Linux provides a lot of different types of logs by default. These files are generally located at /var/log . There may be some exceptions like third party applications but the configuration of log location can be changed to the /var/log directory. In this post, we will look at default log files and how to list, tail, search, filter these logs.
List Log Files
Logs files can be simply listed by using ls command but keep in mind there are directories they contain different files for logs.
$ ls /var/log/
We can list in a recursive manner to get files and folder under /var/log directory like below.
$ ls -R /var/log/
Reading Log Files
There are different methods to read log file but we will use less which have practical solutions while reading the log file.
$ less auth.log
Space will skip to the next page also page up / page down will work too.
Searching Log File
Less have the functionality to search a text file were in this situation a log file. After opening log files with less use /auth to search “auth” term down to the file pages.
To continue to search term without entering, again and again, press n for the next match or p for the previous search. After arriving at the file end if no match exists we will get a message like below at the end of the terminal.
Filtering Log File
Searching is a way to see occurrences in a log file and previous and next events. An alternative is filtering log files. Grep is a very capable tool to filter log files. We will filter for “auth” for all files named auth.log* . We named files auth.log* because old auth.log files are gzipped and have gz extension.
$ zgrep "authen" auth.log*
If we want to colorize findings we can use normal grep with the same filter term as below.
$ zgrep "authen" auth.log* | grep "auth"
Filter All Log Files
Actually filtering or search all files are not different but as an example, we can look at it by specifying and IP address.
$ zgrep "192.168.122.1" * | less
We can use less for search other terms like username “ismail”