Filter any system log file by date or date rangeDisplaying a “scrolling” log fileWhy is the system log viewer blank?Filter .txt file on descending order of created dateWhat date range must I use for a daily report?log file rotation settingIs there a file with system log?Log file in Append ModeHow to setup ksystemlog to open any *.log file by default?System “Read-Only” log file?how to find specific file with date range
Risk of getting Chronic Wasting Disease (CWD) in the United States?
What's the point of deactivating Num Lock on login screens?
What are these boxed doors outside store fronts in New York?
To string or not to string
Can a Warlock become Neutral Good?
Why Is Death Allowed In the Matrix?
Modeling an IPv4 Address
Schoenfled Residua test shows proportionality hazard assumptions holds but Kaplan-Meier plots intersect
Why don't electron-positron collisions release infinite energy?
Show that if two triangles built on parallel lines, with equal bases have the same perimeter only if they are congruent.
Why did the Germans forbid the possession of pet pigeons in Rostov-on-Don in 1941?
Is it possible to do 50 km distance without any previous training?
Theorems that impeded progress
Why do I get two different answers for this counting problem?
Why are electrically insulating heatsinks so rare? Is it just cost?
Did Shadowfax go to Valinor?
Prove that NP is closed under karp reduction?
Is it tax fraud for an individual to declare non-taxable revenue as taxable income? (US tax laws)
What typically incentivizes a professor to change jobs to a lower ranking university?
What is the offset in a seaplane's hull?
Is it legal for company to use my work email to pretend I still work there?
Writing rule stating superpower from different root cause is bad writing
Pattern match does not work in bash script
How much RAM could one put in a typical 80386 setup?
Filter any system log file by date or date range
Displaying a “scrolling” log fileWhy is the system log viewer blank?Filter .txt file on descending order of created dateWhat date range must I use for a daily report?log file rotation settingIs there a file with system log?Log file in Append ModeHow to setup ksystemlog to open any *.log file by default?System “Read-Only” log file?how to find specific file with date range
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
What I want to achieve:
I'd like to filter a system log file by date, i.e. when I do:
$ cat /var/log/syslog | grep -i "error|warn|kernel"
it prints lines like these for the three last days let say:
(...)
Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
(...)
Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
(...)
Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready
How to grep (select, or filter):
- by date?
- by date+hour?
What I tried:
$ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel"
It works as expected on the syslog file, but not on the kern.log file for example, which only returns: Binary file (standard input) matches. And when I tail this particular file I can see the same starting date format than in the syslog file.
Question:
How to achieve the same on other logs like the kern.log file?
In addition, is it possible to filter:
- by date range?
- by date+hour range?
Hint: if possible, with "easy-to-remember commands".
command-line log systemd-journald
edited 7 hours ago
Community♦
1
asked yesterday
s.ks.k
218212
add a comment |
What I want to achieve:
I'd like to filter a system log file by date, i.e. when I do:
$ cat /var/log/syslog | grep -i "error|warn|kernel"
it prints lines like these for the three last days let say:
(...)
Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
(...)
Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
(...)
Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready
How to grep (select, or filter):
- by date?
- by date+hour?
What I tried:
$ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel"
It works as expected on the syslog file, but not on the kern.log file for example, which only returns: Binary file (standard input) matches. And when I tail this particular file I can see the same starting date format than in the syslog file.
Question:
How to achieve the same on other logs like the kern.log file?
In addition, is it possible to filter:
- by date range?
- by date+hour range?
Hint: if possible, with "easy-to-remember commands".
command-line log systemd-journald
edited 7 hours ago
Community♦
1
asked yesterday
s.ks.k
218212
add a comment |
What I want to achieve:
I'd like to filter a system log file by date, i.e. when I do:
$ cat /var/log/syslog | grep -i "error|warn|kernel"
it prints lines like these for the three last days let say:
(...)
Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
(...)
Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
(...)
Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready
How to grep (select, or filter):
- by date?
- by date+hour?
What I tried:
$ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel"
It works as expected on the syslog file, but not on the kern.log file for example, which only returns: Binary file (standard input) matches. And when I tail this particular file I can see the same starting date format than in the syslog file.
Question:
How to achieve the same on other logs like the kern.log file?
In addition, is it possible to filter:
- by date range?
- by date+hour range?
Hint: if possible, with "easy-to-remember commands".
command-line log systemd-journald
edited 7 hours ago
Community♦
1
asked yesterday
s.ks.k
218212
What I want to achieve:
I'd like to filter a system log file by date, i.e. when I do:
$ cat /var/log/syslog | grep -i "error|warn|kernel"
it prints lines like these for the three last days let say:
(...)
Apr 3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
(...)
Apr 4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
(...)
Apr 5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready
How to grep (select, or filter):
- by date?
- by date+hour?
What I tried:
$ cat /var/log/syslog | grep -i "Apr 5" | grep -i "error|warn|kernel"
It works as expected on the syslog file, but not on the kern.log file for example, which only returns: Binary file (standard input) matches. And when I tail this particular file I can see the same starting date format than in the syslog file.
Question:
How to achieve the same on other logs like the kern.log file?
In addition, is it possible to filter:
- by date range?
- by date+hour range?
Hint: if possible, with "easy-to-remember commands".
command-line log systemd-journald
command-line log systemd-journald
edited 7 hours ago
Community♦
1
asked yesterday
s.ks.k
218212
edited 7 hours ago
Community♦
1
asked yesterday
s.ks.k
218212
edited 7 hours ago
Community♦
1
edited 7 hours ago
Community♦
1
edited 7 hours ago
Community♦
1
1
asked yesterday
s.ks.k
218212
asked yesterday
s.ks.k
218212
asked yesterday
s.ks.k
218212
218212
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
With systemd we got journalctl which easily allows fine grained filtering like this:
sudo journalctl --since "2 days ago"
sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
sudo journalctl -b # last boot
sudo journalctl -k # kernel messages
sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
sudo journalctl -u sshd # by unit
sudo journalctl _UID=1000 # by user id
Examples can be combined together!
answered yesterday
tomodachitomodachi
9,61742243
3
Ok now this is so cool!
– George Udosen
yesterday
1
Often not evensudois required (in particular if the user is member of theadmgroup, which the "main" user usually is).
– PerlDuck
yesterday
add a comment |
In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.
If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:
[...]
File and Directory Selection
-a, --text
Process a binary file as if it were text;
this is equivalent to the --binary-files=text option.
[...]
You can try the following:
$ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"
(But I would actually prefer the journalctl solution given in another answer.)
answered yesterday
PerlDuckPerlDuck
7,99611636
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1131378%2ffilter-any-system-log-file-by-date-or-date-range%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
With systemd we got journalctl which easily allows fine grained filtering like this:
sudo journalctl --since "2 days ago"
sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
sudo journalctl -b # last boot
sudo journalctl -k # kernel messages
sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
sudo journalctl -u sshd # by unit
sudo journalctl _UID=1000 # by user id
Examples can be combined together!
answered yesterday
tomodachitomodachi
9,61742243
3
Ok now this is so cool!
– George Udosen
yesterday
1
Often not evensudois required (in particular if the user is member of theadmgroup, which the "main" user usually is).
– PerlDuck
yesterday
add a comment |
With systemd we got journalctl which easily allows fine grained filtering like this:
sudo journalctl --since "2 days ago"
sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
sudo journalctl -b # last boot
sudo journalctl -k # kernel messages
sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
sudo journalctl -u sshd # by unit
sudo journalctl _UID=1000 # by user id
Examples can be combined together!
answered yesterday
tomodachitomodachi
9,61742243
3
Ok now this is so cool!
– George Udosen
yesterday
1
Often not evensudois required (in particular if the user is member of theadmgroup, which the "main" user usually is).
– PerlDuck
yesterday
add a comment |
With systemd we got journalctl which easily allows fine grained filtering like this:
sudo journalctl --since "2 days ago"
sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
sudo journalctl -b # last boot
sudo journalctl -k # kernel messages
sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
sudo journalctl -u sshd # by unit
sudo journalctl _UID=1000 # by user id
Examples can be combined together!
answered yesterday
tomodachitomodachi
9,61742243
With systemd we got journalctl which easily allows fine grained filtering like this:
sudo journalctl --since "2 days ago"
sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
sudo journalctl -b # last boot
sudo journalctl -k # kernel messages
sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
sudo journalctl -u sshd # by unit
sudo journalctl _UID=1000 # by user id
Examples can be combined together!
answered yesterday
tomodachitomodachi
9,61742243
edited yesterday
answered yesterday
tomodachitomodachi
9,61742243
answered yesterday
tomodachitomodachi
9,61742243
answered yesterday
tomodachitomodachi
9,61742243
9,61742243
3
Ok now this is so cool!
– George Udosen
yesterday
1
Often not evensudois required (in particular if the user is member of theadmgroup, which the "main" user usually is).
– PerlDuck
yesterday
add a comment |
3
Ok now this is so cool!
– George Udosen
yesterday
1
Often not evensudois required (in particular if the user is member of theadmgroup, which the "main" user usually is).
– PerlDuck
yesterday
3
3
Ok now this is so cool!
– George Udosen
yesterday
Ok now this is so cool!
– George Udosen
yesterday
1
1
Often not even
sudo is required (in particular if the user is member of the adm group, which the "main" user usually is).– PerlDuck
yesterday
Often not even
sudo is required (in particular if the user is member of the adm group, which the "main" user usually is).– PerlDuck
yesterday
add a comment |
In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.
If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:
[...]
File and Directory Selection
-a, --text
Process a binary file as if it were text;
this is equivalent to the --binary-files=text option.
[...]
You can try the following:
$ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"
(But I would actually prefer the journalctl solution given in another answer.)
answered yesterday
PerlDuckPerlDuck
7,99611636
add a comment |
In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.
If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:
[...]
File and Directory Selection
-a, --text
Process a binary file as if it were text;
this is equivalent to the --binary-files=text option.
[...]
You can try the following:
$ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"
(But I would actually prefer the journalctl solution given in another answer.)
answered yesterday
PerlDuckPerlDuck
7,99611636
add a comment |
In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.
If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:
[...]
File and Directory Selection
-a, --text
Process a binary file as if it were text;
this is equivalent to the --binary-files=text option.
[...]
You can try the following:
$ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"
(But I would actually prefer the journalctl solution given in another answer.)
answered yesterday
PerlDuckPerlDuck
7,99611636
In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.
If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:
[...]
File and Directory Selection
-a, --text
Process a binary file as if it were text;
this is equivalent to the --binary-files=text option.
[...]
You can try the following:
$ grep -a -i "Apr 5" /var/log/kern.log | grep -i "error|warn|kernel"
(But I would actually prefer the journalctl solution given in another answer.)
answered yesterday
PerlDuckPerlDuck
7,99611636
answered yesterday
PerlDuckPerlDuck
7,99611636
answered yesterday
PerlDuckPerlDuck
7,99611636
answered yesterday
PerlDuckPerlDuck
7,99611636
7,99611636
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1131378%2ffilter-any-system-log-file-by-date-or-date-range%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
