Search Linux / UNIX log files smartly for an alert or warning error

So how do you find an alert or warning words in a log file over text based session? Simply use old good grep command. Usually I recommend searching following words
=> fail
=> denied
=> segfault
=> segmentation
=> rejected
=> oops
=> warn

Find an alert or warning words from log files

You need to use grep command:
grep {search-word} /path/to/log/file

Find out all segfault error from /var/log/messages file, enter the following command as privileged user:
# grep -i segfault /var/log/messages

Sep 23 12:20:09 node10 kernel: mutt[8896]: segfault at 0000000000000010 rip 0000000000439d5e rsp 00007fff36a30040 error 6
Sep 24 12:20:10 node10 kernel: mutt[20107]: segfault at 0000000000000010 rip 0000000000439d5e rsp 00007fffd99dbac0 error 6
Sep 25 12:20:09 node10 kernel: mutt[19734]: segfault at 0000000000000010 rip 0000000000439d5e rsp 00007fff5d807290 error 6

Look like node10’s mutt command generated segfault error while sending daily reports attachment via email.

GUI Tools

System Log Viewer is a graphical, menu-driven viewer that you can use to view and monitor your system logs. System Log Viewer comes with a few functions that can help you manage your logs, including a calendar, log monitor and log statistics display.

Redhat / CentOS tool

Redhat (RHEL) Linux offers gui tool called Log Viewer. Type the redhat-logviewer command at a shell prompt or use GUI menus to start the same. You can set filter words (alter words) by clicking on Edit > Preferences menu > Alter tab > Add button

Debian / Ubuntu tool

Debian / Ubuntu Linux also offers GUI tool to view and search log files by setting filters. Click on Applications menu > Choose System Tools > Admin > System Log.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 4 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
4 comments… add one
  • Eaglehawk Sep 26, 2007 @ 14:39

    It would be quicker and easier if you were to do something like this.

    egrep '(fail|denied|segfault|segmentation|reject|oops|warn)' /var/log/messages

    I find when I’m looking for problems it is easier to look for that. However I enjoy reading your tips.

  • RLTF Apr 27, 2012 @ 5:46

    Hi, thanks for sharing the “grep” command string.

    I did do a: grep -i access.log

    where I placed the ip address in the “”, however, it takes some time to show some results, especially if the access.log file, for instance in this case, is very very large (gigabytes in size), and also, I know for a fact that the ip address I’m searching is towards the end of the access.log file, so I have to wait for the search to finish from the beginning up until the end.

    Does anyone have a command to make it search from a certain section of the access.log file, OR, search from going backwards?



  • RLTF Apr 27, 2012 @ 5:47

    Correction, I did a “grep -i access.log”

  • RLTF Apr 27, 2012 @ 5:48

    Hmm.. it’s not showing the “open carrot ipaddress closed carrot” <- this is why I spelled it…

    It's suppose to be "grep -i ipaddress access.log"

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum