View compressed .gz files without uncompressing using Z commands in Linux

Using zless and zmore to view file page by page

So far every command I’ve shown uses less or more to view contents page by page. Do we really need to use pipe command with more or less? No, we don’t. We can simply use zless or zmore to view a compressed file without using zcat.

You can paginate a compressed file with zless command or zmore command as shown below.

root@kali:/var/log# zless dmesg.1.gz 
(or)
root@kali:/var/log# zmore dmesg.1.gz

zmore and zless - blackMORE Ops

The best part of using zless or zmore? You can paginate uncompressed files in a similar manner.

root@kali:/var/log# zmore dmesg
(or)
root@kali:/var/log# zless dmesg

Fancy… very fancy.

Uzing zgrep and zegrep to search within compressed files

Using zgrep and zegrep you can search contents within a compressed file. Let’s say we want to search the word usb in our dmesg.1.gz file. We can use zgrep for that.

root@kali:/var/log# zgrep usb dmesg.1.gz | more
[    0.776576] usbcore: registered new interface driver usbfs
[    0.776584] usbcore: registered new interface driver hub
[    0.782425] usbcore: registered new device driver usb
[    0.996785] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002
[    0.996790] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    0.996793] usb usb1: Product: EHCI Host Controller
[    0.996797] usb usb1: Manufacturer: Linux 3.14-kali1-amd64 ehci_hcd
[    0.996800] usb usb1: SerialNumber: 0000:00:1a.0
[    1.012862] usb usb2: New USB device found, idVendor=1d6b, idProduct=0002
[    1.012867] usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1

But the word usb is not the same as USB in Linux. So we can even specify -i flag to ignore cases

root@kali:/var/log# zgrep -i usb dmesg.1.gz | more
[    0.776552] ACPI: bus type USB registered
[    0.776576] usbcore: registered new interface driver usbfs
[    0.776584] usbcore: registered new interface driver hub
[    0.782425] usbcore: registered new device driver usb
[    0.782698] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[    0.981702] ehci-pci 0000:00:1a.0: new USB bus registered, assigned bus number 1

Now what if you want to use a complex regular expression? In that case you possibly want to use zegrep (similar to egrep) to allow more flexibility, that means you can use regular expressions. In my example I will just use a sentence (zgrep will work too with a simple sentence)

zgrep and zegrep - blackMORE Ops

root@kali:/var/log# zegrep 'New USB device found' dmesg.1.gz | more
[    0.996785] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002
[    1.012862] usb usb2: New USB device found, idVendor=1d6b, idProduct=0002
[    1.441911] usb 1-1: New USB device found, idVendor=8087, idProduct=0020
[    1.686156] usb 2-1: New USB device found, idVendor=8087, idProduct=0020
[    2.067918] usb 2-1.5: New USB device found, idVendor=148f, idProduct=2870
root@kali:/var/log#

Using zdiff and zcmp to compare files

Using zdiff and zcmp you can can compare two compressed files without having to uncompress. It works exactly same as using diff command.

root@kali:/var/log# zdiff dmesg.1.gz dmesg.2.gz | more
165,166c165,166
< [    0.000000] tsc: Detected 2792.732 MHz processor
< [    0.000024] Calibrating delay loop (skipped), value calculated using timer 
frequency.. 5585.46 BogoMIPS (lpj=11170928)
---
> [    0.000000] tsc: Detected 2792.959 MHz processor
> [    0.000023] Calibrating delay loop (skipped), value calculated using timer 
frequency.. 5585.91 BogoMIPS (lpj=11171836)
169c169
< [    0.002649] ACPI: All ACPI Tables successfully acquired
---
> [    0.002648] ACPI: All ACPI Tables successfully acquired
171,175c171,175
< [    0.002771] AppArmor: AppArmor disabled by boot time parameter
< [    0.002772] Yama: disabled by default; enable with sysctl kernel.yama.*
< [    0.003175] Dentry cache hash table entries: 1048576 (order: 11, 8388608 by
tes)
< [    0.004583] Inode-cache hash table entries: 524288 (order: 10, 4194304 byte
s)
< [    0.005223] Mount-cache hash table entries: 16384 (order: 5, 131072 bytes)
---
> [    0.002770] AppArmor: AppArmor disabled by boot time parameter
> [    0.002771] Yama: disabled by default; enable with sysctl kernel.yama.*

Uzing zcmp, you can compare files – this is more compact than using zdiff

root@kali:/var/log# zcmp dmesg.1.gz dmesg.2.gz 
/dev/fd/5 - differ: byte 10694, line 165
root@kali:/var/log#

zdiff and zcmp - blackMORE Ops

Conclusion

Thanks for reading. Z commands are very useful and powerful as you can use them in scripts directly.

This article was inspired by Sathiya Moorthy’s post on the GeekStufff.

Please share and like us on Facebook/Twitter.

Check Also

mRemoteNG - blackMORE Ops

PuTTY alternatives

PuTTY is the most popular SSH client for Windows based systems. In fact it’s so …

Fixing VLC is not supposed to be run as root. Sorry error. - blackMORE Ops -8

How to run VLC player as root in Linux? Fixing “VLC is not supposed to be run as root. Sorry” error.

VLC is a free and open source cross-platform multimedia player and framework that plays most …

Leave your solution or comment to help others.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from blackMORE Ops

Subscribe now to keep reading and get access to the full archive.

Continue reading