Filter any system log file by date or date range The 2019 Stack Overflow Developer Survey Results Are InDisplaying a “scrolling” log fileWhy is the system log viewer blank?Filter .txt file on descending order of created dateWhat date range must I use for a daily report?log file rotation settingIs there a file with system log?Log file in Append ModeHow to setup ksystemlog to open any *.log file by default?System “Read-Only” log file?how to find specific file with date range

Origin of "cooter" meaning "vagina"

"as much details as you can remember"

Protecting Dualbooting Windows from dangerous code (like rm -rf)

How to manage monthly salary

For what reasons would an animal species NOT cross a *horizontal* land bridge?

How technical should a Scrum Master be to effectively remove impediments?

Aging parents with no investments

Write faster on AT24C32

Landlord wants to switch my lease to a "Land contract" to "get back at the city"

Is three citations per paragraph excessive for undergraduate research paper?

Did Section 31 appear in Star Trek: The Next Generation?

Why isn't the circumferential light around the M87 black hole's event horizon symmetric?

Why did Acorn's A3000 have red function keys?

Which Sci-Fi work first showed weapon of galactic-scale mass destruction?

How to support a colleague who finds meetings extremely tiring?

Did 3000BC Egyptians use meteoric iron weapons?

What does ひと匙 mean in this manga and has it been used colloquially?

Output the Arecibo Message

Can a flute soloist sit?

Loose spokes after only a few rides

Is there any way to tell whether the shot is going to hit you or not?

Delete all lines which don't have n characters before delimiter

Is a "Democratic" Feudal System Possible?

Geography at the pixel level



Filter any system log file by date or date range



The 2019 Stack Overflow Developer Survey Results Are InDisplaying a “scrolling” log fileWhy is the system log viewer blank?Filter .txt file on descending order of created dateWhat date range must I use for a daily report?log file rotation settingIs there a file with system log?Log file in Append ModeHow to setup ksystemlog to open any *.log file by default?System “Read-Only” log file?how to find specific file with date range



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








9















What I want to achieve:



I'd like to filter a system log file by date, i.e. when I do:



$ cat /var/log/syslog | grep -i "error|warn|kernel" 


it prints lines like these for the three last days let say:



(...)
Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
(...)
Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
(...)
Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready


How to grep (select, or filter):



  • by date?

  • by date+hour?

What I tried:



$ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel" 


It works as expected on the syslog file, but not on the kern.log file for example, which only returns: Binary file (standard input) matches. And when I tail this particular file I can see the same starting date format than in the syslog file.



Question:



How to achieve the same on other logs like the kern.log file?



In addition, is it possible to filter:



  • by date range?

  • by date+hour range?

Hint: if possible, with "easy-to-remember commands".










share|improve this question






























    9















    What I want to achieve:



    I'd like to filter a system log file by date, i.e. when I do:



    $ cat /var/log/syslog | grep -i "error|warn|kernel" 


    it prints lines like these for the three last days let say:



    (...)
    Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
    (...)
    Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
    (...)
    Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready


    How to grep (select, or filter):



    • by date?

    • by date+hour?

    What I tried:



    $ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel" 


    It works as expected on the syslog file, but not on the kern.log file for example, which only returns: Binary file (standard input) matches. And when I tail this particular file I can see the same starting date format than in the syslog file.



    Question:



    How to achieve the same on other logs like the kern.log file?



    In addition, is it possible to filter:



    • by date range?

    • by date+hour range?

    Hint: if possible, with "easy-to-remember commands".










    share|improve this question


























      9












      9








      9


      2






      What I want to achieve:



      I'd like to filter a system log file by date, i.e. when I do:



      $ cat /var/log/syslog | grep -i "error|warn|kernel" 


      it prints lines like these for the three last days let say:



      (...)
      Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
      (...)
      Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
      (...)
      Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready


      How to grep (select, or filter):



      • by date?

      • by date+hour?

      What I tried:



      $ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel" 


      It works as expected on the syslog file, but not on the kern.log file for example, which only returns: Binary file (standard input) matches. And when I tail this particular file I can see the same starting date format than in the syslog file.



      Question:



      How to achieve the same on other logs like the kern.log file?



      In addition, is it possible to filter:



      • by date range?

      • by date+hour range?

      Hint: if possible, with "easy-to-remember commands".










      share|improve this question
















      What I want to achieve:



      I'd like to filter a system log file by date, i.e. when I do:



      $ cat /var/log/syslog | grep -i "error|warn|kernel" 


      it prints lines like these for the three last days let say:



      (...)
      Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
      (...)
      Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
      (...)
      Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready


      How to grep (select, or filter):



      • by date?

      • by date+hour?

      What I tried:



      $ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel" 


      It works as expected on the syslog file, but not on the kern.log file for example, which only returns: Binary file (standard input) matches. And when I tail this particular file I can see the same starting date format than in the syslog file.



      Question:



      How to achieve the same on other logs like the kern.log file?



      In addition, is it possible to filter:



      • by date range?

      • by date+hour range?

      Hint: if possible, with "easy-to-remember commands".







      command-line log systemd-journald






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Apr 6 at 15:29









      Community

      1




      1










      asked Apr 5 at 7:43









      s.ks.k

      220212




      220212




















          2 Answers
          2






          active

          oldest

          votes


















          12














          With systemd we got journalctl which easily allows fine grained filtering like this:



          sudo journalctl --since "2 days ago" 
          sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
          sudo journalctl -b # last boot
          sudo journalctl -k # kernel messages
          sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
          sudo journalctl -u sshd # by unit
          sudo journalctl _UID=1000 # by user id



          Examples can be combined together!






          share|improve this answer




















          • 4





            Ok now this is so cool!

            – George Udosen
            Apr 5 at 8:44






          • 2





            Often not even sudo is required (in particular if the user is member of the adm group, which the "main" user usually is).

            – PerlDuck
            Apr 5 at 9:32



















          4














          In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.



          If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:




          [...]
          File and Directory Selection
          -a, --text
          Process a binary file as if it were text;
          this is equivalent to the --binary-files=text option.
          [...]



          You can try the following:



          $ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"


          (But I would actually prefer the journalctl solution given in another answer.)






          share|improve this answer























            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "89"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1131378%2ffilter-any-system-log-file-by-date-or-date-range%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            12














            With systemd we got journalctl which easily allows fine grained filtering like this:



            sudo journalctl --since "2 days ago" 
            sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
            sudo journalctl -b # last boot
            sudo journalctl -k # kernel messages
            sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
            sudo journalctl -u sshd # by unit
            sudo journalctl _UID=1000 # by user id



            Examples can be combined together!






            share|improve this answer




















            • 4





              Ok now this is so cool!

              – George Udosen
              Apr 5 at 8:44






            • 2





              Often not even sudo is required (in particular if the user is member of the adm group, which the "main" user usually is).

              – PerlDuck
              Apr 5 at 9:32
















            12














            With systemd we got journalctl which easily allows fine grained filtering like this:



            sudo journalctl --since "2 days ago" 
            sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
            sudo journalctl -b # last boot
            sudo journalctl -k # kernel messages
            sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
            sudo journalctl -u sshd # by unit
            sudo journalctl _UID=1000 # by user id



            Examples can be combined together!






            share|improve this answer




















            • 4





              Ok now this is so cool!

              – George Udosen
              Apr 5 at 8:44






            • 2





              Often not even sudo is required (in particular if the user is member of the adm group, which the "main" user usually is).

              – PerlDuck
              Apr 5 at 9:32














            12












            12








            12







            With systemd we got journalctl which easily allows fine grained filtering like this:



            sudo journalctl --since "2 days ago" 
            sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
            sudo journalctl -b # last boot
            sudo journalctl -k # kernel messages
            sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
            sudo journalctl -u sshd # by unit
            sudo journalctl _UID=1000 # by user id



            Examples can be combined together!






            share|improve this answer















            With systemd we got journalctl which easily allows fine grained filtering like this:



            sudo journalctl --since "2 days ago" 
            sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
            sudo journalctl -b # last boot
            sudo journalctl -k # kernel messages
            sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
            sudo journalctl -u sshd # by unit
            sudo journalctl _UID=1000 # by user id



            Examples can be combined together!







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Apr 5 at 9:55

























            answered Apr 5 at 8:35









            tomodachitomodachi

            9,65242343




            9,65242343







            • 4





              Ok now this is so cool!

              – George Udosen
              Apr 5 at 8:44






            • 2





              Often not even sudo is required (in particular if the user is member of the adm group, which the "main" user usually is).

              – PerlDuck
              Apr 5 at 9:32













            • 4





              Ok now this is so cool!

              – George Udosen
              Apr 5 at 8:44






            • 2





              Often not even sudo is required (in particular if the user is member of the adm group, which the "main" user usually is).

              – PerlDuck
              Apr 5 at 9:32








            4




            4





            Ok now this is so cool!

            – George Udosen
            Apr 5 at 8:44





            Ok now this is so cool!

            – George Udosen
            Apr 5 at 8:44




            2




            2





            Often not even sudo is required (in particular if the user is member of the adm group, which the "main" user usually is).

            – PerlDuck
            Apr 5 at 9:32






            Often not even sudo is required (in particular if the user is member of the adm group, which the "main" user usually is).

            – PerlDuck
            Apr 5 at 9:32














            4














            In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.



            If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:




            [...]
            File and Directory Selection
            -a, --text
            Process a binary file as if it were text;
            this is equivalent to the --binary-files=text option.
            [...]



            You can try the following:



            $ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"


            (But I would actually prefer the journalctl solution given in another answer.)






            share|improve this answer



























              4














              In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.



              If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:




              [...]
              File and Directory Selection
              -a, --text
              Process a binary file as if it were text;
              this is equivalent to the --binary-files=text option.
              [...]



              You can try the following:



              $ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"


              (But I would actually prefer the journalctl solution given in another answer.)






              share|improve this answer

























                4












                4








                4







                In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.



                If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:




                [...]
                File and Directory Selection
                -a, --text
                Process a binary file as if it were text;
                this is equivalent to the --binary-files=text option.
                [...]



                You can try the following:



                $ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"


                (But I would actually prefer the journalctl solution given in another answer.)






                share|improve this answer













                In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.



                If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:




                [...]
                File and Directory Selection
                -a, --text
                Process a binary file as if it were text;
                this is equivalent to the --binary-files=text option.
                [...]



                You can try the following:



                $ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"


                (But I would actually prefer the journalctl solution given in another answer.)







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Apr 5 at 9:19









                PerlDuckPerlDuck

                8,01611636




                8,01611636



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Ask Ubuntu!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1131378%2ffilter-any-system-log-file-by-date-or-date-range%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    រឿង រ៉ូមេអូ និង ហ្ស៊ុយលីយេ សង្ខេបរឿង តួអង្គ បញ្ជីណែនាំ

                    Crop image to path created in TikZ? Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)Crop an inserted image?TikZ pictures does not appear in posterImage behind and beyond crop marks?Tikz picture as large as possible on A4 PageTransparency vs image compression dilemmaHow to crop background from image automatically?Image does not cropTikzexternal capturing crop marks when externalizing pgfplots?How to include image path that contains a dollar signCrop image with left size given

                    Romeo and Juliet ContentsCharactersSynopsisSourcesDate and textThemes and motifsCriticism and interpretationLegacyScene by sceneSee alsoNotes and referencesSourcesExternal linksNavigation menu"Consumer Price Index (estimate) 1800–"10.2307/28710160037-3222287101610.1093/res/II.5.31910.2307/45967845967810.2307/2869925286992510.1525/jams.1982.35.3.03a00050"Dada Masilo: South African dancer who breaks the rules"10.1093/res/os-XV.57.1610.2307/28680942868094"Sweet Sorrow: Mann-Korman's Romeo and Juliet Closes Sept. 5 at MN's Ordway"the original10.2307/45957745957710.1017/CCOL0521570476.009"Ram Leela box office collections hit massive Rs 100 crore, pulverises prediction"Archived"Broadway Revival of Romeo and Juliet, Starring Orlando Bloom and Condola Rashad, Will Close Dec. 8"Archived10.1075/jhp.7.1.04hon"Wherefore art thou, Romeo? To make us laugh at Navy Pier"the original10.1093/gmo/9781561592630.article.O006772"Ram-leela Review Roundup: Critics Hail Film as Best Adaptation of Romeo and Juliet"Archived10.2307/31946310047-77293194631"Romeo and Juliet get Twitter treatment""Juliet's Nurse by Lois Leveen""Romeo and Juliet: Orlando Bloom's Broadway Debut Released in Theaters for Valentine's Day"Archived"Romeo and Juliet Has No Balcony"10.1093/gmo/9781561592630.article.O00778110.2307/2867423286742310.1076/enst.82.2.115.959510.1080/00138380601042675"A plague o' both your houses: error in GCSE exam paper forces apology""Juliet of the Five O'Clock Shadow, and Other Wonders"10.2307/33912430027-4321339124310.2307/28487440038-7134284874410.2307/29123140149-661129123144728341M"Weekender Guide: Shakespeare on The Drive""balcony"UK public library membership"romeo"UK public library membership10.1017/CCOL9780521844291"Post-Zionist Critique on Israel and the Palestinians Part III: Popular Culture"10.2307/25379071533-86140377-919X2537907"Capulets and Montagues: UK exam board admit mixing names up in Romeo and Juliet paper"Istoria Novellamente Ritrovata di Due Nobili Amanti2027/mdp.390150822329610820-750X"GCSE exam error: Board accidentally rewrites Shakespeare"10.2307/29176390149-66112917639"Exam board apologises after error in English GCSE paper which confused characters in Shakespeare's Romeo and Juliet""From Mariotto and Ganozza to Romeo and Guilietta: Metamorphoses of a Renaissance Tale"10.2307/37323537323510.2307/2867455286745510.2307/28678912867891"10 Questions for Taylor Swift"10.2307/28680922868092"Haymarket Theatre""The Zeffirelli Way: Revealing Talk by Florentine Director""Michael Smuin: 1938-2007 / Prolific dance director had showy career"The Life and Art of Edwin BoothRomeo and JulietRomeo and JulietRomeo and JulietRomeo and JulietEasy Read Romeo and JulietRomeo and Julieteeecb12003684p(data)4099369-3n8211610759dbe00d-a9e2-41a3-b2c1-977dd692899302814385X313670221313670221