How do I use multiple options for grep (on live output)?

Question

For example, when I do this

sudo tcpdump | grep -E '.dev:8888|ads' | grep -v 'adsl'

ALL output is suppressed for some reason, nothing is shown if I access ads.google.com for example, it does show when I remove the grep -v, so the base command works.

However, If I try to make a file containing:

test
test2

and do grep -E 'test|test2' | grep -v 'test2' I get my desired output (test). So what is the difference when it's constantly updating, and how would I use multiple options with grep to modify the output?

I know this will sound really strange butdid you try using `grep -e ".dev:8888" -e ads` instead of `grep -E '.dev:8888|ads'` ? — MelBurslan, Apr 01 '16 at 21:46
@MelBurslan that works in the same way. Working, but when I add `| grep -v 'adsl'` no output is shown. — DisplayName, Apr 01 '16 at 21:50

score 6 · Accepted Answer · edited Apr 13 '17 at 12:36

6

You may have a problem with line-buffering here. Instruct tcpdump and the intermediate grep command(s) to line-buffer their outputs as follows:

sudo tcpdump -l | grep --line-buffered -E '.dev:8888|ads' | grep -v 'adsl'

See also Turn off buffering in pipe for general solutions when these command options are not available.

edited Apr 13 '17 at 12:36

Community

1

answered Apr 01 '16 at 21:52

Guido

4,014
13
22

How do I use multiple options for grep (on live output)?

1 Answers1