Learning Linux - Searching Log Files
Previously, I wrote a blog post about Linux commands to solve space issues. Now, I’d like to take a look at searching files for specific terms or phrases. This is really helpful for searching log files, which can grow very large and may contain a great deal of information you don’t need. When troubleshooting issues, administrators sometimes need to search logs to pinpoint warnings or errors. In this post, I’ll be using Jungle Disk logs as an example.
Where are the logs?
When you notice issues with your Jungle Disk backups, the first thing you’ll want to do is enable verbose logs (https://support.jungledisk.com/hc/en-us/articles/200812744-Verbose-Logging-How-to-record-an-error), as this will give you more detailed information. As a side note, when enabling verbose logs, you may also want to click the the “Clear” button to get rid of old logs. On Linux machines, the verbose log will reside in the
/var/log directory. On Linux machines without a GUI, you’d install Jungle Disk Server edition, whose log file is named
If your backup report emails or the admin Control Panel online tells you your backups have errors, and you want to get more detail from the log, how would you do this? First, we’ll go into the directory with the log by using the command
cd /var/log. For any users new to Linux, that just means changing directory to get into the folder where the log file resides.
How do I search?
Next, we’ll use the versatile
grep command. For searching files, the command syntax you use is
grep [options] [pattern] [file], where “pattern” is what you want to search for. For example, to search for the word “error” in the log file, you would enter
grep ‘error’ junglediskserver.log, and all lines that contain”error” will output to the screen.
Search patterns, like file names, are case sensitive. In the previous example, if you’re unsure of the letter case (such as “Error” versus “error”), you can use
grep -i ‘error’ junglediskserver.log, and all letter case variations of “error” will output.
Another useful option is
-C[n], which stands for context. The “n” is an integer that will show that number of lines before and after the search pattern, giving you “context”. For example,
grep -i -C5 ‘error’ junglediskserver.log is not only case insensitive, but it will also output the five lines before and after the search pattern “error”. With the Jungle Disk log file, this option can be helpful to get more error detail and information about what happened before the error occured. Two options similar to that are
-A[n], for before and after. The syntax is the same, and outputs “n” number of lines before or after the search pattern.
Too much output? “Less” of a problem than you think.
Now you may notice, if you have line after line of output, it all just scrolls past the terminal screen until it reaches the end. How can anyone read that quickly? Fortunately, you don’t have to. Here, you can use the
less command, which will output results screen by screen, and you control when the next section outputs. To do this, you’ll use the pipe:
grep -i -C5 ‘error’ junglediskserver.log | less. The pipe is the vertical line character, and it “pipes” the first command results into the
less command. After hitting enter, the results will fill your screen then pause. The space bar will move to the next page, the
b key will go back a page, and the
q key will quit and take you back to the regular terminal screen. You can also use the up and down arrows to move a single line in the corresponding direction.
These two commands have many different options and can do different things. As mentioned in the previous blog, you can use the
man command to get more information. The
grep command is a particularly versatile tool that can be used with redirecting, searching multiple patterns, regular expressions, and more. These are tools that any new administrator should become familiar with. My next blog article will go into even more commands, so stay tuned and contact the support team if you have questions in the meantime!