zcommands: Read gzip Compressed Text Files On a Fly

by on August 31, 2007 · 9 comments· LAST UPDATED January 7, 2014

in , ,

Linux and Unix like operating systems comes with z* commands. These commands allow you to read gzip compressed text files using zless, zcat, zmore and friends commands. The gzip command reduces the size of the files using Lempel-Ziv coding (LZ77). Whenever possible, each file is replaced by one with the extension .gz, while keeping the same ownership modes, access and modification times. z* commands has some cool usage too; such as display the current time in different zonename.

The old way...

Let us say you have a file called data.txt.gz. To display file you need to execute the following command:
gzip -d data.txt.gz
cat data.txt
less data.txt

The new way...

Just use the zless or zmore command to display the contents of a file called data.txt.gz:
zless data.txt.gz
zmore data.txt.gz

zcat command

Concatenate compressed files and print on the screen without using the cat command. The syntax is:
zcat file.gz

zdiff / zcmp command

Compare compressed files. The syntax is:
zdiff file1.gz file2.gz
zcmp file1.gz file2.gz

zegrep / zfgrep / zgrep command

Search (grep command or egrep command) compressed files for a regular expression:
zegrep -w '^word1|word2' file.gz
zgrep 'wordToSearch' file.gz

In this example, search Apache/Nginx/Lighttpd web-server access_log_1.gz for 1.2.3.4 IP address using grep command like syntax:

 
zgrep '1.2.3.4' access_log_1.gz
 

zless / zmore commands

zmore and zless is a filter which allows examination of compressed or plain text files one screenplay at a time on a screen. zmore works on files compressed with compress, pack or gzip, and also on uncompressed files. If a file does not exist, zmore looks for a file of the same name with the addition of a .gz, .z or .Z suffix.
zmore file.gz
zless file.gz

znew command

Znew recompresses files from .Z (compress) format to .gz (gzip) format. If you want to recompress a file already in gzip format, rename the file to force a .Z extension then apply znew.
znew file.Z

zdump command

zdump command prints the current time in each zonename named on the command line. Let us say your current time zone is IST (Indian standard time) and like to see time current time for Los Angeles (USA - PDT), enter:
date
Output:

Fri Aug 31 20:51:39 IST 2007

Now display Los Angeles current time :
zdump /usr/share/zoneinfo/America/Los_Angeles
Output:

/usr/share/zoneinfo/America/Los_Angeles  Fri Aug 31 08:20:31 2007 PDT

zipgrep command

Search files in a ZIP archive for lines matching a pattern:
zipgrep *.cpp basesys.zip

Open gzip text files using vim text editor

Just type the following command to open and edit the archived file called file-name-here.txt.gz:
$ vim file-name-here.txt.gz
If the above example, failed edit your local vim config file (see how to configure vim) to set vim for reading and writing compressed files:

  :augroup gzip
  :  autocmd!
  :  autocmd BufReadPre,FileReadPre	*.gz set bin
  :  autocmd BufReadPost,FileReadPost	*.gz '[,']!gunzip
  :  autocmd BufReadPost,FileReadPost	*.gz set nobin
  :  autocmd BufReadPost,FileReadPost	*.gz execute ":doautocmd BufReadPost " . expand("%:r")
  :  autocmd BufWritePost,FileWritePost	*.gz !mv  :r
  :  autocmd BufWritePost,FileWritePost	*.gz !gzip :r
  :  autocmd FileAppendPre		*.gz !gunzip 
  :  autocmd FileAppendPre		*.gz !mv :r 
  :  autocmd FileAppendPost		*.gz !mv  :r
  :  autocmd FileAppendPost		*.gz !gzip :r
  :augroup END

Practical examples of z* commands

Search log files:

 
zgrep 'something' /path/to/log/file.gz
zgrep 'email-id' /var/log/maillog-*.gz
zgrep 'kernel' /var/log/yum.log*.gz
 

Find failed login attempts:

 
zgrep --color 'Failed password for' /var/log/secure*
 

Sample outputs:

/var/log/secure-20131215.gz:Dec  8 04:10:06 txvip1 sshd[59988]: Failed password for root from 5.153.23.98 port 51448 ssh2
/var/log/secure-20131215.gz:Dec  8 04:10:06 txvip1 sshd[59988]: Failed password for root from 5.153.23.98 port 51448 ssh2
/var/log/secure-20131215.gz:Dec  8 04:10:08 txvip1 sshd[59990]: Failed password for root from 5.153.23.98 port 51449 ssh2
/var/log/secure-20131215.gz:Dec  8 04:10:08 txvip1 sshd[59990]: Failed password for root from 5.153.23.98 port 51449 ssh2

Search for pattern in all *.gz files using xargs command and zgrep command as follows:
find /path/to/dir/ -iname '*.gz' -print0 | xargs -0 -I {} zgrep "pattern" {}

See also
TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 9 comments… read them below or add one }

1 gregf August 31, 2007 at 8:28 pm

Another good thing to remember is vim can handle gzipped files so if your that anal over space you can still edit the file.

Reply

2 Binny V A September 1, 2007 at 5:35 am

For reading a BZipped file…
bzcat file.xml.bz2

Reply

3 raj September 1, 2007 at 9:19 am

hey thanks for zcommand, really useful :D

Reply

4 nixCraft September 1, 2007 at 9:50 am

gregf, oh yes I forgot about vim handling .gz file. Good reminder…

Binnay, another good reminder

raj, no problem :D

Appreciate all of your posts!

Reply

5 Jeff Schroeder September 5, 2007 at 5:37 am

Or just make sure you are using gnu less because it autodetects and autodecompresses gzip / bz2 files for you.

Reply

6 tarun January 28, 2009 at 10:36 am

it’s very useful to handle zip file, it’s special in grep format

Reply

7 Danny December 5, 2011 at 4:12 am

you can also use gunzip -c, this will send file to standard output.. example:

$ sudo gunzip -c /var/log/dmesg.*.gz | grep -i duplex
[ 12.194310] tg3 0000:02:00.0: eth0: Link is up at 100 Mbps, full duplex
[ 12.405853] tg3 0000:02:00.0: eth0: Link is up at 100 Mbps, full duplex
[ 12.223136] tg3 0000:02:00.0: eth0: Link is up at 100 Mbps, full duplex
[ 45.822750] tg3 0000:02:00.0: eth0: Link is up at 100 Mbps, full duplex

Reply

8 cherouvim April 2, 2013 at 10:07 am

Thanks. Saved the day! :)

Reply

9 BFB January 7, 2014 at 5:13 pm

Very useful. Thanks

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , , ,

Previous post:

Next post: