Quote:
Originally Posted by Habitual
Code:
sudo grep ntp /var/log/ -l > $HOME/log.txt
for that directory file match/listing.
Code:
sudo grep ntp /var/log/ -Rl > $HOME/log.txt
for sub-directory file match/listing.
Example output:
Code:
sudo grep ntp /var/log/ -Rl
/var/log/bootstrap.log
/var/log/dmesg
/var/log/kern.log.1
/var/log/atop/atop_20150602
/var/log/atop/atop_20150527
/var/log/auth.log
/var/log/dmesg.0
/var/log/installer/partman
/var/log/installer/syslog
/var/log/boot.log
cat log.txt:
Code:
/var/log/bootstrap.log
/var/log/dmesg
/var/log/kern.log.1
/var/log/atop/atop_20150602
/var/log/atop/atop_20150527
/var/log/auth.log
/var/log/dmesg.0
/var/log/installer/partman
/var/log/installer/syslog
/var/log/boot.log
Hope that helps.
|
Excellent post this one was, but on busier systems you can seriously bog down a system unless you sort out files that are not ASCII legible, I.E. binary log files.Some tools I developed to better manage this:
Code:
LOGS_INDEX(){
echo "Indexing log files found in /var/log/ tree. This may take a moment."
LOG[1]=`find /var/log/. |
xargs file |
awk '{ if ( $2 == "ASCII" ) print $1 }' |
cut -d: -f1`
echo ""
} ;\
LOGS_SEARCH_A(){
echo
echo "Search found the following information"
echo "###########################################################################"
echo "${LOG[@]}" |
xargs egrep $FUZZY_TYPE "$SEARCH"
echo "###########################################################################"
echo ""
} ;\
LOGS_SEARCH_B(){
echo
echo "Search found the following information"
echo "###########################################################################"
echo "${LOG[@]}" |
xargs grep -h $FUZZY_TYPE "$SEARCH" |
sort
echo "###########################################################################"
echo ""
} ;\
Example of using the tools, first load the libraries:
Code:
[root@localhost ~]# LOGS_INDEX(){
> echo "Indexing log files found in /var/log/ tree. This may take a moment."
> LOG[1]=`find /var/log/. |
> xargs file |
> awk '{ if ( $2 == "ASCII" ) print $1 }' |
> cut -d: -f1`
> echo ""
> } ;\
>
[root@localhost ~]# LOGS_SEARCH_A(){
> echo
> echo "Search found the following information"
> echo "###########################################################################"
> echo "${LOG[@]}" |
> xargs egrep $FUZZY_TYPE "$SEARCH"
> echo "###########################################################################"
> echo ""
> } ;\
>
[root@localhost ~]# LOGS_SEARCH_B(){
> echo
> echo "Search found the following information"
> echo "###########################################################################"
> echo "${LOG[@]}" |
> xargs grep -h $FUZZY_TYPE "$SEARCH" |
> sort
> echo "###########################################################################"
> echo ""
> } ;\
>
Then call them to run the search
Code:
[root@localhost ~]# SEARCH='What I am searching for'
[root@localhost ~]# LOGS_SEARCH_A > /root/loginfo.txt
FUZZY_TYPE can be switches such as "-ab5", and you only need to run LOGS_INDEX once per session. LOGS_SEARCH_A is egrep and LOGS_SEARCH_B is plain grep. Basically I am using a cheat in that I am storing the routines as a local hash variable of the session shell. This way I do not need to save them as files to run, but would work the same as a script if needed for cron jobs and the like. However for cron jobs the shell changes and you would need to run LOGS_INDEX each time.