1

How to view what happened to server in specific time period and specific date?

For example: I want to see what happened 23.03.2013 from 6-8am

i want to use command line, maybe cat+grep+sort ?

log looks like "Mar 24 22:32:49 serv named[21804]"

barraba
  • 35
  • 1
  • 1
  • 7

2 Answers2

3

My syslog timestamps look like this: 2013-03-24T06:25:02-05:00, so I usually do something like this:

grep '^2013-03-24T0[678]' $LOG
Insyte
  • 9,394
  • 3
  • 28
  • 45
  • myne is 'Mar 24 22:32:49 serv named[21804]' – barraba Mar 24 '13 at 19:01
  • it did't work for me or im missing something tryed grep "^Mar 24 06' /var/log/messages shows nothing and i dont get it how to put second timestamp (from 6:00 to 8:00) – barraba Mar 24 '13 at 19:06
  • you need to use the correct syntax for whatever flavor of grep you have on your system. The [678] in Insyte's example means that it will match a 6, 7, or 8. If you're unclear about grep and regex in general, you'll need to do some reading. – mfinni Mar 24 '13 at 19:38
  • i have a real big problems with "man" , and yes grep and regexp is a problem for me. I would be glad if you can help -- grep '^Mar 24 [678]' /var/log/messages -- did't work, what i do wrong? – barraba Mar 24 '13 at 22:09
  • 2
    Build up the regular expression bit by bit. Start with something really simple like `grep '^Mar' /var/log/messages'`. If that doesn't return results, then you're missing something from your log format. If it *does* return results, then add the date: `grep '^Mar 24'`. If that still works, add the first digit of the time (which should be a 0). Etc. If your example log line is complete and correct, the final result *should* look like this: `grep '^Mar 24 0[678]' /var/log/messages`. – Insyte Mar 25 '13 at 22:45
  • thanx a lot ! Thats helped me to solve the problem and understand regexp ! I'm very grateful. – barraba Mar 29 '13 at 11:26
0

In your viewer or editor, open the log file, and then use its search function for text that matches the logfile's format that corresponds with the beginning of the time period. Then continue scrolling in the forward direction (which may be up or down, depends on how your application writes its logs.)

If you need more instructions, you'll need to clarify what you're looking for; try editing your question.

mfinni
  • 36,144
  • 4
  • 53
  • 86
  • Insyte has the good answer. No need to use sort, and it would also be a "Useless Use of cat" - just use grep. – mfinni Mar 24 '13 at 19:01