Filter any system log file by date or date range Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)Displaying a “scrolling” log fileWhy is the system log viewer blank?Filter .txt file on descending order of created dateWhat date range must I use for a daily report?log file rotation settingIs there a file with system log?Log file in Append ModeHow to setup ksystemlog to open any *.log file by default?System “Read-Only” log file?how to find specific file with date range
What helicopter has the most rotor blades?
When speaking, how do you change your mind mid-sentence?
Has a Nobel Peace laureate ever been accused of war crimes?
Why these surprising proportionalities of integrals involving odd zeta values?
What kind of equipment or other technology is necessary to photograph sprites (atmospheric phenomenon)
Are Flameskulls resistant to magical piercing damage?
Can the van der Waals coefficients be negative in the van der Waals equation for real gases?
Output the slug and name of a CPT single post taxonomy term
Is Vivien of the Wilds + Wilderness Reclamation a competitive combo?
Can I ask an author to send me his ebook?
A German immigrant ancestor has a "Registration Affidavit of Alien Enemy" on file. What does that mean exactly?
Pointing to problems without suggesting solutions
/bin/ls sorts differently than just ls
Why isn't everyone flabbergasted about Bran's "gift"?
Why do people think Winterfell crypts is the safest place for women, children & old people?
Why do C and C++ allow the expression (int) + 4*5?
Married in secret, can marital status in passport be changed at a later date?
How to create a command for the "strange m" symbol in latex?
"Destructive force" carried by a B-52?
Will I be more secure with my own router behind my ISP's router?
What came first? Venom as the movie or as the song?
Who's this lady in the war room?
When does Bran Stark remember Jamie pushing him?
FME Console for testing
Filter any system log file by date or date range
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)Displaying a “scrolling” log fileWhy is the system log viewer blank?Filter .txt file on descending order of created dateWhat date range must I use for a daily report?log file rotation settingIs there a file with system log?Log file in Append ModeHow to setup ksystemlog to open any *.log file by default?System “Read-Only” log file?how to find specific file with date range
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
What I want to achieve:
I'd like to filter a system log file by date, i.e. when I do:
$ cat /var/log/syslog | grep -i "error|warn|kernel"
it prints lines like these for the three last days let say:
(...)
Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
(...)
Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
(...)
Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready
How to grep (select, or filter):
- by date?
- by date+hour?
What I tried:
$ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel"
It works as expected on the syslog file, but not on the kern.log file for example, which only returns: Binary file (standard input) matches. And when I tail this particular file I can see the same starting date format than in the syslog file.
Question:
How to achieve the same on other logs like the kern.log file?
In addition, is it possible to filter:
- by date range?
- by date+hour range?
Hint: if possible, with "easy-to-remember commands".
command-line log systemd-journald
edited Apr 6 at 15:29
Community♦
1
asked Apr 5 at 7:43
s.ks.k
225213
add a comment |
What I want to achieve:
I'd like to filter a system log file by date, i.e. when I do:
$ cat /var/log/syslog | grep -i "error|warn|kernel"
it prints lines like these for the three last days let say:
(...)
Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
(...)
Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
(...)
Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready
How to grep (select, or filter):
- by date?
- by date+hour?
What I tried:
$ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel"
It works as expected on the syslog file, but not on the kern.log file for example, which only returns: Binary file (standard input) matches. And when I tail this particular file I can see the same starting date format than in the syslog file.
Question:
How to achieve the same on other logs like the kern.log file?
In addition, is it possible to filter:
- by date range?
- by date+hour range?
Hint: if possible, with "easy-to-remember commands".
command-line log systemd-journald
edited Apr 6 at 15:29
Community♦
1
asked Apr 5 at 7:43
s.ks.k
225213
add a comment |
What I want to achieve:
I'd like to filter a system log file by date, i.e. when I do:
$ cat /var/log/syslog | grep -i "error|warn|kernel"
it prints lines like these for the three last days let say:
(...)
Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
(...)
Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
(...)
Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready
How to grep (select, or filter):
- by date?
- by date+hour?
What I tried:
$ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel"
It works as expected on the syslog file, but not on the kern.log file for example, which only returns: Binary file (standard input) matches. And when I tail this particular file I can see the same starting date format than in the syslog file.
Question:
How to achieve the same on other logs like the kern.log file?
In addition, is it possible to filter:
- by date range?
- by date+hour range?
Hint: if possible, with "easy-to-remember commands".
command-line log systemd-journald
edited Apr 6 at 15:29
Community♦
1
asked Apr 5 at 7:43
s.ks.k
225213
What I want to achieve:
I'd like to filter a system log file by date, i.e. when I do:
$ cat /var/log/syslog | grep -i "error|warn|kernel"
it prints lines like these for the three last days let say:
(...)
Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
(...)
Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
(...)
Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready
How to grep (select, or filter):
- by date?
- by date+hour?
What I tried:
$ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel"
It works as expected on the syslog file, but not on the kern.log file for example, which only returns: Binary file (standard input) matches. And when I tail this particular file I can see the same starting date format than in the syslog file.
Question:
How to achieve the same on other logs like the kern.log file?
In addition, is it possible to filter:
- by date range?
- by date+hour range?
Hint: if possible, with "easy-to-remember commands".
command-line log systemd-journald
command-line log systemd-journald
edited Apr 6 at 15:29
Community♦
1
asked Apr 5 at 7:43
s.ks.k
225213
edited Apr 6 at 15:29
Community♦
1
asked Apr 5 at 7:43
s.ks.k
225213
edited Apr 6 at 15:29
Community♦
1
edited Apr 6 at 15:29
Community♦
1
edited Apr 6 at 15:29
Community♦
1
1
asked Apr 5 at 7:43
s.ks.k
225213
asked Apr 5 at 7:43
s.ks.k
225213
asked Apr 5 at 7:43
s.ks.k
225213
225213
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
With systemd we got journalctl which easily allows fine grained filtering like this:
sudo journalctl --since "2 days ago"
sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
sudo journalctl -b # last boot
sudo journalctl -k # kernel messages
sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
sudo journalctl -u sshd # by unit
sudo journalctl _UID=1000 # by user id
Examples can be combined!
answered Apr 5 at 8:35
tomodachitomodachi
9,76242343
4
Ok now this is so cool!
– George Udosen
Apr 5 at 8:44
2
Often not evensudois required (in particular if the user is member of theadmgroup, which the "main" user usually is).
– PerlDuck
Apr 5 at 9:32
add a comment |
In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.
If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:
[...]
File and Directory Selection
-a, --text
Process a binary file as if it were text;
this is equivalent to the --binary-files=text option.
[...]
You can try the following:
$ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"
(But I would actually prefer the journalctl solution given in another answer.)
answered Apr 5 at 9:19
PerlDuckPerlDuck
8,04111637
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1131378%2ffilter-any-system-log-file-by-date-or-date-range%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
With systemd we got journalctl which easily allows fine grained filtering like this:
sudo journalctl --since "2 days ago"
sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
sudo journalctl -b # last boot
sudo journalctl -k # kernel messages
sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
sudo journalctl -u sshd # by unit
sudo journalctl _UID=1000 # by user id
Examples can be combined!
answered Apr 5 at 8:35
tomodachitomodachi
9,76242343
4
Ok now this is so cool!
– George Udosen
Apr 5 at 8:44
2
Often not evensudois required (in particular if the user is member of theadmgroup, which the "main" user usually is).
– PerlDuck
Apr 5 at 9:32
add a comment |
With systemd we got journalctl which easily allows fine grained filtering like this:
sudo journalctl --since "2 days ago"
sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
sudo journalctl -b # last boot
sudo journalctl -k # kernel messages
sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
sudo journalctl -u sshd # by unit
sudo journalctl _UID=1000 # by user id
Examples can be combined!
answered Apr 5 at 8:35
tomodachitomodachi
9,76242343
4
Ok now this is so cool!
– George Udosen
Apr 5 at 8:44
2
Often not evensudois required (in particular if the user is member of theadmgroup, which the "main" user usually is).
– PerlDuck
Apr 5 at 9:32
add a comment |
With systemd we got journalctl which easily allows fine grained filtering like this:
sudo journalctl --since "2 days ago"
sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
sudo journalctl -b # last boot
sudo journalctl -k # kernel messages
sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
sudo journalctl -u sshd # by unit
sudo journalctl _UID=1000 # by user id
Examples can be combined!
answered Apr 5 at 8:35
tomodachitomodachi
9,76242343
With systemd we got journalctl which easily allows fine grained filtering like this:
sudo journalctl --since "2 days ago"
sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
sudo journalctl -b # last boot
sudo journalctl -k # kernel messages
sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
sudo journalctl -u sshd # by unit
sudo journalctl _UID=1000 # by user id
Examples can be combined!
answered Apr 5 at 8:35
tomodachitomodachi
9,76242343
edited 2 days ago
answered Apr 5 at 8:35
tomodachitomodachi
9,76242343
answered Apr 5 at 8:35
tomodachitomodachi
9,76242343
answered Apr 5 at 8:35
tomodachitomodachi
9,76242343
9,76242343
4
Ok now this is so cool!
– George Udosen
Apr 5 at 8:44
2
Often not evensudois required (in particular if the user is member of theadmgroup, which the "main" user usually is).
– PerlDuck
Apr 5 at 9:32
add a comment |
4
Ok now this is so cool!
– George Udosen
Apr 5 at 8:44
2
Often not evensudois required (in particular if the user is member of theadmgroup, which the "main" user usually is).
– PerlDuck
Apr 5 at 9:32
4
4
Ok now this is so cool!
– George Udosen
Apr 5 at 8:44
Ok now this is so cool!
– George Udosen
Apr 5 at 8:44
2
2
Often not even
sudo is required (in particular if the user is member of the adm group, which the "main" user usually is).– PerlDuck
Apr 5 at 9:32
Often not even
sudo is required (in particular if the user is member of the adm group, which the "main" user usually is).– PerlDuck
Apr 5 at 9:32
add a comment |
In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.
If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:
[...]
File and Directory Selection
-a, --text
Process a binary file as if it were text;
this is equivalent to the --binary-files=text option.
[...]
You can try the following:
$ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"
(But I would actually prefer the journalctl solution given in another answer.)
answered Apr 5 at 9:19
PerlDuckPerlDuck
8,04111637
add a comment |
In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.
If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:
[...]
File and Directory Selection
-a, --text
Process a binary file as if it were text;
this is equivalent to the --binary-files=text option.
[...]
You can try the following:
$ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"
(But I would actually prefer the journalctl solution given in another answer.)
answered Apr 5 at 9:19
PerlDuckPerlDuck
8,04111637
add a comment |
In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.
If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:
[...]
File and Directory Selection
-a, --text
Process a binary file as if it were text;
this is equivalent to the --binary-files=text option.
[...]
You can try the following:
$ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"
(But I would actually prefer the journalctl solution given in another answer.)
answered Apr 5 at 9:19
PerlDuckPerlDuck
8,04111637
In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.
If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:
[...]
File and Directory Selection
-a, --text
Process a binary file as if it were text;
this is equivalent to the --binary-files=text option.
[...]
You can try the following:
$ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"
(But I would actually prefer the journalctl solution given in another answer.)
answered Apr 5 at 9:19
PerlDuckPerlDuck
8,04111637
answered Apr 5 at 9:19
PerlDuckPerlDuck
8,04111637
answered Apr 5 at 9:19
PerlDuckPerlDuck
8,04111637
answered Apr 5 at 9:19
PerlDuckPerlDuck
8,04111637
8,04111637
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1131378%2ffilter-any-system-log-file-by-date-or-date-range%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
