Filter any system log file by date or date rangeDisplaying a “scrolling” log fileWhy is the system log viewer blank?Filter .txt file on descending order of created dateWhat date range must I use for a daily report?log file rotation settingIs there a file with system log?Log file in Append ModeHow to setup ksystemlog to open any *.log file by default?System “Read-Only” log file?how to find specific file with date range
COUNT(*) or MAX(id) - which is faster?
Extreme, but not acceptable situation and I can't start the work tomorrow morning
Can a planet have a different gravitational pull depending on its location in orbit around its sun?
How to make particles emit from certain parts of a 3D object?
How did the USSR manage to innovate in an environment characterized by government censorship and high bureaucracy?
What do you call something that goes against the spirit of the law, but is legal when interpreting the law to the letter?
Denied boarding due to overcrowding, Sparpreis ticket. What are my rights?
Pristine Bit Checking
How would photo IDs work for shapeshifters?
Copycat chess is back
Why do we use polarized capacitors?
Can I find out the caloric content of bread by dehydrating it?
Should the British be getting ready for a no-deal Brexit?
Was there ever an axiom rendered a theorem?
Lied on resume at previous job
aging parents with no investments
A poker game description that does not feel gimmicky
Does a dangling wire really electrocute me if I'm standing in water?
Is domain driven design an anti-SQL pattern?
Finding files for which a command fails
Why is my log file so massive? 22gb. I am running log backups
How can I fix this gap between bookcases I made?
Why was the "bread communication" in the arena of Catching Fire left out in the movie?
Where to refill my bottle in India?
Filter any system log file by date or date range
Displaying a “scrolling” log fileWhy is the system log viewer blank?Filter .txt file on descending order of created dateWhat date range must I use for a daily report?log file rotation settingIs there a file with system log?Log file in Append ModeHow to setup ksystemlog to open any *.log file by default?System “Read-Only” log file?how to find specific file with date range
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
What I want to achieve:
I'd like to filter a system log file by date, i.e. when I do:
$ cat /var/log/syslog | grep -i "error|warn|kernel"
it prints lines like these for the three last days let say:
(...)
Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
(...)
Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
(...)
Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready
How to grep (select, or filter):
- by date?
- by date+hour?
What I tried:
$ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel"
It works as expected on the syslog
file, but not on the kern.log
file for example, which only returns: Binary file (standard input) matches
. And when I tail
this particular file I can see the same starting date format than in the syslog
file.
Question:
How to achieve the same on other logs like the kern.log
file?
In addition, is it possible to filter:
- by date range?
- by date+hour range?
Hint: if possible, with "easy-to-remember commands".
command-line log systemd-journald
add a comment |
What I want to achieve:
I'd like to filter a system log file by date, i.e. when I do:
$ cat /var/log/syslog | grep -i "error|warn|kernel"
it prints lines like these for the three last days let say:
(...)
Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
(...)
Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
(...)
Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready
How to grep (select, or filter):
- by date?
- by date+hour?
What I tried:
$ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel"
It works as expected on the syslog
file, but not on the kern.log
file for example, which only returns: Binary file (standard input) matches
. And when I tail
this particular file I can see the same starting date format than in the syslog
file.
Question:
How to achieve the same on other logs like the kern.log
file?
In addition, is it possible to filter:
- by date range?
- by date+hour range?
Hint: if possible, with "easy-to-remember commands".
command-line log systemd-journald
add a comment |
What I want to achieve:
I'd like to filter a system log file by date, i.e. when I do:
$ cat /var/log/syslog | grep -i "error|warn|kernel"
it prints lines like these for the three last days let say:
(...)
Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
(...)
Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
(...)
Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready
How to grep (select, or filter):
- by date?
- by date+hour?
What I tried:
$ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel"
It works as expected on the syslog
file, but not on the kern.log
file for example, which only returns: Binary file (standard input) matches
. And when I tail
this particular file I can see the same starting date format than in the syslog
file.
Question:
How to achieve the same on other logs like the kern.log
file?
In addition, is it possible to filter:
- by date range?
- by date+hour range?
Hint: if possible, with "easy-to-remember commands".
command-line log systemd-journald
What I want to achieve:
I'd like to filter a system log file by date, i.e. when I do:
$ cat /var/log/syslog | grep -i "error|warn|kernel"
it prints lines like these for the three last days let say:
(...)
Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
(...)
Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
(...)
Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready
How to grep (select, or filter):
- by date?
- by date+hour?
What I tried:
$ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel"
It works as expected on the syslog
file, but not on the kern.log
file for example, which only returns: Binary file (standard input) matches
. And when I tail
this particular file I can see the same starting date format than in the syslog
file.
Question:
How to achieve the same on other logs like the kern.log
file?
In addition, is it possible to filter:
- by date range?
- by date+hour range?
Hint: if possible, with "easy-to-remember commands".
command-line log systemd-journald
command-line log systemd-journald
edited 2 days ago
Community♦
1
1
asked Apr 5 at 7:43
s.ks.k
220212
220212
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
With systemd we got journalctl which easily allows fine grained filtering like this:
sudo journalctl --since "2 days ago"
sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
sudo journalctl -b # last boot
sudo journalctl -k # kernel messages
sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
sudo journalctl -u sshd # by unit
sudo journalctl _UID=1000 # by user id
Examples can be combined together!
4
Ok now this is so cool!
– George Udosen
Apr 5 at 8:44
2
Often not evensudo
is required (in particular if the user is member of theadm
group, which the "main" user usually is).
– PerlDuck
Apr 5 at 9:32
add a comment |
In general, the kern.log
is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@
and such.
If grep
notices its input is binary, it usually stops further processing and prints ... binary file ...
instead. But there's a switch to change this behaviour. From the manpage:
[...]
File and Directory Selection
-a, --text
Process a binary file as if it were text;
this is equivalent to the --binary-files=text option.
[...]
You can try the following:
$ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"
(But I would actually prefer the journalctl
solution given in another answer.)
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1131378%2ffilter-any-system-log-file-by-date-or-date-range%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
With systemd we got journalctl which easily allows fine grained filtering like this:
sudo journalctl --since "2 days ago"
sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
sudo journalctl -b # last boot
sudo journalctl -k # kernel messages
sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
sudo journalctl -u sshd # by unit
sudo journalctl _UID=1000 # by user id
Examples can be combined together!
4
Ok now this is so cool!
– George Udosen
Apr 5 at 8:44
2
Often not evensudo
is required (in particular if the user is member of theadm
group, which the "main" user usually is).
– PerlDuck
Apr 5 at 9:32
add a comment |
With systemd we got journalctl which easily allows fine grained filtering like this:
sudo journalctl --since "2 days ago"
sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
sudo journalctl -b # last boot
sudo journalctl -k # kernel messages
sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
sudo journalctl -u sshd # by unit
sudo journalctl _UID=1000 # by user id
Examples can be combined together!
4
Ok now this is so cool!
– George Udosen
Apr 5 at 8:44
2
Often not evensudo
is required (in particular if the user is member of theadm
group, which the "main" user usually is).
– PerlDuck
Apr 5 at 9:32
add a comment |
With systemd we got journalctl which easily allows fine grained filtering like this:
sudo journalctl --since "2 days ago"
sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
sudo journalctl -b # last boot
sudo journalctl -k # kernel messages
sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
sudo journalctl -u sshd # by unit
sudo journalctl _UID=1000 # by user id
Examples can be combined together!
With systemd we got journalctl which easily allows fine grained filtering like this:
sudo journalctl --since "2 days ago"
sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
sudo journalctl -b # last boot
sudo journalctl -k # kernel messages
sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
sudo journalctl -u sshd # by unit
sudo journalctl _UID=1000 # by user id
Examples can be combined together!
edited Apr 5 at 9:55
answered Apr 5 at 8:35
tomodachitomodachi
9,63242343
9,63242343
4
Ok now this is so cool!
– George Udosen
Apr 5 at 8:44
2
Often not evensudo
is required (in particular if the user is member of theadm
group, which the "main" user usually is).
– PerlDuck
Apr 5 at 9:32
add a comment |
4
Ok now this is so cool!
– George Udosen
Apr 5 at 8:44
2
Often not evensudo
is required (in particular if the user is member of theadm
group, which the "main" user usually is).
– PerlDuck
Apr 5 at 9:32
4
4
Ok now this is so cool!
– George Udosen
Apr 5 at 8:44
Ok now this is so cool!
– George Udosen
Apr 5 at 8:44
2
2
Often not even
sudo
is required (in particular if the user is member of the adm
group, which the "main" user usually is).– PerlDuck
Apr 5 at 9:32
Often not even
sudo
is required (in particular if the user is member of the adm
group, which the "main" user usually is).– PerlDuck
Apr 5 at 9:32
add a comment |
In general, the kern.log
is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@
and such.
If grep
notices its input is binary, it usually stops further processing and prints ... binary file ...
instead. But there's a switch to change this behaviour. From the manpage:
[...]
File and Directory Selection
-a, --text
Process a binary file as if it were text;
this is equivalent to the --binary-files=text option.
[...]
You can try the following:
$ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"
(But I would actually prefer the journalctl
solution given in another answer.)
add a comment |
In general, the kern.log
is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@
and such.
If grep
notices its input is binary, it usually stops further processing and prints ... binary file ...
instead. But there's a switch to change this behaviour. From the manpage:
[...]
File and Directory Selection
-a, --text
Process a binary file as if it were text;
this is equivalent to the --binary-files=text option.
[...]
You can try the following:
$ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"
(But I would actually prefer the journalctl
solution given in another answer.)
add a comment |
In general, the kern.log
is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@
and such.
If grep
notices its input is binary, it usually stops further processing and prints ... binary file ...
instead. But there's a switch to change this behaviour. From the manpage:
[...]
File and Directory Selection
-a, --text
Process a binary file as if it were text;
this is equivalent to the --binary-files=text option.
[...]
You can try the following:
$ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"
(But I would actually prefer the journalctl
solution given in another answer.)
In general, the kern.log
is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@
and such.
If grep
notices its input is binary, it usually stops further processing and prints ... binary file ...
instead. But there's a switch to change this behaviour. From the manpage:
[...]
File and Directory Selection
-a, --text
Process a binary file as if it were text;
this is equivalent to the --binary-files=text option.
[...]
You can try the following:
$ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"
(But I would actually prefer the journalctl
solution given in another answer.)
answered Apr 5 at 9:19
PerlDuckPerlDuck
8,00611636
8,00611636
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1131378%2ffilter-any-system-log-file-by-date-or-date-range%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown