Home > Utility > Searching GZipped Log Files

Searching GZipped Log Files

I have a few handy scripts for searching through log files, especially monitoring SSH login attempts. I cannot just grep through log files however, because the log files get “rolled”: compressed, and archived.

rob@kanga:/var/log $ ls -lh system.log*
-rw-r-----@ 1 root  admin   289K Mar 18 17:16 system.log
-rw-r-----  1 root  admin    79K Mar 18 00:00 system.log.0.gz
-rw-r-----  1 root  admin    39K Mar 17 00:02 system.log.1.gz
-rw-r-----  1 root  admin    36K Mar 16 00:02 system.log.2.gz
-rw-r-----  1 root  admin    35K Mar 15 00:02 system.log.3.gz
-rw-r-----  1 root  admin    25K Mar 14 00:01 system.log.4.gz
-rw-r-----  1 root  admin    69K Mar 13 00:01 system.log.5.gz
-rw-r-----  1 root  admin    68K Mar 12 00:01 system.log.6.gz
rob@kanga:/var/log $

Suppose you want to grep through your log files for SSH login activity, you can do it like this:

rob@kanga:/var/log $ { cat /private/var/log/system.log ; gunzip -c /private/var/log/system.*.gz ; } | grep sshd | wc -l
   11364
rob@kanga:/var/log $

The magic happens in the curly braces, which concatenates the standard output of all enclosed commands. Be sure to include a semicolon after the last command, right before the closing curly brace.

An even shorter example:

rob@kanga:/var/log $ { echo hello ; echo world ; } | cat -n
     1	hello
     2	world
rob@kanga:/var/log $
Categories: Utility Tags: , , , , , ,
  1. May 23rd, 2015 at 16:36 | #1

    As mentioned, you will need to now press the power button. Some of the touchscreen is resistive type although
    some from the touchscreen is capacitive sort. Following the upgrade,
    turn the phone off, then back on.

  1. October 22nd, 2014 at 10:29 | #1