Efficient Ways To Read The Log Files In Linux

Today, i had analyzed the Apache log files to view IP of the visitors to my website. i had used more & less command for this. After some time i got tired due to the size of log file.

It’s not a easy task to read entire log when you want a specific information.

I left my work in between and i was thinking. Is there any other ways to read the log files efficiently?

Initially i got few ideas to do that then i did the deep analyze and found so many ways to do that.

I had decided to write about this an article so that others can get to know. What are the ways to do?

Suggested Read : lnav – An Advanced Console Based Log File Viewer for Linux

1) How To Read Log File Between Two Dates

Run the following commands to read the log file when you have the requirement to read the files between two dates to identify the issue. We can do this using sed or awk command.

The following format 01/Feb/2018:07:00:00 doesn’t work with sed & awk command. So, we need to add the \ in front of the / to escap that.

It should be 01\/Feb\/2018:07:00:00.

Details:

    \ : Escapes the next character to remove its special meaning

This can be done using the following sed & awk commands combination. For example, If you want to read the logs for two days (from 12th Feb, 2018 to 13th Feb, 2018) and you have to pass three days date (from 12th Feb, 2018 to 14th Feb, 2018). Make sure you have to change dates and log file as per your requirement.

# sed -n '/12\/Feb\/2018/,/14\/Feb\/2018/p' /var/log/apache2/2g_access.log
or
# awk '/12\/Feb\/2018/,/14\/Feb\/2018/' /var/log/apache2/2g_access.log

203.99.204.141 - - [12/Feb/2018:07:53:24 -0700] "GET / HTTP/1.1" 301 2196 "-" "-"
203.99.204.141 - - [12/Feb/2018:08:06:19 -0700] "GET / HTTP/1.1" 301 2355 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
203.99.204.141 - - [12/Feb/2018:08:06:19 -0700] "GET / HTTP/1.1" 200 6786 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
.
.
- 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:10:18:31 -0700] "GET /favicon.ico HTTP/1.1" 200 -
- 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:10:18:50 -0700] "-" 408 -
- 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:11:00:42 -0700] "GET / HTTP/1.1" 301 -
- 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:11:44:28 -0700] "GET / HTTP/1.1" 301 -
- 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:16:03:32 -0700] "GET / HTTP/1.1" 400 308
- 203.99.204.141 www.2daygeek.com - - [14/Feb/2018:02:20:58 -0700] "GET / HTTP/1.1" 301 -

The above output display one line with third day values. If you want to remove that, use the following sed command.

# sed -n '/12\/Feb\/2018/,/14\/Feb\/2018/{/14\/Feb\/2018/d; p}' /var/log/apache2/2g_access.log
203.99.204.141 - - [12/Feb/2018:07:53:24 -0700] "GET / HTTP/1.1" 301 2196 "-" "-"
203.99.204.141 - - [12/Feb/2018:08:06:19 -0700] "GET / HTTP/1.1" 301 2355 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
203.99.204.141 - - [12/Feb/2018:08:06:19 -0700] "GET / HTTP/1.1" 200 6786 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
.
.
- 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:10:18:31 -0700] "GET /favicon.ico HTTP/1.1" 200 -
- 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:10:18:50 -0700] "-" 408 -
- 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:11:00:42 -0700] "GET / HTTP/1.1" 301 -
- 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:11:44:28 -0700] "GET / HTTP/1.1" 301 -
- 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:16:03:32 -0700] "GET / HTTP/1.1" 400 308

Apart from Apache logs, most of the logs are logged on Linux in the following format. Hence, adding an example for the same.

# sed -n '/Feb  4/,/Feb  6/p' /var/log/secure
or
# awk '/Feb  4/,/Feb  6/' /var/log/secure

Feb  4 04:47:10 centos.2daygeek sshd[17502]: pam_unix(sshd:session): session closed for user magesh
Feb  4 04:49:45 centos.2daygeek sshd[19246]: Accepted password for magesh from 192.168.1.108 port 48336 ssh2
Feb  4 04:49:45 centos.2daygeek sshd[19246]: pam_unix(sshd:session): session opened for user magesh by (uid=0)
Feb  4 04:59:13 centos.2daygeek sshd[27670]: Accepted password for daygeek from 192.168.47.220 port 59739 ssh2
Feb  4 04:59:13 centos.2daygeek sshd[27670]: pam_unix(sshd:session): session opened for user daygeek by (uid=0)
Feb  4 04:59:13 centos.2daygeek sshd[27684]: subsystem request for sudha
.
.
Feb  5 23:00:52 centos.2daygeek sshd[2949]: pam_unix(sshd:session): session closed for user magesh
Feb  5 23:01:39 centos.2daygeek sshd[25377]: pam_unix(sshd:session): session closed for user magesh
Feb  5 23:04:44 centos.2daygeek sshd[7227]: Accepted password for magesh from 192.168.1.108 port 56142 ssh2
Feb  5 23:04:44 centos.2daygeek sshd[7227]: pam_unix(sshd:session): session opened for user magesh by (uid=0)
Feb  5 23:38:58 centos.2daygeek sshd[5486]: pam_unix(sshd:auth): check pass; user unknown
Feb  5 23:38:58 centos.2daygeek sshd[5486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.com
Feb  5 23:38:58 centos.2daygeek sshd[5486]: pam_succeed_if(sshd:auth): error retrieving information about user thanu
Feb  6 00:13:52 centos.2daygeek sshd[5413]: Accepted password for sudha from 192.168.1.108 port 49273 ssh2

2) How To Read Log File Between Two timestamps with Different Dates

Run the following commands to read the log file when you have the requirement to read the files between two timestamps with in a day or different day. Make sure you have to include date as well otherwise you can’t get the proper output.

This can be done using the following sed or awk command combination.

In this example, we are going to read Apache access log file from 12th Feb, 2018:14:51:17 to 13th Feb, 2018:10:18:30.

# sed -n '/12\/Feb\/2018:14:51:17/,/13\/Feb\/2018:10:18:30/p' /var/log/apache2/2g_access.log
or
# awk '/12\/Feb\/2018:14:51:17/,/13\/Feb\/2018:10:18:30/' /var/log/apache2/2g_access.log

- 203.99.204.141 www.2daygeek.com - - [12/Feb/2018:14:51:17 -0700] "GET /testing/ HTTP/1.1" 200 4069
- 203.99.204.141 www.2daygeek.com - - [12/Feb/2018:14:51:17 -0700] "GET /site/re/assets/icons/sound.gif HTTP/1.1" 404 10256
- 203.99.204.141 www.2daygeek.com - - [12/Feb/2018:14:51:18 -0700] "GET /favicon.ico HTTP/1.1" 200 -
- 203.99.204.141 www.2daygeek.com - - [12/Feb/2018:14:52:02 -0700] "-" 408 -
- 203.99.204.141 www.2daygeek.com - - [12/Feb/2018:18:57:56 -0700] "GET / HTTP/1.1" 200 4086
- 203.99.204.141 www.2daygeek.com - - [12/Feb/2018:19:18:51 -0700] "GET / HTTP/1.1" 301 -
- 203.99.204.141 www.2daygeek.com - - [12/Feb/2018:19:18:52 -0700] "GET / HTTP/1.1" 200 12661
- 203.99.204.141 www.2daygeek.com - - [12/Feb/2018:23:10:03 -0700] "GET / HTTP/1.1" 200 12715
- 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:03:48:42 -0700] "GET /robots.txt HTTP/1.1" 200 26
- 10.30.0.50 www.2daygeek.com - - [13/Feb/2018:03:48:42 -0700] "POST /wp-cron.php?doing_wp_cron=1511222.80882692223313281250 HTTP/1.1" 200 -
- 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:04:40:05 -0700] "GET / HTTP/1.1" 400 308
- 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:05:50:14 -0700] "GET / HTTP/1.1" 301 -
- 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:08:51:23 -0700] "GET /customer/ HTTP/1.1" 200 5358
- 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:10:18:29 -0700] "GET /policy-holder/lite-review/ HTTP/1.1" 200 4684
- 203.99.204.141 www.2daygeek.com - - [13/Feb/2018:10:18:30 -0700] "GET /wp-content/themes/sela/fonts/genericons.css?ver=3.4.1 HTTP/1.1" 200 129

3) How To Read Log File Between Two timestamps in a day

Run the following commands to read the log file when you have the requirement to read the files between two timestamps with in a day. Make sure you have to include date as well otherwise you can’t get the proper output.

This can be done using the following sed or awk command combination.

In this example, we are going to read secure log file from 4th Feb, 2018 22:11:32 to 4th Feb, 2018 23:04:45.

# sed -n '/Feb  4 22:11:32/,/Feb  4 23:04:45/p' /var/log/secure
or
# awk '/Feb  4 22:11:32/,/Feb  4 23:04:45/' /var/log/secure

Feb  4 22:11:32 centos.2daygeek sshd[28006]: pam_unix(sshd:session): session closed for user sudha
Feb  4 22:47:19 centos.2daygeek sshd[11080]: pam_unix(sshd:session): session closed for user magesh
Feb  4 22:49:45 centos.2daygeek sshd[1229]: Accepted password for magesh from 192.168.1.108 port 49058 ssh2
Feb  4 22:49:45 centos.2daygeek sshd[1229]: pam_unix(sshd:session): session opened for user magesh by (uid=0)
Feb  4 23:02:02 centos.2daygeek sshd[13323]: Accepted password for magesh from 192.168.1.108 port 51876 ssh2
Feb  4 23:02:02 centos.2daygeek sshd[13323]: pam_unix(sshd:session): session opened for user magesh by (uid=0)
Feb  4 23:02:49 centos.2daygeek sshd[1229]: pam_unix(sshd:session): session closed for user magesh
Feb  4 23:03:08 centos.2daygeek sshd[13323]: pam_unix(sshd:session): session closed for user magesh
Feb  4 23:04:45 centos.2daygeek sshd[16545]: Accepted password for magesh from 192.168.1.108 port 52486 ssh2

4) How To Read “N’ Number Of Lines After The Pattern

The below command will print 15 lines after this pattern Feb 4 22:11:32.

# grep -A 15 "Feb  4 22:11:32" /var/log/secure

Feb  4 22:11:32 centos.2daygeek sshd[28006]: pam_unix(sshd:session): session closed for user sudha
Feb  4 22:47:19 centos.2daygeek sshd[11080]: pam_unix(sshd:session): session closed for user magesh
Feb  4 22:49:45 centos.2daygeek sshd[1229]: Accepted password for magesh from 192.168.1.108 port 49058 ssh2
Feb  4 22:49:45 centos.2daygeek sshd[1229]: pam_unix(sshd:session): session opened for user magesh by (uid=0)
Feb  4 23:02:02 centos.2daygeek sshd[13323]: Accepted password for magesh from 192.168.1.108 port 51876 ssh2
Feb  4 23:02:02 centos.2daygeek sshd[13323]: pam_unix(sshd:session): session opened for user magesh by (uid=0)
Feb  4 23:02:49 centos.2daygeek sshd[1229]: pam_unix(sshd:session): session closed for user magesh
Feb  4 23:03:08 centos.2daygeek sshd[13323]: pam_unix(sshd:session): session closed for user magesh
Feb  4 23:04:45 centos.2daygeek sshd[16545]: Accepted password for magesh from 192.168.1.108 port 52486 ssh2
Feb  4 23:04:45 centos.2daygeek sshd[16545]: pam_unix(sshd:session): session opened for user magesh by (uid=0)
Feb  5 02:18:37 centos.2daygeek sshd[6223]: Accepted password for daygeek from 192.168.1.108 port 51529 ssh2
Feb  5 02:18:37 centos.2daygeek sshd[6223]: pam_unix(sshd:session): session opened for user daygeek by (uid=0)
Feb  5 02:18:37 centos.2daygeek sshd[6241]: subsystem request for ftp
Feb  5 02:18:49 centos.2daygeek sshd[6392]: Accepted password for daygeek from 192.168.1.108 port 51531 ssh2
Feb  5 02:18:49 centos.2daygeek sshd[6392]: pam_unix(sshd:session): session opened for user daygeek by (uid=0)
Feb  5 02:43:37 centos.2daygeek sshd[30554]: Accepted password for daygeek from 192.168.1.108 port 51714 ssh2

5) How To Read “N’ Number Of Lines Before The Pattern

The below command will print 15 lines before this pattern Feb 4 22:11:32.

# grep -B 15 "Feb  4 22:11:32" /var/log/secure

Feb  4 11:04:45 centos.2daygeek sshd[3951]: Accepted password for magesh from 192.168.1.108 port 42864 ssh2
Feb  4 11:04:45 centos.2daygeek sshd[3951]: pam_unix(sshd:session): session opened for user magesh by (uid=0)
Feb  4 13:10:05 centos.2daygeek sshd[28006]: Accepted password for sudha from 192.168.1.108 port 46141 ssh2
Feb  4 13:10:05 centos.2daygeek sshd[28006]: pam_unix(sshd:session): session opened for user sudha by (uid=0)
Feb  4 13:10:05 centos.2daygeek sshd[28008]: subsystem request for ftp
Feb  4 13:11:16 centos.2daygeek sshd[29043]: Accepted password for sudha from 192.168.1.108 port 46162 ssh2
Feb  4 13:11:16 centos.2daygeek sshd[29043]: pam_unix(sshd:session): session opened for user sudha by (uid=0)
Feb  4 13:11:16 centos.2daygeek sshd[29045]: subsystem request for ftp
Feb  4 13:13:04 centos.2daygeek sshd[29043]: pam_unix(sshd:session): session closed for user sudha
Feb  4 16:46:59 centos.2daygeek sshd[3951]: pam_unix(sshd:session): session closed for user magesh
Feb  4 16:49:45 centos.2daygeek sshd[11080]: Accepted password for magesh from 192.168.1.108 port 59280 ssh2
Feb  4 16:49:45 centos.2daygeek sshd[11080]: pam_unix(sshd:session): session opened for user magesh by (uid=0)
Feb  4 21:49:04 centos.2daygeek sshd[5967]: pam_unix(sshd:session): session closed for user vinoth
Feb  4 22:11:32 centos.2daygeek sshd[28006]: pam_unix(sshd:session): session closed for user sudha

6) How To Read “N” Minutes Interval Of Logs

The below command will print 5 minutes logs which starts from 09:01:00 to 09:05:59.

# grep "Feb  5 09:0[1-5]" /var/log/secure

Feb  5 09:03:28 centos.2daygeek sshd[14950]: Accepted password for sudha from 192.168.1.108 port 37102 ssh2
Feb  5 09:03:28 centos.2daygeek sshd[14950]: pam_unix(sshd:session): session opened for user sudha by (uid=0)
Feb  5 09:03:28 centos.2daygeek sshd[14954]: subsystem request for ftp
Feb  5 09:04:32 centos.2daygeek sshd[14950]: pam_unix(sshd:session): session closed for user sudha
Feb  5 09:05:54 centos.2daygeek sshd[17960]: Accepted password for sudha from 192.168.1.108 port 37147 ssh2
Feb  5 09:05:54 centos.2daygeek sshd[17960]: pam_unix(sshd:session): session opened for user sudha by (uid=0)
Feb  5 09:05:54 centos.2daygeek sshd[17973]: subsystem request for ftp

7) How To Read “N” Number Of Days Logs

The below command will print 3 days logs. Starting from Feb 13th, 2018 to Feb 15th, 2018.

# grep "1[3-5]/Feb/2018" /var/log/apache2/tmhguide_access.log

- 192.168.1.103 www.2daygeek.com - - [13/Feb/2018:03:48:42 -0700] "GET /robots.txt HTTP/1.1" 200 26
- 192.168.1.103 www.2daygeek.com - - [13/Feb/2018:03:48:42 -0700] "POST /wp-cron.php?doing_wp_cron=15183338922.808826923145613281250 HTTP/1.1" 200 -
- 192.168.1.103 www.2daygeek.com - - [13/Feb/2018:04:40:05 -0700] "GET / HTTP/1.1" 400 308
- 192.168.1.103 www.2daygeek.com - - [13/Feb/2018:05:50:14 -0700] "GET / HTTP/1.1" 301 -
- 192.168.1.103 www.2daygeek.com - - [13/Feb/2018:08:51:23 -0700] "GET /consumers/ HTTP/1.1" 200 5358
.
.
- 192.168.1.103 www.2daygeek.com - - [14/Feb/2018:02:20:58 -0700] "GET / HTTP/1.1" 301 -
- 192.168.1.103 www.2daygeek.com - - [14/Feb/2018:02:20:58 -0700] "POST /wp-cron.php?doing_wp_cron=1518220058.840497016234582812500 HTTP/1.1" 200 -
- 192.168.1.103 www.2daygeek.com - - [14/Feb/2018:02:40:22 -0700] "GET / HTTP/1.1" 301 -
- 192.168.1.103 www.2daygeek.com - - [14/Feb/2018:03:59:52 -0700] "GET /robots.txt HTTP/1.1" 200 26
- 192.168.1.103 www.2daygeek.com - - [14/Feb/2018:06:48:32 -0700] "GET /robots.txt HTTP/1.1" 200 26
- 192.168.1.103 www.2daygeek.com - - [14/Feb/2018:07:16:08 -0700] "GET / HTTP/1.1" 301 -
- 192.168.1.103 www.2daygeek.com - - [14/Feb/2018:09:27:35 -0700] "GET / HTTP/1.1" 200 4084
.
.
- 192.168.1.103 www.2daygeek.com - - [15/Feb/2018:00:41:28 -0700] "GET / HTTP/1.1" 301 -
- 192.168.1.103 www.2daygeek.com - - [15/Feb/2018:00:41:28 -0700] "POST /wp-cron.php?doing_wp_cron=1518120488.77902388534121287109375 HTTP/1.1" 200 -
- 192.168.1.103 www.2daygeek.com - - [15/Feb/2018:00:41:30 -0700] "GET / HTTP/1.1" 200 4084
- 192.168.1.103 www.2daygeek.com - - [15/Feb/2018:00:47:06 -0700] "HEAD / HTTP/1.1" 200 -
- 192.168.1.103 www.2daygeek.com - - [15/Feb/2018:05:09:37 -0700] "GET / HTTP/1.1" 301 -
- 192.168.1.103 www.2daygeek.com - - [15/Feb/2018:06:38:12 -0700] "GET / HTTP/1.1" 200 12715
- 192.168.1.103 www.2daygeek.com - - [15/Feb/2018:06:56:53 -0700] "GET /wls-wsat/CoordinatorPortType HTTP/1.1" 404 10310
- 192.168.1.103 www.2daygeek.com - - [15/Feb/2018:08:07:49 -0700] "GET / HTTP/1.1" 301 -
- 192.168.1.103 www.2daygeek.com - - [15/Feb/2018:09:56:00 -0700] "GET /robots.txt HTTP/1.1" 200 26

It’s for different format. The below command will print 3 days logs. Starting from Feb 3rd, 2018 to Feb 6th, 2018.

# grep "Feb  [4-6]" /var/log/secure

Feb  4 04:47:10 centos.2daygeek.com sshd[17502]: pam_unix(sshd:session): session closed for user magesh
Feb  4 04:49:45 centos.2daygeek.com sshd[19246]: Accepted password for magesh from 192.168.1.105 port 48336 ssh2
Feb  4 04:49:45 centos.2daygeek.com sshd[19246]: pam_unix(sshd:session): session opened for user magesh by (uid=0)
Feb  4 04:59:13 centos.2daygeek.com sshd[27670]: Accepted password for daygeek from 192.168.1.105 port 59739 ssh2
Feb  4 04:59:13 centos.2daygeek.com sshd[27670]: pam_unix(sshd:session): session opened for user daygeek by (uid=0)
Feb  4 04:59:13 centos.2daygeek.com sshd[27684]: subsystem request for ftp
Feb  4 04:59:26 centos.2daygeek.com sshd[27838]: Accepted password for daygeek from 192.168.1.105 port 59742 ssh2
.
.
Feb  5 02:18:37 centos.2daygeek.com sshd[6223]: Accepted password for daygeek from 192.168.1.105 port 51529 ssh2
Feb  5 02:18:37 centos.2daygeek.com sshd[6223]: pam_unix(sshd:session): session opened for user daygeek by (uid=0)
Feb  5 02:18:37 centos.2daygeek.com sshd[6241]: subsystem request for ftp
Feb  5 02:18:49 centos.2daygeek.com sshd[6392]: Accepted password for daygeek from 192.168.1.105 port 51531 ssh2
Feb  5 02:18:49 centos.2daygeek.com sshd[6392]: pam_unix(sshd:session): session opened for user daygeek by (uid=0)
Feb  5 02:43:37 centos.2daygeek.com sshd[30554]: Accepted password for daygeek from 192.168.1.105 port 51714 ssh2
Feb  5 02:43:37 centos.2daygeek.com sshd[30554]: pam_unix(sshd:session): session opened for user daygeek by (uid=0)
Feb  5 02:43:37 centos.2daygeek.com sshd[30580]: subsystem request for ftp
Feb  5 03:41:55 centos.2daygeek.com sshd[25610]: Invalid user vinoth from 192.168.47.245
.
.
Feb  6 22:46:49 centos.2daygeek.com sshd[16959]: pam_unix(sshd:session): session closed for user magesh
Feb  6 22:49:44 centos.2daygeek.com sshd[29878]: Accepted password for magesh from 192.168.1.105 port 53248 ssh2
Feb  6 22:49:44 centos.2daygeek.com sshd[29878]: pam_unix(sshd:session): session opened for user magesh by (uid=0)
Feb  6 23:02:46 centos.2daygeek.com sshd[10220]: Accepted password for magesh from 192.168.1.105 port 56332 ssh2
Feb  6 23:02:46 centos.2daygeek.com sshd[10220]: pam_unix(sshd:session): session opened for user magesh by (uid=0)
Feb  6 23:02:51 centos.2daygeek.com sshd[10220]: pam_unix(sshd:session): session closed for user magesh
Feb  6 23:03:59 centos.2daygeek.com sshd[29878]: pam_unix(sshd:session): session closed for user magesh
Feb  6 23:04:44 centos.2daygeek.com sshd[12684]: Accepted password for magesh from 192.168.1.105 port 56730 ssh2
Feb  6 23:04:44 centos.2daygeek.com sshd[12684]: pam_unix(sshd:session): session opened for user magesh by (uid=0)

8) Search The Given String In Multiple Files

This command will search the given string into multiple files.
We are going to search errors string from /var/log/messages & /var/log/dmesg file. See the results below.

# grep "errors" /var/log/messages /var/log/dmesg

/var/log/messages:Feb 14 11:26:42 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT /errors.
/var/log/messages:Feb 14 11:26:55 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors.
/var/log/messages:Feb 14 11:27:04 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors.
/var/log/messages:Feb 14 11:27:13 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors.
/var/log/messages:Feb 14 16:59:14 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors.
/var/log/messages:Feb 14 16:59:14 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors.
/var/log/messages:Feb 14 16:59:14 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors.
/var/log/messages:Feb 14 16:59:14 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors.
/var/log/dmesg:GPT: Use GNU Parted to correct GPT /errors.
/var/log/dmesg:GPT: Use GNU Parted to correct GPT errors.
/var/log/dmesg:GPT: Use GNU Parted to correct GPT errors.
/var/log/dmesg:GPT: Use GNU Parted to correct GPT errors.

9) Search Multiple Strings In A File

Alternatively we can search multiple strings in a file.
We are going to search errors & WARNING & Warning string from /var/log/messages file. See the results below.

# grep 'errors\|WARNING\|Warning' /var/log/messages
# grep -e errors -e WARNING -e Warning /var/log/messages

Feb  4 23:11:55 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0()
Feb  6 16:15:09 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0()
Feb  6 16:33:00 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0()
Feb  7 14:57:54 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0()
Feb  7 15:57:47 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0()
Feb  7 16:04:24 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0()
Feb  7 16:08:44 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0()
Feb  8 12:51:43 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0()
Feb  8 13:05:36 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0()
Feb  8 17:17:52 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors.
Feb  8 17:17:52 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors.
Feb  8 17:17:52 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors.
Feb  8 17:17:52 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors.
Feb  8 17:17:52 Arch.2daygeek.com kernel: WARNING! power/level is deprecated; use power/control instead
Feb  8 17:17:52 Arch.2daygeek.com kernel: ACPI Warning: 0x0000000000000428-0x000000000000042f SystemIO conflicts with Region \GPE0 1 (20121018/utaddress-251)
Feb  8 17:17:52 Arch.2daygeek.com kernel: ACPI Warning: 0x0000000000000428-0x000000000000042f SystemIO conflicts with Region \_SB_.WERR.GPWE 2 (20121018/utaddress-251)
Feb  8 17:17:52 Arch.2daygeek.com kernel: ACPI Warning: 0x0000000000000428-0x000000000000042f SystemIO conflicts with Region \_SB_.IOH0.LPC0.GPE0 3 (20121018/utaddress-251)
Feb  8 17:17:52 Arch.2daygeek.com kernel: ACPI Warning: 0x0000000000000500-0x000000000000052f SystemIO conflicts with Region \_GPE.GPII 1 (20121018/utaddress-251)
Feb 10 14:02:30 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0()

10) Search Multiple Strings in the Multiple Files

Also we can search multiple strings in multiple file.
We are going to search errors & WARNING & Warning string from /var/log/messages & /var/log/dmesg file. See the results below.

# grep 'errors\|WARNING\|Warning' /var/log/messages /var/log/dmesg
or
# grep -e errors -e WARNING -e Warning /var/log/messages /var/log/dmesg

/var/log/messages:Feb  4 23:11:55 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0()
/var/log/messages:Feb  6 16:15:09 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0()
/var/log/messages:Feb  6 16:33:00 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0()
/var/log/messages:Feb  7 14:57:54 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0()
/var/log/messages:Feb  7 15:57:47 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0()
/var/log/messages:Feb  7 16:04:24 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0()
/var/log/messages:Feb  7 16:08:44 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0()
/var/log/messages:Feb  8 12:51:43 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0()
/var/log/messages:Feb  8 13:05:36 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0()
/var/log/messages:Feb  8 17:17:52 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors.
/var/log/messages:Feb  8 17:17:52 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors.
/var/log/messages:Feb  8 17:17:52 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors.
/var/log/messages:Feb  8 17:17:52 Arch.2daygeek.com kernel: GPT: Use GNU Parted to correct GPT errors.
/var/log/messages:Feb  8 17:17:52 Arch.2daygeek.com kernel: WARNING! power/level is deprecated; use power/control instead
/var/log/messages:Feb  8 17:17:52 Arch.2daygeek.com kernel: ACPI Warning: 0x0000000000000428-0x000000000000042f SystemIO conflicts with Region \GPE0 1 (20121018/utaddress-251)
/var/log/messages:Feb  8 17:17:52 Arch.2daygeek.com kernel: ACPI Warning: 0x0000000000000428-0x000000000000042f SystemIO conflicts with Region \_SB_.WERR.GPWE 2 (20121018/utaddress-251)
/var/log/messages:Feb  8 17:17:52 Arch.2daygeek.com kernel: ACPI Warning: 0x0000000000000428-0x000000000000042f SystemIO conflicts with Region \_SB_.IOH0.LPC0.GPE0 3 (20121018/utaddress-251)
/var/log/messages:Feb  8 17:17:52 Arch.2daygeek.com kernel: ACPI Warning: 0x0000000000000500-0x000000000000052f SystemIO conflicts with Region \_GPE.GPII 1 (20121018/utaddress-251)
/var/log/messages:Feb 10 14:02:30 Arch.2daygeek.com kernel: WARNING: at kernel/watchdog.c:246 watchdog_overflow_callback+0x98/0xc0()
/var/log/dmesg:WARNING: at fs/sysfs/dir.c:536 sysfs_add_one+0xbb/0xe0()
/var/log/dmesg:WARNING: at lib/kobject.c:196 kobject_add_internal+0x205/0x260()
/var/log/dmesg:GPT: Use GNU Parted to correct GPT errors.
/var/log/dmesg:GPT: Use GNU Parted to correct GPT errors.
/var/log/dmesg:GPT: Use GNU Parted to correct GPT errors.
/var/log/dmesg:GPT: Use GNU Parted to correct GPT errors.
/var/log/dmesg:WARNING! power/level is deprecated; use power/control instead
/var/log/dmesg:ACPI Warning: 0x0000000000000428-0x000000000000042f SystemIO conflicts with Region \GPE0 1 (20121018/utaddress-251)
/var/log/dmesg:ACPI Warning: 0x0000000000000428-0x000000000000042f SystemIO conflicts with Region \_SB_.WERR.GPWE 2 (20121018/utaddress-251)
/var/log/dmesg:ACPI Warning: 0x0000000000000428-0x000000000000042f SystemIO conflicts with Region \_SB_.IOH0.LPC0.GPE0 3 (20121018/utaddress-251)
/var/log/dmesg:ACPI Warning: 0x0000000000000500-0x000000000000052f SystemIO conflicts with Region \_GPE.GPII 1 (20121018/utaddress-251)

11) Search The Given String In The Whole System

If you want to search given string in the whole system, use the following format. Make a note, this may take a while to complete based on your system size.

# find / -xdev -type f -print0 | xargs -0 grep -H "Magi-Thanu" 2> /dev/null
/opt/magi.txt:Magi-Thanu

# grep -r "Magi-Thanu" / 2> /dev/null
/opt/magi.txt:Magi-Thanu

Reference :askubuntu

Magesh Maruthamuthu

Love to play with all Linux distribution

You may also like...

Shares
Close
Please support the site
By clicking any of these buttons you help our site to get better