seeking (linux) messages (log)

Posted on by

So they (a vendor) wants you to look if an application failure has a system cause?

You reported an issues on 01-11-2021 06:00. You are intersted on what happened around 6:00 A.M. that day. Raffly

# cd /var/log
# head messages #what's the oldest
Oct 31 03:06:01 apz-sagb1p rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-57.el7_9.1" x-pid="1697" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
# grep -E "^Nov\s{1,2}1 " messages | wc -l #how many records 
2873
# grep -E "^Nov\s{1,2}1 05:" messages | tail #last at 5 A.M.
Nov 1 05:37:22 the-host adclient[1870]: INFO AUDIT_TRAIL|Centrify Suite|Trusted Path|1.0|2700|Trusted path granted|5|user=the-host$@THE-DOMIAN.NET pid=1870 utc=1635741442012 centrifyEventID=23700 DASessID=N/A DAInst=N/A status=GRANTED server=ldap/vdz0dc0001.the-domian.net@THE-DOMIAN.NET
Nov 1 05:40:01 the-host systemd: Created slice User Slice of root.
Nov 1 05:40:01 the-host systemd: Started Session 236 of user root.
Nov 1 05:40:01 the-host systemd: Removed slice User Slice of root.
Nov 1 05:40:46 the-host adclient[1870]: INFO AUDIT_TRAIL|Centrify Suite|Trusted Path|1.0|2700|Trusted path granted|5|user=the-host$@THE-DOMIAN.NET pid=1870 utc=1635741646815 centrifyEventID=23700 DASessID=N/A DAInst=N/A status=GRANTED server=ldap/an-ldap-srv.the-domian.net@THE-DOMIAN.NET
Nov 1 05:50:01 the-host systemd: Created slice User Slice of root.
Nov 1 05:50:01 the-host systemd: Started Session 237 of user root.
Nov 1 05:50:01 the-host systemd: Removed slice User Slice of root.
Nov 1 05:51:01 the-host adclient[1870]: INFO AUDIT_TRAIL|Centrify Suite|Trusted Path|1.0|2700|Trusted path granted|5|user=the-host$@THE-DOMIAN.NET pid=1870 utc=1635742261852 centrifyEventID=23700 DASessID=N/A DAInst=N/A status=GRANTED server=ldap/vdz0dc0001.the-domian.net@THE-DOMIAN.NET
Nov 1 05:51:01 the-host adclient[1870]: INFO AUDIT_TRAIL|Centrify Suite|Trusted Path|1.0|2700|Trusted path granted|5|user=the-host$@THE-DOMIAN.NET pid=1870 utc=1635742261889 centrifyEventID=23700 DASessID=N/A DAInst=N/A status=GRANTED server=ldap/an-ldap-srv.the-domian.net@THE-DOMIAN.NET
# grep -E "^Nov\s{1,2}1 06:" messages | head #first at 6 A.M.
Nov 1 06:00:01 hostanme systemd: Created slice User Slice of root.
Nov 1 06:00:01 hostname systemd: Started Session 238 of user root.
Nov 1 06:00:01 hostname systemd: Removed slice User Slice of root.
Nov 1 06:00:18 hostname somethingd: CEF:0|YOUR APPLICATION....
grep -E "^Nov\s{1,2}1 06:[0-1]" messages | cut -c1-120 #first 19 minutes and cut long lines