Searching logfiles with tail, grep, and company

DIVE DEEP

Article from Issue 89/2008
Author(s):

If your hardware or software goes on strike, or the graphical system or your Internet connection fail, checking the logfiles can often be a big help. In this month’s column, we will look at the command-line tools that can help you scour the depths of these critical files.

Kernel messages, user logins or log offs, network processes, and many other events are logged meticulously by the Linux system. The Linux system’s logging system goes by the name of syslogd (or syslog-ng, “Syslog New Generation” on SUSE Linux); the system logger is a daemon, which is started at system boot time. All log files are stored in the folder /var/ log/ and its subdirectories .

With just a couple of exceptions, most of these protocol files are protected from prying eyes and only readable by the system administrator. To view the files, you can use KDE’s file manager, Konqueror, for example, in system administration mode. To do so, pop up a quick starter by pressing Alt+F2 and type kdesu konqueror, then type the root password after the prompt.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Logfile Viewers

    While users are surfing the web, listening to music, and writing documents, the kernel and various background daemons write information to logfiles. KSystemLog, Gnome System Log Viewer, and MultiTail will help you read and process logfile data.

  • logrotate

    Take charge of your installation’s logfiles with logrotate.

  • Glogg

    Programmers and Linux administrators appreciate the benefits of event logs. The Glogg tool is the perfect choice for searching even large logfiles.

  • Monitoring Logfiles

    Logfiles contain records of what happens on a Linux system and the services it runs. Tools like Logcheck and Logsurfer filter out the most important events for the administrator, and they can even trigger an appropriate reaction automatically.

  • A Tale of tails

    When it comes to file monitoring, tail's replacements, colortail and MultiTail, offer more sophisticated control over how your information is displayed.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News