April 19, 2019

Sawing Linux Logs with Simple Tools - page 3

Good Ole grep

  • September 20, 2004
  • By Carla Schroder

The syslog--/var/log/syslog--is a dumping ground for log entries from all kinds of daemons, such as Samba and cron:

$ grep -i samba /var/log/syslog
Sep 13 08:50:47 windbag nmbd[1123]:   become_logon_server_success: Samba is now a 
logon server for workgroup HOMENET on subnet
Sep 13 08:50:51 windbag nmbd[1123]:   Samba server WINDBAG is now a domain master 
browser for workgroup HOMENET on subnet
Sep 13 08:51:06 windbag nmbd[1123]:   Samba name server WINDBAG is now a local 
master browser for workgroup HOMENET on subnet

$ grep -i cron /var/log/syslog

Aug 18 21:18:01 windbag /USR/SBIN/CRON[1752]: (amavis) CMD (test -e /usr/bin/sa-
learn && test -e
 /usr/sbin/amavisd-new && /usr/bin/sa-learn �rebuild >/dev/null 2>&1)

These two snippets demonstrate that you can verify that certain Samba functions are working correctly, and that your cron jobs are running when you want.

Another useful item in /var/log/syslog is those strange-looking MARK messages:

Sep 13 19:10:30 windbag � MARK �
Sep 13 19:30:30 windbag � MARK �
Sep 13 19:50:30 windbag � MARK �

This is where you find out if your system rebooted during the night when it wasn't supposed to; the MARK sequence will be interrupted, and you'll see shutdown and startup messages.

Next month's Scripting Clinic will show how to set up automated email alerts, so when something nasty that requires your attention shows up in your logs, you won't be left in the dark.


  • See the man pages for grep, cut, and wc.
  • Linux in a Nutshell, by Ellen Siever, is my #1 indispensable Linux command reference

[Editor's Note: This article originally appeared on CrossNodes, a JupiterWeb site. -BKP]

Most Popular LinuxPlanet Stories