Linux provides a lot of different type of logs by default. These files are generally located at /var/log . There may be some exceptions like third party applications but configuration of log location can be change to the /var/log directory. In this post we will look default log files and how to list, tail, search, filter these logs.
List Log Files
Logs files can be simply listed by using ls command but keep in mind there are directories they contain different files for logs.
$ ls /var/log/
We can list in a recursive manner to get files and folder under /var/log directory like below.
$ ls -R /var/log/
Reading Log Files
There are different methods to read log file but we will use less which have practical solutions while reading log file.
$ less auth.log
Space will skip to next page also page up / page down will work too.
Searching Log File
Less have functionality to search a text file where in this situation a log file. After opening a log files with less use /auth to search “auth” term down to the file pages.
To continue to search term without entering again and again press n for the next match or p for previous search. After arriving to the file end if no match exist we will get a message like below at the end of terminal.
Filtering Log File
Searhcing is a way to see occurences in a log file and previous and next events. Alternative is filtering log files. Grep is very capable tool to filter log files. We will filter for “auth” for all files named auth.log* . We named files auth.log* because old auth.log files are gzipped and have gz extension.
$ zgrep "authen" auth.log*
If we want to colorize findings we can use normal grep with the same filter term liek below.
$ zgrep "authen" auth.log* | grep "auth"
Filter All Log Files
Actually filtering or search all files are not different but as an example we can look it by specifying and IP address.
$ zgrep "192.168.122.1" * | less
We can use less for search other terms like username “ismail”