Search Linux / UNIX log files smartly for an alert or warning error

by on September 26, 2007 · 4 comments· LAST UPDATED September 26, 2007

in , ,

So how do you find an alert or warning words in a log file over text based session? Simply use old good grep command. Usually I recommend searching following words
=> fail
=> denied
=> segfault
=> segmentation
=> rejected
=> oops
=> warn

Find an alert or warning words from log files

You need to use grep command:
grep {search-word} /path/to/log/file

Find out all segfault error from /var/log/messages file, enter the following command as privileged user:
# grep -i segfault /var/log/messages
Output:

Sep 23 12:20:09 node10 kernel: mutt[8896]: segfault at 0000000000000010 rip 0000000000439d5e rsp 00007fff36a30040 error 6
Sep 24 12:20:10 node10 kernel: mutt[20107]: segfault at 0000000000000010 rip 0000000000439d5e rsp 00007fffd99dbac0 error 6
Sep 25 12:20:09 node10 kernel: mutt[19734]: segfault at 0000000000000010 rip 0000000000439d5e rsp 00007fff5d807290 error 6

Look like node10's mutt command generated segfault error while sending daily reports attachment via email.

GUI Tools

System Log Viewer is a graphical, menu-driven viewer that you can use to view and monitor your system logs. System Log Viewer comes with a few functions that can help you manage your logs, including a calendar, log monitor and log statistics display.

Redhat / CentOS tool

Redhat (RHEL) Linux offers gui tool called Log Viewer. Type the redhat-logviewer command at a shell prompt or use GUI menus to start the same. You can set filter words (alter words) by clicking on Edit > Preferences menu > Alter tab > Add button

Debian / Ubuntu tool

Debian / Ubuntu Linux also offers GUI tool to view and search log files by setting filters. Click on Applications menu > Choose System Tools > Admin > System Log.
Debian / Ubuntu Linux also offers GUI tool to view and search log files by setting filters

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 4 comments… read them below or add one }

1 Eaglehawk September 26, 2007 at 2:39 pm

It would be quicker and easier if you were to do something like this.

egrep '(fail|denied|segfault|segmentation|reject|oops|warn)' /var/log/messages

I find when I’m looking for problems it is easier to look for that. However I enjoy reading your tips.

Reply

2 RLTF April 27, 2012 at 5:46 am

Hi, thanks for sharing the “grep” command string.

I did do a: grep -i access.log

where I placed the ip address in the “”, however, it takes some time to show some results, especially if the access.log file, for instance in this case, is very very large (gigabytes in size), and also, I know for a fact that the ip address I’m searching is towards the end of the access.log file, so I have to wait for the search to finish from the beginning up until the end.

Does anyone have a command to make it search from a certain section of the access.log file, OR, search from going backwards?

Thanks,

RLTF

Reply

3 RLTF April 27, 2012 at 5:47 am

Correction, I did a “grep -i access.log”

Reply

4 RLTF April 27, 2012 at 5:48 am

Hmm.. it’s not showing the “open carrot ipaddress closed carrot” <- this is why I spelled it…

It's suppose to be "grep -i ipaddress access.log"

Reply

Leave a Comment

Tagged as: , , , , ,

Previous post:

Next post: