I am trying to find which file contains a specific string in a server I'm working on. I tried with grep -rnw but the server is immense and it would take probably days to complete. I have no idea of where the file can be located nor how it is named. The only thing I know is that it is modified nearly every day (don't know the exact time or the frequency if there is any).

An approach would be to list every files of the system that have been modified within the past 2 days, and apply the grep search to these files, but I don't know how to achieve this.

CodePudding user response：

You can indeed use find to filter for recently modified files and only grep over those:

find / -type f -mtime -2 -exec grep -H -n "your search query" '{}' \;

• -type f only matches regular files
• -mtime -2 matches files modified in the last 2 days (maybe increase this just in case)
• -exec executes the following command on all matches of find
• -H tells grep to print the filenames alongside the matching line
• -n prints the matched line number

CodePudding user response：

find ./ -mtime -2 -exec grep "ABC" {} /dev/null \; -ls

Some explanation:

• -mtime -2 : take the files, which have been modified the last two days (you might modify the value as you wish
• grep "ABC": the string you're looking for
• -exec do_something {} \; : this is the way to execute "do_something" with your search result (known as {})
• -ls : adding this to your find command gives the complete information on the file you have found. This can be omitted as you wish

CodePudding user response：

Your other answers so far all suggest using find's -exec feature to run a grep command for each candidate file identified. That's viable, but launching hundreds or thousands of separate grep commands would be costly. It would be more efficient to combine find with xargs to reduce the number of separate grep commands to a minimum:

find / -type f -mtime -2 -print0 |
  xargs -r0 grep -Fnw 'search string'

xargs will group the file names read from its standard input to form argument lists for grep commands starting with the given words, yielding a huge reduction in the number of separate grep commands.

Note also that:

• The example command uses extensions provided by GNU find and GNU xargs. Removing the two 0s from the example command would fix that, but leave you open to issues involving file names containing newlines.
• The -F option, as shown, will make grep slightly more efficient for the case you describe, where the search term is a fixed string. It will also protect you against the possibility of the search term being misinterpreted in the event that it contains any regex metacharacters.
• find can use all sorts of additional information to be more selective about which files are passed on to grep, if you can glean any such details. For example, if you can determine what user will own the file, or anything about its mode (permissions), or a lower or upper bound on the file size. Also, if you can limit the search to less than the whole filesystem then of course that will improve the elapsed time, too.
• For a large filesystem, it will take a fairly long time, no matter what you do, just to traverse all the files, even without reading any of their contents.

CodePudding user response：

Try using:

find / -mtime 0 -exec grep "some string" "{}" \\;