Ubuntu – Filter any system log file by date or date range

command linelogsystemd-journald

What I want to achieve:

I'd like to filter a system log file by date, i.e. when I do:

$ cat /var/log/syslog | grep -i "error\|warn\|kernel"

it prints lines like these for the three last days let say: 

(...)
Apr  3 06:17:38 computer_name kernel: [517239.805470] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
(...)
Apr  4 19:34:21 computer_name kernel: [517242.523165] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
(...)
Apr  5 09:00:52 computer_name kernel: [517242.523217] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready

How to grep (select, or filter):

  • by date?
  • by date+hour?

What I tried:

$ cat /var/log/syslog | grep -i "Apr  5" | grep -i "error\|warn\|kernel"

It works as expected on the syslog file, but not on the kern.log file for example, which only returns: Binary file (standard input) matches. And when I tail this particular file I can see the same starting date format than in the syslog file.

Question:

How to achieve the same on other logs like the kern.log file?

In addition, is it possible to filter:

  • by date range?
  • by date+hour range?

Hint: if possible, with "easy-to-remember commands".

Best Answer

With systemd we got journalctl which easily allows fine grained filtering like this:

journalctl --since "2 days ago"   
journalctl --since "2019-03-10" --until "2019-03-11 03:00"
journalctl -b # last boot 
journalctl -k # kernel messages
journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
journalctl -u sshd # by unit 
journalctl _UID=1000 # by user id

Examples can be combined!

Related Question