Today, I had analyzed the Apache log files to view IP of the visitors to my website. I used more & less command for this. After some time I got tired due to the size of log file.
It’s not a easy task to read entire log when you want a specific information. I left my work in between and I was thinking. Is there any other ways to read the log files efficiently?
Initially I got few ideas to do that then I did the deep analyze and found so many ways to do that.
I had decided to write about this an article so that others can get to know. What are the ways to do?
Suggested Read : lnav – An Advanced Console Based Log File Viewer for Linux
1) How to read log file between two Dates
Run the following commands to read the log file when you have the requirement to read the files between two dates to identify the issue. We can do this using sed
or awk
command.
The following format 01/Feb/2018:07:00:00
doesn’t work with sed & awk command. So, we need to add the \
in front of the /
to escap that.
It should be 01\/Feb\/2018:07:00:00
.
Details:
\
- : Escapes the next character to remove its special meaning
This can be done using the following sed & awk commands combination. For example, If you want to read the logs for two days (from 12th Feb, 2018 to 13th Feb, 2018) and you have to pass three days (from 12th Feb, 2018 to 14th Feb, 2018). Make sure you have to change dates and log file as per your requirement.
# sed -n '/12\/Feb\/2018/,/14\/Feb\/2018/p' /var/log/apache2/2g_access.log or # awk '/12\/Feb\/2018/,/14\/Feb\/2018/' /var/log/apache2/2g_access.log 203.99.204.141 - - [12/Feb/2018:07:53:24 -0700] "GET / HTTP/1.1" 301 2196 "-" "-" 203.99.204.141 - - [12/Feb/2018:08:06:19 -0700] "GET / HTTP/1.1" 301 2355 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" 203.99.204.141 - - [12/Feb/2018:08:06:19 -0700] "GET / HTTP/1.1" 200 6786 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" . . - 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:10:18:31 -0700] "GET /favicon.ico HTTP/1.1" 200 - - 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:10:18:50 -0700] "-" 408 - - 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:11:00:42 -0700] "GET / HTTP/1.1" 301 - - 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:11:44:28 -0700] "GET / HTTP/1.1" 301 - - 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:16:03:32 -0700] "GET / HTTP/1.1" 400 308 - 203.99.204.141 www.2daygeek.com - - [14/Feb/2018:02:20:58 -0700] "GET / HTTP/1.1" 301 -
The above output display one line with third day values. If you want to remove that, use the following sed command.
# sed -n '/12\/Feb\/2018/,/14\/Feb\/2018/{/14\/Feb\/2018/d; p}' /var/log/apache2/2g_access.log 203.99.204.141 - - [12/Feb/2018:07:53:24 -0700] "GET / HTTP/1.1" 301 2196 "-" "-" 203.99.204.141 - - [12/Feb/2018:08:06:19 -0700] "GET / HTTP/1.1" 301 2355 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" 203.99.204.141 - - [12/Feb/2018:08:06:19 -0700] "GET / HTTP/1.1" 200 6786 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" . . - 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:10:18:31 -0700] "GET /favicon.ico HTTP/1.1" 200 - - 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:10:18:50 -0700] "-" 408 - - 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:11:00:42 -0700] "GET / HTTP/1.1" 301 - - 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:11:44:28 -0700] "GET / HTTP/1.1" 301 - - 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:16:03:32 -0700] "GET / HTTP/1.1" 400 308
Apart from Apache logs, most of the logs are logged on Linux in the following format. Hence, adding an example for the same.
# sed -n '/Feb 4/,/Feb 6/p' /var/log/secure or # awk '/Feb 4/,/Feb 6/' /var/log/secure Feb 4 04:47:10 centos.2daygeek sshd[17502]: pam_unix(sshd:session): session closed for user magesh Feb 4 04:49:45 centos.2daygeek sshd[19246]: Accepted password for magesh from 192.168.1.108 port 48336 ssh2 Feb 4 04:49:45 centos.2daygeek sshd[19246]: pam_unix(sshd:session): session opened for user magesh by (uid=0) Feb 4 04:59:13 centos.2daygeek sshd[27670]: Accepted password for daygeek from 192.168.47.220 port 59739 ssh2 Feb 4 04:59:13 centos.2daygeek sshd[27670]: pam_unix(sshd:session): session opened for user daygeek by (uid=0) Feb 4 04:59:13 centos.2daygeek sshd[27684]: subsystem request for sudha . . Feb 5 23:00:52 centos.2daygeek sshd[2949]: pam_unix(sshd:session): session closed for user magesh Feb 5 23:01:39 centos.2daygeek sshd[25377]: pam_unix(sshd:session): session closed for user magesh Feb 5 23:04:44 centos.2daygeek sshd[7227]: Accepted password for magesh from 192.168.1.108 port 56142 ssh2 Feb 5 23:04:44 centos.2daygeek sshd[7227]: pam_unix(sshd:session): session opened for user magesh by (uid=0) Feb 5 23:38:58 centos.2daygeek sshd[5486]: pam_unix(sshd:auth): check pass; user unknown Feb 5 23:38:58 centos.2daygeek sshd[5486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.com Feb 5 23:38:58 centos.2daygeek sshd[5486]: pam_succeed_if(sshd:auth): error retrieving information about user thanu Feb 6 00:13:52 centos.2daygeek sshd[5413]: Accepted password for sudha from 192.168.1.108 port 49273 ssh2
2) How to read log file between two timestamps with different Dates
Run the following commands to read the log file when you have the requirement to read the files between two timestamps with in a day or different day. Make sure you have to include date as well otherwise you can’t get the proper output.
This can be done using the following sed or awk command combination.
In this example, we are going to read Apache access log file from 12th Feb, 2018:14:51:17 to 13th Feb, 2018:10:18:30.
# sed -n '/12\/Feb\/2018:14:51:17/,/13\/Feb\/2018:10:18:30/p' /var/log/apache2/2g_access.log or # awk '/12\/Feb\/2018:14:51:17/,/13\/Feb\/2018:10:18:30/' /var/log/apache2/2g_access.log - 203.99.204.141 www.2daygeek.com - - [12/Feb/2018:14:51:17 -0700] "GET /testing/ HTTP/1.1" 200 4069 - 203.99.204.141 www.2daygeek.com - - [12/Feb/2018:14:51:17 -0700] "GET /site/re/assets/icons/sound.gif HTTP/1.1" 404 10256 - 203.99.204.141 www.2daygeek.com - - [12/Feb/2018:14:51:18 -0700] "GET /favicon.ico HTTP/1.1" 200 - - 203.99.204.141 www.2daygeek.com - - [12/Feb/2018:14:52:02 -0700] "-" 408 - - 203.99.204.141 www.2daygeek.com - - [12/Feb/2018:18:57:56 -0700] "GET / HTTP/1.1" 200 4086 - 203.99.204.141 www.2daygeek.com - - [12/Feb/2018:19:18:51 -0700] "GET / HTTP/1.1" 301 - - 203.99.204.141 www.2daygeek.com - - [12/Feb/2018:19:18:52 -0700] "GET / HTTP/1.1" 200 12661 - 203.99.204.141 www.2daygeek.com - - [12/Feb/2018:23:10:03 -0700] "GET / HTTP/1.1" 200 12715 - 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:03:48:42 -0700] "GET /robots.txt HTTP/1.1" 200 26 - 10.30.0.50 www.2daygeek.com - - [13/Feb/2018:03:48:42 -0700] "POST /wp-cron.php?doing_wp_cron=1511222.80882692223313281250 HTTP/1.1" 200 - - 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:04:40:05 -0700] "GET / HTTP/1.1" 400 308 - 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:05:50:14 -0700] "GET / HTTP/1.1" 301 - - 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:08:51:23 -0700] "GET /customer/ HTTP/1.1" 200 5358 - 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:10:18:29 -0700] "GET /policy-holder/lite-review/ HTTP/1.1" 200 4684 - 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:10:18:30 -0700] "GET /wp-content/themes/sela/fonts/genericons.css?ver=3.4.1 HTTP/1.1" 200 129
3) How to read log file between two timestamps in a day
Run the following commands to read the log file when you have the requirement to read the files between two timestamps with in a day. Make sure you have to include date as well otherwise you can’t get the proper output.
This can be done using the following sed or awk command combination.
In this example, we are going to read secure log file from 4th Feb, 2018 22:11:32 to 4th Feb, 2018 23:04:45.
# sed -n '/Feb 4 22:11:32/,/Feb 4 23:04:45/p' /var/log/secure or # awk '/Feb 4 22:11:32/,/Feb 4 23:04:45/' /var/log/secure Feb 4 22:11:32 centos.2daygeek sshd[28006]: pam_unix(sshd:session): session closed for user sudha Feb 4 22:47:19 centos.2daygeek sshd[11080]: pam_unix(sshd:session): session closed for user magesh Feb 4 22:49:45 centos.2daygeek sshd[1229]: Accepted password for magesh from 192.168.1.108 port 49058 ssh2 Feb 4 22:49:45 centos.2daygeek sshd[1229]: pam_unix(sshd:session): session opened for user magesh by (uid=0) Feb 4 23:02:02 centos.2daygeek sshd[13323]: Accepted password for magesh from 192.168.1.108 port 51876 ssh2 Feb 4 23:02:02 centos.2daygeek sshd[13323]: pam_unix(sshd:session): session opened for user magesh by (uid=0) Feb 4 23:02:49 centos.2daygeek sshd[1229]: pam_unix(sshd:session): session closed for user magesh Feb 4 23:03:08 centos.2daygeek sshd[13323]: pam_unix(sshd:session): session closed for user magesh Feb 4 23:04:45 centos.2daygeek sshd[16545]: Accepted password for magesh from 192.168.1.108 port 52486 ssh2
4) How to read “N’ number of lines after specific Pattern
The below command will print 15 lines after this pattern Feb 4 22:11:32
.
# grep -A 15 "Feb 4 22:11:32" /var/log/secure
Feb 4 22:11:32 centos.2daygeek sshd[28006]: pam_unix(sshd:session): session closed for user sudha
Feb 4 22:47:19 centos.2daygeek sshd[11080]: pam_unix(sshd:session): session closed for user magesh
Feb 4 22:49:45 centos.2daygeek sshd[1229]: Accepted password for magesh from 192.168.1.108 port 49058 ssh2
Feb 4 22:49:45 centos.2daygeek sshd[1229]: pam_unix(sshd:session): session opened for user magesh by (uid=0)
Feb 4 23:02:02 centos.2daygeek sshd[13323]: Accepted password for magesh from 192.168.1.108 port 51876 ssh2
Feb 4 23:02:02 centos.2daygeek sshd[13323]: pam_unix(sshd:session): session opened for user magesh by (uid=0)
Feb 4 23:02:49 centos.2daygeek sshd[1229]: pam_unix(sshd:session): session closed for user magesh
Feb 4 23:03:08 centos.2daygeek sshd[13323]: pam_unix(sshd:session): session closed for user magesh
Feb 4 23:04:45 centos.2daygeek sshd[16545]: Accepted password for magesh from 192.168.1.108 port 52486 ssh2
Feb 4 23:04:45 centos.2daygeek sshd[16545]: pam_unix(sshd:session): session opened for user magesh by (uid=0)
Feb 5 02:18:37 centos.2daygeek sshd[6223]: Accepted password for daygeek from 192.168.1.108 port 51529 ssh2
Feb 5 02:18:37 centos.2daygeek sshd[6223]: pam_unix(sshd:session): session opened for user daygeek by (uid=0)
Feb 5 02:18:37 centos.2daygeek sshd[6241]: subsystem request for ftp
Feb 5 02:18:49 centos.2daygeek sshd[6392]: Accepted password for daygeek from 192.168.1.108 port 51531 ssh2
Feb 5 02:18:49 centos.2daygeek sshd[6392]: pam_unix(sshd:session): session opened for user daygeek by (uid=0)
Feb 5 02:43:37 centos.2daygeek sshd[30554]: Accepted password for daygeek from 192.168.1.108 port 51714 ssh2
5) How to read “N’ number of lines before specific Pattern
The below command will print 15 lines before this pattern Feb 4 22:11:32
.
# grep -B 15 "Feb 4 22:11:32" /var/log/secure
Feb 4 11:04:45 centos.2daygeek sshd[3951]: Accepted password for magesh from 192.168.1.108 port 42864 ssh2
Feb 4 11:04:45 centos.2daygeek sshd[3951]: pam_unix(sshd:session): session opened for user magesh by (uid=0)
Feb 4 13:10:05 centos.2daygeek sshd[28006]: Accepted password for sudha from 192.168.1.108 port 46141 ssh2
Feb 4 13:10:05 centos.2daygeek sshd[28006]: pam_unix(sshd:session): session opened for user sudha by (uid=0)
Feb 4 13:10:05 centos.2daygeek sshd[28008]: subsystem request for ftp
Feb 4 13:11:16 centos.2daygeek sshd[29043]: Accepted password for sudha from 192.168.1.108 port 46162 ssh2
Feb 4 13:11:16 centos.2daygeek sshd[29043]: pam_unix(sshd:session): session opened for user sudha by (uid=0)
Feb 4 13:11:16 centos.2daygeek sshd[29045]: subsystem request for ftp
Feb 4 13:13:04 centos.2daygeek sshd[29043]: pam_unix(sshd:session): session closed for user sudha
Feb 4 16:46:59 centos.2daygeek sshd[3951]: pam_unix(sshd:session): session closed for user magesh
Feb 4 16:49:45 centos.2daygeek sshd[11080]: Accepted password for magesh from 192.168.1.108 port 59280 ssh2
Feb 4 16:49:45 centos.2daygeek sshd[11080]: pam_unix(sshd:session): session opened for user magesh by (uid=0)
Feb 4 21:49:04 centos.2daygeek sshd[5967]: pam_unix(sshd:session): session closed for user vinoth
Feb 4 22:11:32 centos.2daygeek sshd[28006]: pam_unix(sshd:session): session closed for user sudha
6) How to read “N” minutes interval of logs
The below command will print 5 minutes logs which starts from 09:01:00 to 09:05:59.
# grep "Feb 5 09:0[1-5]" /var/log/secure Feb 5 09:03:28 centos.2daygeek sshd[14950]: Accepted password for sudha from 192.168.1.108 port 37102 ssh2 Feb 5 09:03:28 centos.2daygeek sshd[14950]: pam_unix(sshd:session): session opened for user sudha by (uid=0) Feb 5 09:03:28 centos.2daygeek sshd[14954]: subsystem request for ftp Feb 5 09:04:32 centos.2daygeek sshd[14950]: pam_unix(sshd:session): session closed for user sudha Feb 5 09:05:54 centos.2daygeek sshd[17960]: Accepted password for sudha from 192.168.1.108 port 37147 ssh2 Feb 5 09:05:54 centos.2daygeek sshd[17960]: pam_unix(sshd:session): session opened for user sudha by (uid=0) Feb 5 09:05:54 centos.2daygeek sshd[17973]: subsystem request for ftp
7) How to read “N” number of days logs
The below command will print 3 days logs. Starting from Feb 13th, 2018 to Feb 15th, 2018.
# grep "1[3-5]/Feb/2018" /var/log/apache2/tmhguide_access.log - 192.168.1.103 www.2daygeek.com - - [13/Feb/2018:03:48:42 -0700] "GET /robots.txt HTTP/1.1" 200 26 - 192.168.1.103 www.2daygeek.com - - [13/Feb/2018:03:48:42 -0700] "POST /wp-cron.php?doing_wp_cron=15183338922.808826923145613281250 HTTP/1.1" 200 - - 192.168.1.103 www.2daygeek.com - - [13/Feb/2018:04:40:05 -0700] "GET / HTTP/1.1" 400 308 - 192.168.1.103 www.2daygeek.com - - [13/Feb/2018:05:50:14 -0700] "GET / HTTP/1.1" 301 - - 192.168.1.103 www.2daygeek.com - - [13/Feb/2018:08:51:23 -0700] "GET /consumers/ HTTP/1.1" 200 5358 . . - 192.168.1.103 www.2daygeek.com - - [14/Feb/2018:02:20:58 -0700] "GET / HTTP/1.1" 301 - - 192.168.1.103 www.2daygeek.com - - [14/Feb/2018:02:20:58 -0700] "POST /wp-cron.php?doing_wp_cron=1518220058.840497016234582812500 HTTP/1.1" 200 - - 192.168.1.103 www.2daygeek.com - - [14/Feb/2018:02:40:22 -0700] "GET / HTTP/1.1" 301 - - 192.168.1.103 www.2daygeek.com - - [14/Feb/2018:03:59:52 -0700] "GET /robots.txt HTTP/1.1" 200 26 - 192.168.1.103 www.2daygeek.com - - [14/Feb/2018:06:48:32 -0700] "GET /robots.txt HTTP/1.1" 200 26 - 192.168.1.103 www.2daygeek.com - - [14/Feb/2018:07:16:08 -0700] "GET / HTTP/1.1" 301 - - 192.168.1.103 www.2daygeek.com - - [14/Feb/2018:09:27:35 -0700] "GET / HTTP/1.1" 200 4084 . . - 192.168.1.103 www.2daygeek.com - - [15/Feb/2018:00:41:28 -0700] "GET / HTTP/1.1" 301 - - 192.168.1.103 www.2daygeek.com - - [15/Feb/2018:00:41:28 -0700] "POST /wp-cron.php?doing_wp_cron=1518120488.77902388534121287109375 HTTP/1.1" 200 - - 192.168.1.103 www.2daygeek.com - - [15/Feb/2018:00:41:30 -0700] "GET / HTTP/1.1" 200 4084 - 192.168.1.103 www.2daygeek.com - - [15/Feb/2018:00:47:06 -0700] "HEAD / HTTP/1.1" 200 - - 192.168.1.103 www.2daygeek.com - - [15/Feb/2018:05:09:37 -0700] "GET / HTTP/1.1" 301 - - 192.168.1.103 www.2daygeek.com - - [15/Feb/2018:06:38:12 -0700] "GET / HTTP/1.1" 200 12715 - 192.168.1.103 www.2daygeek.com - - [15/Feb/2018:06:56:53 -0700] "GET /wls-wsat/CoordinatorPortType HTTP/1.1" 404 10310 - 192.168.1.103 www.2daygeek.com - - [15/Feb/2018:08:07:49 -0700] "GET / HTTP/1.1" 301 - - 192.168.1.103 www.2daygeek.com - - [15/Feb/2018:09:56:00 -0700] "GET /robots.txt HTTP/1.1" 200 26
It’s for different format. The below command will print 3 days logs. Starting from Feb 3rd, 2018 to Feb 6th, 2018.
# grep "Feb [4-6]" /var/log/secure Feb 4 04:47:10 centos.2daygeek.com sshd[17502]: pam_unix(sshd:session): session closed for user magesh Feb 4 04:49:45 centos.2daygeek.com sshd[19246]: Accepted password for magesh from 192.168.1.105 port 48336 ssh2 Feb 4 04:49:45 centos.2daygeek.com sshd[19246]: pam_unix(sshd:session): session opened for user magesh by (uid=0) Feb 4 04:59:13 centos.2daygeek.com sshd[27670]: Accepted password for daygeek from 192.168.1.105 port 59739 ssh2 Feb 4 04:59:13 centos.2daygeek.com sshd[27670]: pam_unix(sshd:session): session opened for user daygeek by (uid=0) Feb 4 04:59:13 centos.2daygeek.com sshd[27684]: subsystem request for ftp Feb 4 04:59:26 centos.2daygeek.com sshd[27838]: Accepted password for daygeek from 192.168.1.105 port 59742 ssh2 . . Feb 5 02:18:37 centos.2daygeek.com sshd[6223]: Accepted password for daygeek from 192.168.1.105 port 51529 ssh2 Feb 5 02:18:37 centos.2daygeek.com sshd[6223]: pam_unix(sshd:session): session opened for user daygeek by (uid=0) Feb 5 02:18:37 centos.2daygeek.com sshd[6241]: subsystem request for ftp Feb 5 02:18:49 centos.2daygeek.com sshd[6392]: Accepted password for daygeek from 192.168.1.105 port 51531 ssh2 Feb 5 02:18:49 centos.2daygeek.com sshd[6392]: pam_unix(sshd:session): session opened for user daygeek by (uid=0) Feb 5 02:43:37 centos.2daygeek.com sshd[30554]: Accepted password for daygeek from 192.168.1.105 port 51714 ssh2 Feb 5 02:43:37 centos.2daygeek.com sshd[30554]: pam_unix(sshd:session): session opened for user daygeek by (uid=0) Feb 5 02:43:37 centos.2daygeek.com sshd[30580]: subsystem request for ftp Feb 5 03:41:55 centos.2daygeek.com sshd[25610]: Invalid user vinoth from 192.168.47.245 . . Feb 6 22:46:49 centos.2daygeek.com sshd[16959]: pam_unix(sshd:session): session closed for user magesh Feb 6 22:49:44 centos.2daygeek.com sshd[29878]: Accepted password for magesh from 192.168.1.105 port 53248 ssh2 Feb 6 22:49:44 centos.2daygeek.com sshd[29878]: pam_unix(sshd:session): session opened for user magesh by (uid=0) Feb 6 23:02:46 centos.2daygeek.com sshd[10220]: Accepted password for magesh from 192.168.1.105 port 56332 ssh2 Feb 6 23:02:46 centos.2daygeek.com sshd[10220]: pam_unix(sshd:session): session opened for user magesh by (uid=0) Feb 6 23:02:51 centos.2daygeek.com sshd[10220]: pam_unix(sshd:session): session closed for user magesh Feb 6 23:03:59 centos.2daygeek.com sshd[29878]: pam_unix(sshd:session): session closed for user magesh Feb 6 23:04:44 centos.2daygeek.com sshd[12684]: Accepted password for magesh from 192.168.1.105 port 56730 ssh2 Feb 6 23:04:44 centos.2daygeek.com sshd[12684]: pam_unix(sshd:session): session opened for user magesh by (uid=0)
8) Search the given string in multiple Files
This command will search the given string into multiple files.
We are going to search errors
string from /var/log/messages
& /var/log/dmesg
file. See the results below.
# grep "errors" /var/log/messages /var/log/dmesg /var/log/messages:Feb 14 11:26:42 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT /errors. /var/log/messages:Feb 14 11:26:55 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors. /var/log/messages:Feb 14 11:27:04 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors. /var/log/messages:Feb 14 11:27:13 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors. /var/log/messages:Feb 14 16:59:14 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors. /var/log/messages:Feb 14 16:59:14 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors. /var/log/messages:Feb 14 16:59:14 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors. /var/log/messages:Feb 14 16:59:14 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors. /var/log/dmesg:GPT: Use GNU Parted to correct GPT /errors. /var/log/dmesg:GPT: Use GNU Parted to correct GPT errors. /var/log/dmesg:GPT: Use GNU Parted to correct GPT errors. /var/log/dmesg:GPT: Use GNU Parted to correct GPT errors.
9) Search multiple strings in a file
Alternatively we can search multiple strings in a file.
We are going to search errors
& WARNING
& Warning
string from /var/log/messages
file. See the results below.
# grep 'errors\|WARNING\|Warning' /var/log/messages # grep -e errors -e WARNING -e Warning /var/log/messages Feb 4 23:11:55 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0() Feb 6 16:15:09 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0() Feb 6 16:33:00 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0() Feb 7 14:57:54 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0() Feb 7 15:57:47 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0() Feb 7 16:04:24 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0() Feb 7 16:08:44 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0() Feb 8 12:51:43 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0() Feb 8 13:05:36 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0() Feb 8 17:17:52 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors. Feb 8 17:17:52 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors. Feb 8 17:17:52 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors. Feb 8 17:17:52 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors. Feb 8 17:17:52 Arch.2daygeek.com kernel: WARNING! power/level is deprecated; use power/control instead Feb 8 17:17:52 Arch.2daygeek.com kernel: ACPI Warning: 0x0000000000000428-0x000000000000042f SystemIO conflicts with Region \GPE0 1 (20121018/utaddress-251) Feb 8 17:17:52 Arch.2daygeek.com kernel: ACPI Warning: 0x0000000000000428-0x000000000000042f SystemIO conflicts with Region \_SB_.WERR.GPWE 2 (20121018/utaddress-251) Feb 8 17:17:52 Arch.2daygeek.com kernel: ACPI Warning: 0x0000000000000428-0x000000000000042f SystemIO conflicts with Region \_SB_.IOH0.LPC0.GPE0 3 (20121018/utaddress-251) Feb 8 17:17:52 Arch.2daygeek.com kernel: ACPI Warning: 0x0000000000000500-0x000000000000052f SystemIO conflicts with Region \_GPE.GPII 1 (20121018/utaddress-251) Feb 10 14:02:30 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0()
10) Search multiple strings in multiple files
Also we can search multiple strings in multiple file.
We are going to search errors
& WARNING
& Warning
string from /var/log/messages
& /var/log/dmesg
file. See the results below.
# grep 'errors\|WARNING\|Warning' /var/log/messages /var/log/dmesg or # grep -e errors -e WARNING -e Warning /var/log/messages /var/log/dmesg /var/log/messages:Feb 4 23:11:55 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0() /var/log/messages:Feb 6 16:15:09 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0() /var/log/messages:Feb 6 16:33:00 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0() /var/log/messages:Feb 7 14:57:54 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0() /var/log/messages:Feb 7 15:57:47 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0() /var/log/messages:Feb 7 16:04:24 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0() /var/log/messages:Feb 7 16:08:44 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0() /var/log/messages:Feb 8 12:51:43 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0() /var/log/messages:Feb 8 13:05:36 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0() /var/log/messages:Feb 8 17:17:52 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors. /var/log/messages:Feb 8 17:17:52 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors. /var/log/messages:Feb 8 17:17:52 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors. /var/log/messages:Feb 8 17:17:52 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors. /var/log/messages:Feb 8 17:17:52 Arch.2daygeek.com kernel: WARNING! power/level is deprecated; use power/control instead /var/log/messages:Feb 8 17:17:52 Arch.2daygeek.com kernel: ACPI Warning: 0x0000000000000428-0x000000000000042f SystemIO conflicts with Region \GPE0 1 (20121018/utaddress-251) /var/log/messages:Feb 8 17:17:52 Arch.2daygeek.com kernel: ACPI Warning: 0x0000000000000428-0x000000000000042f SystemIO conflicts with Region \_SB_.WERR.GPWE 2 (20121018/utaddress-251) /var/log/messages:Feb 8 17:17:52 Arch.2daygeek.com kernel: ACPI Warning: 0x0000000000000428-0x000000000000042f SystemIO conflicts with Region \_SB_.IOH0.LPC0.GPE0 3 (20121018/utaddress-251) /var/log/messages:Feb 8 17:17:52 Arch.2daygeek.com kernel: ACPI Warning: 0x0000000000000500-0x000000000000052f SystemIO conflicts with Region \_GPE.GPII 1 (20121018/utaddress-251) /var/log/messages:Feb 10 14:02:30 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0() /var/log/dmesg:WARNING: at fs/sysfs/dir.c:536 sysfs_add_one+0xbb/0xe0() /var/log/dmesg:WARNING: at lib/kobject.c:196 kobject_add_internal+0x205/0x260() /var/log/dmesg:GPT: Use GNU Parted to correct GPT errors. /var/log/dmesg:GPT: Use GNU Parted to correct GPT errors. /var/log/dmesg:GPT: Use GNU Parted to correct GPT errors. /var/log/dmesg:GPT: Use GNU Parted to correct GPT errors. /var/log/dmesg:WARNING! power/level is deprecated; use power/control instead /var/log/dmesg:ACPI Warning: 0x0000000000000428-0x000000000000042f SystemIO conflicts with Region \GPE0 1 (20121018/utaddress-251) /var/log/dmesg:ACPI Warning: 0x0000000000000428-0x000000000000042f SystemIO conflicts with Region \_SB_.WERR.GPWE 2 (20121018/utaddress-251) /var/log/dmesg:ACPI Warning: 0x0000000000000428-0x000000000000042f SystemIO conflicts with Region \_SB_.IOH0.LPC0.GPE0 3 (20121018/utaddress-251) /var/log/dmesg:ACPI Warning: 0x0000000000000500-0x000000000000052f SystemIO conflicts with Region \_GPE.GPII 1 (20121018/utaddress-251)
11) Search the given string in the whole system
If you want to search given string in the whole system, use the following format. Make a note, this may take a while to complete based on your system size.
# find / -xdev -type f -print0 | xargs -0 grep -H "Magi-Thanu" 2> /dev/null /opt/magi.txt:Magi-Thanu # grep -r "Magi-Thanu" / 2> /dev/null /opt/magi.txt:Magi-Thanu
Reference :askubuntu