Filter STDERR output in Bash

Question

We have a post-hook script run by LetsEncrypt certificate renewal (using certbot) that checks the Nginx config (nginx -t) before doing a reload. The config check always writes its results to STDERR, even if the config check is successful. Since certbot colors output on STDERR in red, that may needlessly give users a jolt.

The simple solution would be to redirect STDERR of the config check to /dev/null, but since that would suppress all error messages (even those indicating a problem) I'd like to avoid it. A somewhat more appropriate approach would be filtering the success messages:

nginx -t 2>&1 | grep -Ev '(syntax is ok|test is successful)$' >&2

Since the only "success" output I expect from the command is the two lines indicating that the syntax is OK and the config test was successful I could live with this.

An alternative would be to write STDERR to a temp file and then process this file:

nginx -t 2> nginx_tmp.err
grep -Ev '(syntax is ok|test is successful)$' < nginx_tmp.err >&2
rm -f nginx_tmp.err

But the additional file handling feels kinda unelegant, so I was wondering if there was a cleaner way to filter just STDERR without touching STDOUT and without using temp files.

Answer 1

Adjust the second approach by using a bash feature called process substitution that allows you to feed a file descriptor into another process instead of a file.

nginx -t 2> >(grep -Ev '(syntax is ok|test is successful)$' >&2)