways to skin the cat ( no pun intended )

      :)

      Delete

Subscribe to: Post Comments (Atom)