[HowTo] Use grep / egrep to filter syslog messages

When you work with Linux and need to configure server, you are often confronted to check server’s logs which are stored in /var/log/syslog. The problem is that this file contains logs of many applications. Here is an example of the content of syslog.

tail -f /var/log/syslog

 The -f parameter allow to run the command infinitely to see each new logs.

Now, let’s imagine that you only need to see the logs generated by slapd and the dhclient. You can use pipe and grep or egrep command to add display filter like this:

tail -f /var/log/syslog | grep "slapd\|dhclient"

or with egrep:

tail -f /var/log/syslog | egrep "slapd|dhclient"

The pipe | permits to “give” the output of the first command (tail -f /var/log/syslog) to the next command (grep, egrep) as input and grep or egrep will filter the lines with “slapd” or “dhclient” word. You can of course add many filter as you want. The syntax is the following:

tail -f /var/log/syslog | grep "word1\|word2\|word3\|word n"
tail -f /var/log/syslog | egrep "word1|word2|word3|word n"

Update : 26.08.2014 : Add egrep version : Thanks to Rainer Sokoll for his comment about egrep !

Bookmark the permalink.


    • Cyrill Gremaud

      Thanks a lot but can you explain in detail your command please ? maybe if it is useful or fun, i will update my article with your content 🙂

  1. Thank you. It is interesting for me.

    • Cyrill Gremaud

      Thank you very much for your appreciation ! Don’t hesitate to tell me your comments or suggestion 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.