Practical guide on using the LESS command in Linux

The less command tends to become one of the most useful Linux commands for various reasons. It's definitely one of mine - I use it at work for log scanning and debugging quite a bit. Knowing your tools is key, so let's dive into this neat tool further! 🐧

The less command is a program that allows you to view text files in a terminal without loading the entire file at once. It is similar to the more command, but with more features and flexibility. You can use the less command to view any text file, such as plain text, configuration files, log files, source code, etc.

You can follow along by opening a terminal and typing less filename, where filename is the name of the text file you want to view.

Example Applications

One of the common uses of the less command is to monitor server files, such as log files or system messages.

• For example, you can use the command less /var/log/syslog to view the system log file, which contains information about the system events and errors.
• You can also use the command less /var/log/nginx/access.log to view the web server access log file, which contains information about the requests and responses of the web server.

Another use of the less command is to view the output of other commands that produce a lot of text, such as ls, ps, grep, etc.

• For example, you can use the command ls -l | less to view the long listing of files in the current directory, or the command ps aux | less to view the information about all the processes running on the system.
• Or perhaps can also use the command grep -r 'pattern' . | less to view the results of searching for a pattern in all the files in the current directory and its subdirectories.

Basic navigation

The less command provides many keys or shortcuts to navigate and manipulate the text file. Here are some of the most useful ones:

• Space bar or Page Down: Move forward one screen.
• b or Page Up: Move backward one screen.
• j or Down arrow: Move forward one line.
• k or Up arrow: Move backward one line.
• G: Go to the end of the file.
• g: Go to the beginning of the file.
• q: Quit the less command.
• h: Display the help screen, which shows all the available keys or shortcuts.

For example, if you want to view the contents of the /etc/passwd file, you can type less /etc/passwd and use the space bar and B to scroll up and down. If you want to search for a specific user, you can type /username and press Enter. To find the next occurrence of the same user, you can type n or N.

Advanced options

The less command also has some advanced options that you can use to customize the way it displays the text. You can specify these options either as command-line arguments or as interactive commands within the less command. Here are some of the most useful ones:

• -N: Show line numbers
• -S: Chop long lines instead of wrapping them
• -i: Ignore case in searches
• -M: Show more information about the file and the position
• -X: Disable the clearing of the screen when quitting the less command
• -F: Quit the less command if the entire file can be displayed on one screen
• -R: Interpret ANSI escape sequences for colors and formatting
• =: Show the file name, line number, and byte offset of the current line

For example, if you want to view the /var/log/syslog file with line numbers and colors, you can type less -N -R /var/log/syslog and use the space bar and B to scroll up and down. If you want to see more information about the file and the position, you can type -M within the less command. If you want to see the file name, line number, and byte offset of the current line, you can type = within the less command.

Tailing

The less command can also be used to tail (follow) a file, which means to follow the changes or updates of the file in real time. This is useful for monitoring log files or other files that are constantly being written to. To do this, you can use the following keys or shortcuts:

• -f: Use this option when you invoke the less command, such as less -f /var/log/syslog. This will make the less command ignore the end-of-file marker and keep reading the file as it grows.
• F: Use this key when you are already in the less command, such as after viewing a file with less /var/log/syslog. This will make the less command enter the follow mode, where it will display the new data as it is appended to the file. To exit the follow mode, press Ctrl-C.

For example, if you want to tail the system log file, you can use the command less -f /var/log/syslog, or the command less /var/log/syslog followed by F. This will show you the latest events and errors in the system as they happen.

Searching

The less command also allows you to search for a string or a regular expression in the text file. To do this, you can use the following keys or shortcuts:

• /pattern: Enter the search mode, where you can type the string or the regular expression you want to search for, followed by Enter. This will search forward from the current position and highlight the first match.
• ?pattern: Enter the reverse search mode, where you can type the string or the regular expression you want to search for, followed by Enter. This will search backward from the current position and highlight the first match.
• n: Repeat the last search forward, and go to the next match.
• N: Repeat the last search backward, and go to the previous match.

For example, if you want to search for the word “error” in the system log file, you can use the command less /var/log/syslog, then type /error and press Enter. This will highlight the first occurrence of the word “error” in the file. You can then use n or N to go to the next or previous occurrence.

The less command supports regular expressions, which are patterns that can match more than one string. For example, if you want to search for any word that starts with “a” and ends with “e”, you can use the regular expression */a.e. The dot (.) matches any character, and the asterisk (*) matches zero or more occurrences of the previous character. You can learn more about regular expressions from online resources, such as this one.

Line wrapping

The less commands line-wraps every line by default to fit the screen. This can be changed by passing the -S option to less

To toggle line-wrapping while inside of less:

• Press - + S (that's - + Shift + s)

Retaining colors can sometimes be tricky

As previously mentioned, -R interprets ANSI escape sequences for colors and formatting. Let's explore this one a bit.

Let's use a practical example - you look for banned IP's in fail2ban's log:

sudo grep 124.222.121.4 /var/log/fail2ban.log

If your .bashrc has grep aliased with color=auto, you will get an output with the with the IP highlighted in red. Neat!

However, if you do the following:

sudo grep 124.222.121.4 /var/log/fail2ban.log | less

The colors are no longer there. So then we use the -R flag, which is supposed to fix it!

sudo grep 124.222.121.4 /var/log/fail2ban.log | less -R

Usually this would retain colours. This is what this command is for!
...Except it's till not colored. Why?

It turns out, grep's --color=auto will not display colours when it detects it's being piped! So to fix this, you'll need to add --color=always as grep's parameter to force colouring.

sudo grep 124.222.121.4 /var/log/fail2ban.log | less -R

Nice! But given the circumstances.. maybe let's stick less's built-in search...

Advanced searching with regex

The less command supports two types of regex: basic and extended. Basic regex are the default ones, and they use a simple syntax that is compatible with most Unix tools. Extended regex are more powerful and expressive, but they require a special flag (-E) to enable them. You can also use the -P flag to use Perl-compatible regex, which are even more advanced and flexible.

To use regex in the less command, you need to prefix your pattern with / (for forward search) or ? (for backward search).

Here are some common regex symbols and their meanings:

• . Matches any single character
• * Matches zero or more occurrences of the previous character
• + Matches one or more occurrences of the previous character
• ? Matches zero or one occurrence of the previous character
• [ ] Matches any one of the characters inside the brackets
• [^ ] Matches any one of the characters not inside the brackets
• \ Escapes the next character, making it literal
• ^ Matches the beginning of the line
• $ Matches the end of the line
• \< Matches the beginning of a word
• \> Matches the end of a word
• | Matches either the expression before or after the symbol
• ( ) Groups the expression inside the parentheses
• { } Specifies the number of occurrences of the previous character
• \\ Matches a backslash

Regex examples:

• If you want to search for any word that starts with a vowel, you can type /\<[aeiouAEIOU][a-zA-Z]*\> and press Enter. This will highlight all the words that match the pattern, such as “initialise”, “object”, and “Input”.
• If you want to search for any number that contains a decimal point, you can type /\d+\.\d+ and press Enter. This will highlight all the numbers that match the pattern, such as “100.0”, “0.5”, and “3.14159”.
• If you want to search for any email address, you can type /\w+@\w+\.\w+ and press Enter. This will highlight all the email addresses that match the pattern, such as “[email protected]”, “[email protected]”, and “[email protected]”.

You can use n or N to repeat the search in the same or opposite direction.

You can also combine regex symbols to create more complex patterns:

• If you want to search for any line that contains either “POST” or “GET”, you can type /POST|GET and press Enter. This will highlight all the lines that match the pattern, such as “POST: /user/12/” and “GET: /user/12/profile”.
• If you want to search for any line that contains a date in the format YYYYMMDD, you can type /\d{4}\d{2}\d{2} and press Enter. This will highlight all the lines that match the pattern, such as “initialiseProperties (): currentDate: 20160812” and “cached object found: lastUpdated: 20160811”.

Other tips & tricks

The less command has many more features and options that you can explore and use. For example, you can use the -i option to ignore case when searching. You can also use the = key to show the file name, line number, and byte offset of the current position, or the v key to edit the current file with the default editor ($EDITOR). You can find out more about the less command by reading the manual page with the command man less or pressing H in less.

Conclusion

That's it! I never thought that less of all things would be one of my most used commands, but it's actually pretty neat when you dive into the details!

I hope you learned something new!