Linux logs are stored in the /var/log directory. We can write scripts to scan these logs and automatically perform certain functions based on their content. There are many commands for viewing logs in Linux: tail, head, cat, more, less, sed, etc.
1、tail
The tail command is the most commonly used log viewing statement. Taking the log file as an example, the tail command can be used to view the last few lines of the log file or to track the log file in real time.
Commonly used tail Command Options:-n: Specify the number of displayed rows。-f: Run in follow mode。-c: Specify the number of characters to display。-r: Display in reverse order from the end of the file。
View the last few lines of the log file to display the last 100 lines of the file
tail -n 100
Display all logs after 100 lines of the file
tail -n +100
Track log files in real time, run tail commands in following mode, and display newly added content in real time. (The last 10 lines by default are equivalent to adding parameters -n 10)
tail -f
Find lines containing the specified string in the log file, display lines containing keywords in the file
grep "Keywords"
Display the last 100 characters of the file. If the -c option is not followed by the number, the last 100 characters will be displayed by default.
tail -c 100
View the lines containing "ERROR" in the log file and display them in reverse order from the end of the file
tail -r -n 100 | grep "ERROR"
Exit tail command
Ctrl+c
2、head
The head is the opposite of tail, which is to look at the previous line log.
Show the first 20 lines of the file
head -n 20
Show the first 100 characters of the file
head -c 100
Read content from file1 file and display the first 5 lines
cat file1 | head -n 5
head other parameters refer to tail
3、cat
cat is different from tail to search the log in full text
View all contents of the file
cat
View all the contents of the file, where -n is used to precede each line number
cat -n
Create a file from the keyboard
cat > filename
Perform with cautioncat > Order!
This command writes all standard input overlays into the file. If the file already exists, its original content will be completely emptied. 1. If the file does not exist, a new empty file will be created. 2. If the file already exists, the original content of the file will be cleared and new input will be ready to be received.
Merge several files into one file
cat file1 file2 > file #Only new files can be created,Cannot edit existing files
Append the contents of a log file to another
cat -n textfile1 > textfile2
Clear a log file
cat : >textfile2
Note: > means creation, >> is append. Never mess around.
cat other parameters refer to tail
4、more
More is used to display file contents on pages. Unlike cat, it does not display the entire file at once, but displays it on page by page to facilitate viewing long text files. more reads the file from front to back, so the entire file is loaded at startup. There are several shortcut keys built in more, commonly used ones include h (get help information), Enter (roll down one line), space (scroll down one screen), Ctrl + f (scroll forward one page), Ctrl + b (scroll back one page), and q (exit command).
more filename #Pagination display filename File content。more +n filename #From the file n The row starts to display。more -n filename #Before displaying the file n OK。
5、less
less is a command line tool similar to more, used to paginate the content of a file. More powerful than more, offering some extra features and more flexible controls.
less filename #Pagination display filename Contentsps -ef | less #psView process information and passlessPagination displayhistory | less #View command history and passlessPagination displayless filename1 filename2 #Browse multiple filesshift + G #Command to the end of the file,Then enter ?Add the keywords you want to search for, for example?111n #Find keywords upwardshift+n #Reverse search for keywords
Common command parameters:
-b <Buffer size> Set the buffer size-g Only sign the last keyword search-i Ignore case when searching-m Show similarmorePercentage of command-N Show the line number of each line-o <file name> Willless The output content is saved in the specified file-Q No warning tone-s Show a row of continuous empty behaviors/String:Search down"String"Functions?String:Search up"String"Functionsn:Repeat the previous search(and / or ? related)N:反向Repeat the previous search(and / or ? related)b Turn backwards a pageh Show help interfaceq quitless Order
6、sed
Find and replace text according to specific patterns, delete lines, insert text, modify line numbers, etc.
Replace text
sed 's/old/new/g' filename #Put all in the file "old" Replace with "new" (g Replace globally)
Delete rows
sed '/pattern/d' filename #Delete contains "pattern" The way
Insert text
sed 's/pattern/pattern\nnew_text/g' filename #Included "pattern" Insert after the row "new_text"
Modify line number
sed 'n' filename #Number each line
Extract specific parts
sed 's/.*:\(.*\).*/\1/' filename #Extract the part after the colon in each row
7. Supplement (linux log file description)
/var/log/message Information and error log after system startup,yesRed Hat LinuxOne of the most commonly used logs/var/log/secure Security-related log information/var/log/maillog Email-related log information/var/log/cron Log information related to timing tasks/var/log/spooler andUUCPandnewsDevice-related log information/var/log/ 守护进程启动and停止相关的日志消息/var/log/wtmp This log file permanently records each user's login、Logout and system startup、Downtime events
Log files usually use: date and time level source information
Date and time:Indicates the time of logging。level:Indicates the severity of the log,常见的level包括:ALERT:Emergency,Measures need to be taken immediately。CRIT:Serious incidents,May affect the normal operation of the system。ERR:Error Event,Need to be repaired。WARNING:Warning events,May affect system performance。NOTICE:General information,No measures are required。INFO:Information Events,Used to record the operation of the system。source:表示日志记录的来source,Usually the name of a program or module。information:Indicates the content of the log record。
The following is a record in a messages log file:
[2023-08-02 11:23:45] INFO sshd: [pam_unix(sshd:auth):auth] user=root service=sshd success=yes
This record indicates that at 2023-08-02 11:23:45, the user root logged in to the system using the SSH protocol and the authentication was successful.
This is the end of this article about the commonly used commands for viewing logs in Linux. For more related contents of viewing logs in Linux, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!