Search Linux / UNIX log files smartly for an alert or warning error

last updated in Categories CentOS, Debian Linux, Gentoo Linux, Howto, RedHat/Fedora Linux, Suse Linux, Sys admin, Troubleshooting, UNIX

So how do you find an alert or warning words in a log file over text based session? Simply use old good grep command. Usually I recommend searching following words
=> fail
=> denied
=> segfault
=> segmentation
=> rejected
=> oops
=> warn

Find an alert or warning words from log files

You need to use grep command:
grep {search-word} /path/to/log/file

Find out all segfault error from /var/log/messages file, enter the following command as privileged user:
# grep -i segfault /var/log/messages

Sep 23 12:20:09 node10 kernel: mutt[8896]: segfault at 0000000000000010 rip 0000000000439d5e rsp 00007fff36a30040 error 6
Sep 24 12:20:10 node10 kernel: mutt[20107]: segfault at 0000000000000010 rip 0000000000439d5e rsp 00007fffd99dbac0 error 6
Sep 25 12:20:09 node10 kernel: mutt[19734]: segfault at 0000000000000010 rip 0000000000439d5e rsp 00007fff5d807290 error 6

Look like node10’s mutt command generated segfault error while sending daily reports attachment via email.

GUI Tools

System Log Viewer is a graphical, menu-driven viewer that you can use to view and monitor your system logs. System Log Viewer comes with a few functions that can help you manage your logs, including a calendar, log monitor and log statistics display.

Redhat / CentOS tool

Redhat (RHEL) Linux offers gui tool called Log Viewer. Type the redhat-logviewer command at a shell prompt or use GUI menus to start the same. You can set filter words (alter words) by clicking on Edit > Preferences menu > Alter tab > Add button

Debian / Ubuntu tool

Debian / Ubuntu Linux also offers GUI tool to view and search log files by setting filters. Click on Applications menu > Choose System Tools > Admin > System Log.
Debian / Ubuntu Linux also offers GUI tool to view and search log files by setting filters

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

4 comment

  1. It would be quicker and easier if you were to do something like this.

    egrep '(fail|denied|segfault|segmentation|reject|oops|warn)' /var/log/messages

    I find when I’m looking for problems it is easier to look for that. However I enjoy reading your tips.

  2. Hi, thanks for sharing the “grep” command string.

    I did do a: grep -i access.log

    where I placed the ip address in the “”, however, it takes some time to show some results, especially if the access.log file, for instance in this case, is very very large (gigabytes in size), and also, I know for a fact that the ip address I’m searching is towards the end of the access.log file, so I have to wait for the search to finish from the beginning up until the end.

    Does anyone have a command to make it search from a certain section of the access.log file, OR, search from going backwards?



  3. Hmm.. it’s not showing the “open carrot ipaddress closed carrot” <- this is why I spelled it…

    It's suppose to be "grep -i ipaddress access.log"

    Have a question? Post it on our forum!