Filter any system log file by date or date range

With systemd we got journalctl which easily allows fine grained filtering like this:

sudo journalctl --since "2 days ago"   
sudo journalctl --since "2019-03-10" --until "2019-03-11 03:00"
sudo journalctl -b # last boot 
sudo journalctl -k # kernel messages
sudo journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
sudo journalctl -u sshd # by unit 
sudo journalctl _UID=1000 # by user id

Examples can be combined!

In general, the kern.log is a text file. But sometimes it happens that it contains some binary data, especially when the system has crashed before and the system could not close the file properly. You may then notice lines containing text like ^@^@^@^@^@^@^@^@^@ and such.

If grep notices its input is binary, it usually stops further processing and prints ... binary file ... instead. But there's a switch to change this behaviour. From the manpage:

[...]
File and Directory Selection
   -a, --text
          Process a binary file as if it were text; 
          this is equivalent to the --binary-files=text option.
[...]

You can try the following:

$ grep -a -i "Apr  5" /var/log/kern.log  | grep -i "error\|warn\|kernel"

(But I would actually prefer the journalctl solution given in another answer.)

Filter any system log file by date or date range

Tags:

Command Line

Log

Systemd Journald

Related

Recent Posts