≡ Menu

log files

Search Linux / UNIX log files smartly for an alert or warning error

So how do you find an alert or warning words in a log file over text based session? Simply use old good grep command. Usually I recommend searching following words
=> fail
=> denied
=> segfault
=> segmentation
=> rejected
=> oops
=> warn

Find an alert or warning words from log files

You need to use grep command:
grep {search-word} /path/to/log/file

Find out all segfault error from /var/log/messages file, enter the following command as privileged user:
# grep -i segfault /var/log/messages

Sep 23 12:20:09 node10 kernel: mutt[8896]: segfault at 0000000000000010 rip 0000000000439d5e rsp 00007fff36a30040 error 6
Sep 24 12:20:10 node10 kernel: mutt[20107]: segfault at 0000000000000010 rip 0000000000439d5e rsp 00007fffd99dbac0 error 6
Sep 25 12:20:09 node10 kernel: mutt[19734]: segfault at 0000000000000010 rip 0000000000439d5e rsp 00007fff5d807290 error 6

Look like node10's mutt command generated segfault error while sending daily reports attachment via email.

GUI Tools

System Log Viewer is a graphical, menu-driven viewer that you can use to view and monitor your system logs. System Log Viewer comes with a few functions that can help you manage your logs, including a calendar, log monitor and log statistics display.

Redhat / CentOS tool

Redhat (RHEL) Linux offers gui tool called Log Viewer. Type the redhat-logviewer command at a shell prompt or use GUI menus to start the same. You can set filter words (alter words) by clicking on Edit > Preferences menu > Alter tab > Add button

Debian / Ubuntu tool

Debian / Ubuntu Linux also offers GUI tool to view and search log files by setting filters. Click on Applications menu > Choose System Tools > Admin > System Log.
Debian / Ubuntu Linux also offers GUI tool to view and search log files by setting filters

Lighttpd rotating log files with logrotate tool

Lighttpd logo

Last time I wrote about setting up virtual hosting for Lighttpd web server. Naturally next step is to setup log rotating with logrotate which rotates, compresses log files.

Our setup

Our sample setup has total 6 log files:
Default domain/IP log files:

nixcraft.com virtual domain log files:

theos.in virtual domain log files:

logrotate Configuration

All you need to do is open/create logrotate configuration file for lighttpd. Open file /etc/logrotate.d/lighttpd:
# vi /etc/logrotate.d/lighttpd

Append following text:
"/var/log/lighttpd/*.log" "/var/log/lighttpd/nixcraft.com/*.log " "/var/log/lighttpd/theos.in/*.log " {
rotate 7
/etc/init.d/lighttpd reload


  • "/var/log/lighttpd/*.log" "/var/log/lighttpd/nixcraft.com/*.log " "/var/log/lighttpd/theos.in/*.log ": Log files with wild card specification as per our setup.
  • missingok: If the log file is missing, go on to the next log file without issuing an error message.
  • copytruncate: Truncate the original log file to zero size in place after creating a copy, instead of moving the old log file and optionally creating a new one
  • rotate 7: Log files are rotated 7 times before being removed or mailed to the address specified in a mail directive. If count is 0, old versions are removed rather then rotated.
  • compress: Old versions of log files are compressed with gzip to save disk space.
  • notifempty: Do not rotate the log if it is empty
  • sharedscripts
    /etc/init.d/lighttpd reload
    The lines between postrotate and endscript (both of which must appear on lines by themselves) are executed after the log file is rotated. These directives may only appear inside a log file definition. In our case we are reloading lighttpd. Other opting could be send –HUP single using kill command.

Make sure crond runs automatically after system reboot

Now your logs will rotate with logrotate command which is called from cronjob (/etc/cron.daily/logrotate) everyday. So make sure crond is running all the time:
# /etc/init.d/crond start
# chkconfig --list crond
# chkconfig crond on

Alternatively, run text based GUI tool for same purpose (Redhat/CentOS/Fedora and friends):
# ntsysv

If you are using Debian Linux, type the following command to configure crond using text based GUI tools:
# rcconf

Alternatively you can use update-rc.d command (Debian / Ubuntu Linux) to start crond automatically after system reboot:
# update-rc.d crond defaults