Filter any system log file by date or date rangeDisplaying a “scrolling” log fileWhy is the system log viewer blank?Filter .txt file on descending order of created dateWhat date range must I use for a daily report?log file rotation settingIs there a file with system log?Log file in Append ModeHow to setup ksystemlog to open any *.log file by default?System “Read-Only” log file?how to find specific file with date range

COUNT(*) or MAX(id) - which is faster?

Extreme, but not acceptable situation and I can't start the work tomorrow morning

Can a planet have a different gravitational pull depending on its location in orbit around its sun?

How to make particles emit from certain parts of a 3D object?

How did the USSR manage to innovate in an environment characterized by government censorship and high bureaucracy?

What do you call something that goes against the spirit of the law, but is legal when interpreting the law to the letter?

Denied boarding due to overcrowding, Sparpreis ticket. What are my rights?

Pristine Bit Checking

How would photo IDs work for shapeshifters?

Copycat chess is back

Why do we use polarized capacitors?

Can I find out the caloric content of bread by dehydrating it?

Should the British be getting ready for a no-deal Brexit?

Was there ever an axiom rendered a theorem?

Lied on resume at previous job

aging parents with no investments

A poker game description that does not feel gimmicky

Does a dangling wire really electrocute me if I'm standing in water?

Is domain driven design an anti-SQL pattern?

Finding files for which a command fails

Why is my log file so massive? 22gb. I am running log backups

How can I fix this gap between bookcases I made?

Why was the "bread communication" in the arena of Catching Fire left out in the movie?

Where to refill my bottle in India?



Filter any system log file by date or date range


Displaying a “scrolling” log fileWhy is the system log viewer blank?Filter .txt file on descending order of created dateWhat date range must I use for a daily report?log file rotation settingIs there a file with system log?Log file in Append ModeHow to setup ksystemlog to open any *.log file by default?System “Read-Only” log file?how to find specific file with date range






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








9















What I want to achieve:



I'd like to filter a system log file by date, i.e. when I do:



$ cat /var/log/syslog | grep -i "error|warn|kernel" 


it prints lines like these for the three last days let say:



(...)
Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
(...)
Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
(...)
Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready


How to grep (select, or filter):



  • by date?

  • by date+hour?

What I tried:



$ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel" 


It works as expected on the syslog file, but not on the kern.log file for example, which only returns: Binary file (standard input) matches. And when I tail this particular file I can see the same starting date format than in the syslog file.



Question:



How to achieve the same on other logs like the kern.log file?



In addition, is it possible to filter:



  • by date range?

  • by date+hour range?

Hint: if possible, with "easy-to-remember commands".










share|improve this question






























    9















    What I want to achieve:



    I'd like to filter a system log file by date, i.e. when I do:



    $ cat /var/log/syslog | grep -i "error|warn|kernel" 


    it prints lines like these for the three last days let say:



    (...)
    Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
    (...)
    Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
    (...)
    Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready


    How to grep (select, or filter):



    • by date?

    • by date+hour?

    What I tried:



    $ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel" 


    It works as expected on the syslog file, but not on the kern.log file for example, which only returns: Binary file (standard input) matches. And when I tail this particular file I can see the same starting date format than in the syslog file.



    Question:



    How to achieve the same on other logs like the kern.log file?



    In addition, is it possible to filter:



    • by date range?

    • by date+hour range?

    Hint: if possible, with "easy-to-remember commands".










    share|improve this question


























      9












      9








      9


      2






      What I want to achieve:



      I'd like to filter a system log file by date, i.e. when I do:



      $ cat /var/log/syslog | grep -i "error|warn|kernel" 


      it prints lines like these for the three last days let say:



      (...)
      Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
      (...)
      Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
      (...)
      Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready


      How to grep (select, or filter):



      • by date?

      • by date+hour?

      What I tried:



      $ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel" 


      It works as expected on the syslog file, but not on the kern.log file for example, which only returns: Binary file (standard input) matches. And when I tail this particular file I can see the same starting date format than in the syslog file.



      Question:



      How to achieve the same on other logs like the kern.log file?



      In addition, is it possible to filter:



      • by date range?

      • by date+hour range?

      Hint: if possible, with "easy-to-remember commands".










      share|improve this question
















      What I want to achieve:



      I'd like to filter a system log file by date, i.e. when I do:



      $ cat /var/log/syslog | grep -i "error|warn|kernel" 


      it prints lines like these for the three last days let say:



      (...)
      Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
      (...)
      Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
      (...)
      Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready


      How to grep (select, or filter):



      • by date?

      • by date+hour?

      What I tried:



      $ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel" 


      It works as expected on the syslog file, but not on the kern.log file for example, which only returns: Binary file (standard input) matches. And when I tail this particular file I can see the same starting date format than in the syslog file.



      Question:



      How to achieve the same on other logs like the kern.log file?



      In addition, is it possible to filter:



      • by date range?

      • by date+hour range?

      Hint: if possible, with "easy-to-remember commands".







      command-line log systemd-journald






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 2 days ago









      Community

      1




      1










      asked Apr 5 at 7:43









      s.ks.k

      220212




      220212




















          2 Answers
          2






          active

          oldest

          votes


















          12














          With systemd we got journalctl which easily allows fine grained filtering like this:



          sudo journalctl --since "2 days ago" 
          sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
          sudo journalctl -b # last boot
          sudo journalctl -k # kernel messages
          sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
          sudo journalctl -u sshd # by unit
          sudo journalctl _UID=1000 # by user id



          Examples can be combined together!






          share|improve this answer




















          • 4





            Ok now this is so cool!

            – George Udosen
            Apr 5 at 8:44






          • 2





            Often not even sudo is required (in particular if the user is member of the adm group, which the "main" user usually is).

            – PerlDuck
            Apr 5 at 9:32



















          4














          In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.



          If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:




          [...]
          File and Directory Selection
          -a, --text
          Process a binary file as if it were text;
          this is equivalent to the --binary-files=text option.
          [...]



          You can try the following:



          $ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"


          (But I would actually prefer the journalctl solution given in another answer.)






          share|improve this answer























            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "89"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1131378%2ffilter-any-system-log-file-by-date-or-date-range%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            12














            With systemd we got journalctl which easily allows fine grained filtering like this:



            sudo journalctl --since "2 days ago" 
            sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
            sudo journalctl -b # last boot
            sudo journalctl -k # kernel messages
            sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
            sudo journalctl -u sshd # by unit
            sudo journalctl _UID=1000 # by user id



            Examples can be combined together!






            share|improve this answer




















            • 4





              Ok now this is so cool!

              – George Udosen
              Apr 5 at 8:44






            • 2





              Often not even sudo is required (in particular if the user is member of the adm group, which the "main" user usually is).

              – PerlDuck
              Apr 5 at 9:32
















            12














            With systemd we got journalctl which easily allows fine grained filtering like this:



            sudo journalctl --since "2 days ago" 
            sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
            sudo journalctl -b # last boot
            sudo journalctl -k # kernel messages
            sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
            sudo journalctl -u sshd # by unit
            sudo journalctl _UID=1000 # by user id



            Examples can be combined together!






            share|improve this answer




















            • 4





              Ok now this is so cool!

              – George Udosen
              Apr 5 at 8:44






            • 2





              Often not even sudo is required (in particular if the user is member of the adm group, which the "main" user usually is).

              – PerlDuck
              Apr 5 at 9:32














            12












            12








            12







            With systemd we got journalctl which easily allows fine grained filtering like this:



            sudo journalctl --since "2 days ago" 
            sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
            sudo journalctl -b # last boot
            sudo journalctl -k # kernel messages
            sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
            sudo journalctl -u sshd # by unit
            sudo journalctl _UID=1000 # by user id



            Examples can be combined together!






            share|improve this answer















            With systemd we got journalctl which easily allows fine grained filtering like this:



            sudo journalctl --since "2 days ago" 
            sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
            sudo journalctl -b # last boot
            sudo journalctl -k # kernel messages
            sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
            sudo journalctl -u sshd # by unit
            sudo journalctl _UID=1000 # by user id



            Examples can be combined together!







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Apr 5 at 9:55

























            answered Apr 5 at 8:35









            tomodachitomodachi

            9,63242343




            9,63242343







            • 4





              Ok now this is so cool!

              – George Udosen
              Apr 5 at 8:44






            • 2





              Often not even sudo is required (in particular if the user is member of the adm group, which the "main" user usually is).

              – PerlDuck
              Apr 5 at 9:32













            • 4





              Ok now this is so cool!

              – George Udosen
              Apr 5 at 8:44






            • 2





              Often not even sudo is required (in particular if the user is member of the adm group, which the "main" user usually is).

              – PerlDuck
              Apr 5 at 9:32








            4




            4





            Ok now this is so cool!

            – George Udosen
            Apr 5 at 8:44





            Ok now this is so cool!

            – George Udosen
            Apr 5 at 8:44




            2




            2





            Often not even sudo is required (in particular if the user is member of the adm group, which the "main" user usually is).

            – PerlDuck
            Apr 5 at 9:32






            Often not even sudo is required (in particular if the user is member of the adm group, which the "main" user usually is).

            – PerlDuck
            Apr 5 at 9:32














            4














            In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.



            If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:




            [...]
            File and Directory Selection
            -a, --text
            Process a binary file as if it were text;
            this is equivalent to the --binary-files=text option.
            [...]



            You can try the following:



            $ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"


            (But I would actually prefer the journalctl solution given in another answer.)






            share|improve this answer



























              4














              In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.



              If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:




              [...]
              File and Directory Selection
              -a, --text
              Process a binary file as if it were text;
              this is equivalent to the --binary-files=text option.
              [...]



              You can try the following:



              $ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"


              (But I would actually prefer the journalctl solution given in another answer.)






              share|improve this answer

























                4












                4








                4







                In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.



                If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:




                [...]
                File and Directory Selection
                -a, --text
                Process a binary file as if it were text;
                this is equivalent to the --binary-files=text option.
                [...]



                You can try the following:



                $ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"


                (But I would actually prefer the journalctl solution given in another answer.)






                share|improve this answer













                In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.



                If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:




                [...]
                File and Directory Selection
                -a, --text
                Process a binary file as if it were text;
                this is equivalent to the --binary-files=text option.
                [...]



                You can try the following:



                $ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"


                (But I would actually prefer the journalctl solution given in another answer.)







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Apr 5 at 9:19









                PerlDuckPerlDuck

                8,00611636




                8,00611636



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Ask Ubuntu!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1131378%2ffilter-any-system-log-file-by-date-or-date-range%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Sum ergo cogito? 1 nng

                    三茅街道4182Guuntc Dn precexpngmageondP