OS X – How to Search For a Substring Inside of GZIP and BZ2 Files

This tip is really a generic *Nix command so it should not only work in OS X but also in other flavors of UNIX such as Linux.

In OS X a lot of the log files are auto-archived into compressed GZIP files in Tiger (Mac OS X 10.4) and BZ2 files in Leopard (Mac OS X 10.5). If you need to search for an occurrence of a word or other string of text in a compressed GZIP file, you can use the following terminal command:

zgrep someString theLogFileName.log.gz

As an example, say you want to search for the word “error” in a compressed system log in Tiger. To do this you would launch the Terminal application and run the command:

zgrep error /var/log/system.log.0.gz

Alternatively you can search all compressed system log files in a single command by using an asterisk (*) as a “wild card” character:

zgrep error /var/log/system.log*

Leopard uses the BZ2 compression scheme for most of its log files and you can similarly search those files by using the bzgrep command. For example, say you wanted to search all the application firewall logs for instances of the word “connection”. To do this you would run the following command in the Terminal application:

bzgrep connection /var/log/appfirewall.log*

If you need to search for a string that consists of more than one word separated by spaces, you would need to surround the search string in quotation marks:

bzgrep "connection attempt" /var/log/appfirewall.log*

Sherlock