So how do you find an alert or warning words in a log file over text based session? Simply use old good grep command. Usually I recommend searching following words
=> fail
=> denied
=> segfault
=> segmentation
=> rejected
=> oops
=> warn
Find an alert or warning words from log files
You need to use grep command:
grep {search-word} /path/to/log/file
Find out all segfault error from /var/log/messages file, enter the following command as privileged user:
# grep -i segfault /var/log/messages
Output:
Sep 23 12:20:09 node10 kernel: mutt[8896]: segfault at 0000000000000010 rip 0000000000439d5e rsp 00007fff36a30040 error 6 Sep 24 12:20:10 node10 kernel: mutt[20107]: segfault at 0000000000000010 rip 0000000000439d5e rsp 00007fffd99dbac0 error 6 Sep 25 12:20:09 node10 kernel: mutt[19734]: segfault at 0000000000000010 rip 0000000000439d5e rsp 00007fff5d807290 error 6
Look like node10’s mutt command generated segfault error while sending daily reports attachment via email.
GUI Tools
System Log Viewer is a graphical, menu-driven viewer that you can use to view and monitor your system logs. System Log Viewer comes with a few functions that can help you manage your logs, including a calendar, log monitor and log statistics display.
Redhat / CentOS tool
Redhat (RHEL) Linux offers gui tool called Log Viewer. Type the redhat-logviewer command at a shell prompt or use GUI menus to start the same. You can set filter words (alter words) by clicking on Edit > Preferences menu > Alter tab > Add button
Debian / Ubuntu tool
Debian / Ubuntu Linux also offers GUI tool to view and search log files by setting filters. Click on Applications menu > Choose System Tools > Admin > System Log.
- RSS feed or Weekly email newsletter
- Share to Twitter • Facebook • 4 comments... add one ↓
40 Linux Server Hardening Security Tips [2019 edition]- 30 Linux System Monitoring Tools Every SysAdmin Should Know
Linux 25 PHP Security Best Practices For Sys Admins
Top 25 Nginx Web Server Best Security Practices
30 Best Sources For Linux / *BSD / Unix Documentation On the Web
How To Create sar Graphs With kSar To Identifying Linux Bottlenecks
Linux Building Rules For The Cluster With Firewall Builder
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
It would be quicker and easier if you were to do something like this.
egrep '(fail|denied|segfault|segmentation|reject|oops|warn)' /var/log/messages
I find when I’m looking for problems it is easier to look for that. However I enjoy reading your tips.
Hi, thanks for sharing the “grep” command string.
I did do a: grep -i access.log
where I placed the ip address in the “”, however, it takes some time to show some results, especially if the access.log file, for instance in this case, is very very large (gigabytes in size), and also, I know for a fact that the ip address I’m searching is towards the end of the access.log file, so I have to wait for the search to finish from the beginning up until the end.
Does anyone have a command to make it search from a certain section of the access.log file, OR, search from going backwards?
Thanks,
RLTF
Correction, I did a “grep -i access.log”
Hmm.. it’s not showing the “open carrot ipaddress closed carrot” <- this is why I spelled it…
It's suppose to be "grep -i ipaddress access.log"