Filter any system log file by date or date range The 2019 Stack Overflow Developer Survey Results Are InDisplaying a “scrolling” log fileWhy is the system log viewer blank?Filter .txt file on descending order of created dateWhat date range must I use for a daily report?log file rotation settingIs there a file with system log?Log file in Append ModeHow to setup ksystemlog to open any *.log file by default?System “Read-Only” log file?how to find specific file with date range
Origin of "cooter" meaning "vagina"
"as much details as you can remember"
Protecting Dualbooting Windows from dangerous code (like rm -rf)
How to manage monthly salary
For what reasons would an animal species NOT cross a *horizontal* land bridge?
How technical should a Scrum Master be to effectively remove impediments?
Aging parents with no investments
Write faster on AT24C32
Landlord wants to switch my lease to a "Land contract" to "get back at the city"
Is three citations per paragraph excessive for undergraduate research paper?
Did Section 31 appear in Star Trek: The Next Generation?
Why isn't the circumferential light around the M87 black hole's event horizon symmetric?
Why did Acorn's A3000 have red function keys?
Which Sci-Fi work first showed weapon of galactic-scale mass destruction?
How to support a colleague who finds meetings extremely tiring?
Did 3000BC Egyptians use meteoric iron weapons?
What does ひと匙 mean in this manga and has it been used colloquially?
Output the Arecibo Message
Can a flute soloist sit?
Loose spokes after only a few rides
Is there any way to tell whether the shot is going to hit you or not?
Delete all lines which don't have n characters before delimiter
Is a "Democratic" Feudal System Possible?
Geography at the pixel level
Filter any system log file by date or date range
The 2019 Stack Overflow Developer Survey Results Are InDisplaying a “scrolling” log fileWhy is the system log viewer blank?Filter .txt file on descending order of created dateWhat date range must I use for a daily report?log file rotation settingIs there a file with system log?Log file in Append ModeHow to setup ksystemlog to open any *.log file by default?System “Read-Only” log file?how to find specific file with date range
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
What I want to achieve:
I'd like to filter a system log file by date, i.e. when I do:
$ cat /var/log/syslog | grep -i "error|warn|kernel"
it prints lines like these for the three last days let say:
(...)
Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
(...)
Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
(...)
Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready
How to grep (select, or filter):
- by date?
- by date+hour?
What I tried:
$ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel"
It works as expected on the syslog file, but not on the kern.log file for example, which only returns: Binary file (standard input) matches. And when I tail this particular file I can see the same starting date format than in the syslog file.
Question:
How to achieve the same on other logs like the kern.log file?
In addition, is it possible to filter:
- by date range?
- by date+hour range?
Hint: if possible, with "easy-to-remember commands".
command-line log systemd-journald
edited Apr 6 at 15:29
Community♦
1
asked Apr 5 at 7:43
s.ks.k
220212
add a comment |
What I want to achieve:
I'd like to filter a system log file by date, i.e. when I do:
$ cat /var/log/syslog | grep -i "error|warn|kernel"
it prints lines like these for the three last days let say:
(...)
Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
(...)
Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
(...)
Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready
How to grep (select, or filter):
- by date?
- by date+hour?
What I tried:
$ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel"
It works as expected on the syslog file, but not on the kern.log file for example, which only returns: Binary file (standard input) matches. And when I tail this particular file I can see the same starting date format than in the syslog file.
Question:
How to achieve the same on other logs like the kern.log file?
In addition, is it possible to filter:
- by date range?
- by date+hour range?
Hint: if possible, with "easy-to-remember commands".
command-line log systemd-journald
edited Apr 6 at 15:29
Community♦
1
asked Apr 5 at 7:43
s.ks.k
220212
add a comment |
What I want to achieve:
I'd like to filter a system log file by date, i.e. when I do:
$ cat /var/log/syslog | grep -i "error|warn|kernel"
it prints lines like these for the three last days let say:
(...)
Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
(...)
Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
(...)
Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready
How to grep (select, or filter):
- by date?
- by date+hour?
What I tried:
$ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel"
It works as expected on the syslog file, but not on the kern.log file for example, which only returns: Binary file (standard input) matches. And when I tail this particular file I can see the same starting date format than in the syslog file.
Question:
How to achieve the same on other logs like the kern.log file?
In addition, is it possible to filter:
- by date range?
- by date+hour range?
Hint: if possible, with "easy-to-remember commands".
command-line log systemd-journald
edited Apr 6 at 15:29
Community♦
1
asked Apr 5 at 7:43
s.ks.k
220212
What I want to achieve:
I'd like to filter a system log file by date, i.e. when I do:
$ cat /var/log/syslog | grep -i "error|warn|kernel"
it prints lines like these for the three last days let say:
(...)
Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
(...)
Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
(...)
Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready
How to grep (select, or filter):
- by date?
- by date+hour?
What I tried:
$ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel"
It works as expected on the syslog file, but not on the kern.log file for example, which only returns: Binary file (standard input) matches. And when I tail this particular file I can see the same starting date format than in the syslog file.
Question:
How to achieve the same on other logs like the kern.log file?
In addition, is it possible to filter:
- by date range?
- by date+hour range?
Hint: if possible, with "easy-to-remember commands".
command-line log systemd-journald
command-line log systemd-journald
edited Apr 6 at 15:29
Community♦
1
asked Apr 5 at 7:43
s.ks.k
220212
edited Apr 6 at 15:29
Community♦
1
asked Apr 5 at 7:43
s.ks.k
220212
edited Apr 6 at 15:29
Community♦
1
edited Apr 6 at 15:29
Community♦
1
edited Apr 6 at 15:29
Community♦
1
1
asked Apr 5 at 7:43
s.ks.k
220212
asked Apr 5 at 7:43
s.ks.k
220212
asked Apr 5 at 7:43
s.ks.k
220212
220212
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
With systemd we got journalctl which easily allows fine grained filtering like this:
sudo journalctl --since "2 days ago"
sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
sudo journalctl -b # last boot
sudo journalctl -k # kernel messages
sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
sudo journalctl -u sshd # by unit
sudo journalctl _UID=1000 # by user id
Examples can be combined together!
answered Apr 5 at 8:35
tomodachitomodachi
9,65242343
4
Ok now this is so cool!
– George Udosen
Apr 5 at 8:44
2
Often not evensudois required (in particular if the user is member of theadmgroup, which the "main" user usually is).
– PerlDuck
Apr 5 at 9:32
add a comment |
In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.
If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:
[...]
File and Directory Selection
-a, --text
Process a binary file as if it were text;
this is equivalent to the --binary-files=text option.
[...]
You can try the following:
$ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"
(But I would actually prefer the journalctl solution given in another answer.)
answered Apr 5 at 9:19
PerlDuckPerlDuck
8,01611636
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1131378%2ffilter-any-system-log-file-by-date-or-date-range%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
With systemd we got journalctl which easily allows fine grained filtering like this:
sudo journalctl --since "2 days ago"
sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
sudo journalctl -b # last boot
sudo journalctl -k # kernel messages
sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
sudo journalctl -u sshd # by unit
sudo journalctl _UID=1000 # by user id
Examples can be combined together!
answered Apr 5 at 8:35
tomodachitomodachi
9,65242343
4
Ok now this is so cool!
– George Udosen
Apr 5 at 8:44
2
Often not evensudois required (in particular if the user is member of theadmgroup, which the "main" user usually is).
– PerlDuck
Apr 5 at 9:32
add a comment |
With systemd we got journalctl which easily allows fine grained filtering like this:
sudo journalctl --since "2 days ago"
sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
sudo journalctl -b # last boot
sudo journalctl -k # kernel messages
sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
sudo journalctl -u sshd # by unit
sudo journalctl _UID=1000 # by user id
Examples can be combined together!
answered Apr 5 at 8:35
tomodachitomodachi
9,65242343
4
Ok now this is so cool!
– George Udosen
Apr 5 at 8:44
2
Often not evensudois required (in particular if the user is member of theadmgroup, which the "main" user usually is).
– PerlDuck
Apr 5 at 9:32
add a comment |
With systemd we got journalctl which easily allows fine grained filtering like this:
sudo journalctl --since "2 days ago"
sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
sudo journalctl -b # last boot
sudo journalctl -k # kernel messages
sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
sudo journalctl -u sshd # by unit
sudo journalctl _UID=1000 # by user id
Examples can be combined together!
answered Apr 5 at 8:35
tomodachitomodachi
9,65242343
With systemd we got journalctl which easily allows fine grained filtering like this:
sudo journalctl --since "2 days ago"
sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
sudo journalctl -b # last boot
sudo journalctl -k # kernel messages
sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
sudo journalctl -u sshd # by unit
sudo journalctl _UID=1000 # by user id
Examples can be combined together!
answered Apr 5 at 8:35
tomodachitomodachi
9,65242343
edited Apr 5 at 9:55
answered Apr 5 at 8:35
tomodachitomodachi
9,65242343
answered Apr 5 at 8:35
tomodachitomodachi
9,65242343
answered Apr 5 at 8:35
tomodachitomodachi
9,65242343
9,65242343
4
Ok now this is so cool!
– George Udosen
Apr 5 at 8:44
2
Often not evensudois required (in particular if the user is member of theadmgroup, which the "main" user usually is).
– PerlDuck
Apr 5 at 9:32
add a comment |
4
Ok now this is so cool!
– George Udosen
Apr 5 at 8:44
2
Often not evensudois required (in particular if the user is member of theadmgroup, which the "main" user usually is).
– PerlDuck
Apr 5 at 9:32
4
4
Ok now this is so cool!
– George Udosen
Apr 5 at 8:44
Ok now this is so cool!
– George Udosen
Apr 5 at 8:44
2
2
Often not even
sudo is required (in particular if the user is member of the adm group, which the "main" user usually is).– PerlDuck
Apr 5 at 9:32
Often not even
sudo is required (in particular if the user is member of the adm group, which the "main" user usually is).– PerlDuck
Apr 5 at 9:32
add a comment |
In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.
If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:
[...]
File and Directory Selection
-a, --text
Process a binary file as if it were text;
this is equivalent to the --binary-files=text option.
[...]
You can try the following:
$ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"
(But I would actually prefer the journalctl solution given in another answer.)
answered Apr 5 at 9:19
PerlDuckPerlDuck
8,01611636
add a comment |
In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.
If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:
[...]
File and Directory Selection
-a, --text
Process a binary file as if it were text;
this is equivalent to the --binary-files=text option.
[...]
You can try the following:
$ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"
(But I would actually prefer the journalctl solution given in another answer.)
answered Apr 5 at 9:19
PerlDuckPerlDuck
8,01611636
add a comment |
In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.
If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:
[...]
File and Directory Selection
-a, --text
Process a binary file as if it were text;
this is equivalent to the --binary-files=text option.
[...]
You can try the following:
$ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"
(But I would actually prefer the journalctl solution given in another answer.)
answered Apr 5 at 9:19
PerlDuckPerlDuck
8,01611636
In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.
If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:
[...]
File and Directory Selection
-a, --text
Process a binary file as if it were text;
this is equivalent to the --binary-files=text option.
[...]
You can try the following:
$ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"
(But I would actually prefer the journalctl solution given in another answer.)
answered Apr 5 at 9:19
PerlDuckPerlDuck
8,01611636
answered Apr 5 at 9:19
PerlDuckPerlDuck
8,01611636
answered Apr 5 at 9:19
PerlDuckPerlDuck
8,01611636
answered Apr 5 at 9:19
PerlDuckPerlDuck
8,01611636
8,01611636
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1131378%2ffilter-any-system-log-file-by-date-or-date-range%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
