Want to read the log but get overwhelmed with the result, then you can filter the log result on the basis of a date range using commands like grep, awk, and sed.

Simplely doing cat to read log files is a basic way to inspect log files, but when you want to filter data in an organized way, like based on date, then grep, awk, and sed are the tools of the hour.

The awk is a popular command-line tool used to manipulate data in files and generate a report based on a given pattern in the Linux system.

While grep is a simple pattern tool that searches patterns using a regular expression in a file, it is much easier compared to the sed and awk commands.

But you cannot forget sed, which is also known as a stream editor and performs various operations on an input file, like searching and replacing the characters with new ones.

So, let’s see how we can use this tool to extract information on the basis of a date range from the /var/log/syslog file.

Filter Logs on Basis of Date using awk Command

Now open your system terminal window and use the following command syntax to shortlist log messages from a particular date to a certain range by replacing with your choice of value.

command to extract a range of lines from a log file based on a specific pattern.

Command Syntax:

$ sudo awk '/Start-Month DD/,/End-Month DD/' /log-file-path

For example if

$ awk -v start=00:00 -v stop=09:00 'start <= $2 && $2 < stop' file.log

$ sudo awk -v start=07:00 -v stop=19:00 'start <= $2 && $2 < stop' /var/log/syslog

Output

Dec 11 19:39:19 LINUX dbus-daemon[2742]: [session uid=1000 pid=2742] Activating via systemd: service name='org.freedesktop.Tracker1' unit='tracker-store.service' requested by ':1.3' (uid=1000 pid=2740 comm="/usr/libexec/tracker-miner-fs " label="unconfined")
Dec 11 19:39:19 LINUX systemd[2727]: Starting Tracker metadata database store and lookup manager...
Dec 11 19:39:19 LINUX systemd[1]: session-23.scope: Succeeded.
Dec 11 19:39:19 LINUX dbus-daemon[2742]: [session uid=1000 pid=2742] Successfully activated service 'org.freedesktop.Tracker1'

Replace start=HH: MM with starting hour and minute, stop=HH: MM with final hour and minute.

If you want to check the log more easily and simple way, then you can follow the grep command utility.

I’ll show a few examples using grep like I want to check the log for Today, then I’ll pass below command.

Syntax

$ sudo grep -E "pattern" logfile

$ sudo grep -E "Dec 11" /var/log/syslog

Output

Dec 11 12:07:35 LINUX /usr/libexec/gdm-x-session[1231]: (==) Log file: "/var/lib/gdm3/.local/share/xorg/Xorg.0.log", Time: Fri Dec 11 12:07:35 2020
Dec 11 12:08:39 LINUX /usr/libexec/gdm-x-session[2812]: (==) Log file: "/home/shen/.local/share/xorg/Xorg.1.log", Time: Fri Dec 11 12:08:39 2020
Dec 11 12:09:04 LINUX gnome-shell[3019]: GNOME Shell started at Fri Dec 11 2020 12:08:55 GMT+0530 (IST)
Dec 11 14:24:41 LINUX /usr/libexec/gdm-x-session[1208]: (==) Log file: "/var/lib/gdm3/.local/share/xorg/Xorg.0.log", Time: Fri Dec 11 14:24:41 2020
Dec 11 14:25:13 LINUX /usr/libexec/gdm-x-session[2783]: (==) Log file: "/home/shen/.local/share/xorg/Xorg.1.log", Time: Fri Dec 11 14:25:13 2020
Dec 11 14:25:40 LINUX gnome-shell[3049]: GNOME Shell started at Fri Dec 11 2020 14:25:31 GMT+0530 (IST)

Now we will explain to you how this command work “grep”. A grep is used to search regular patterns in the provided file.

The Parameters -E is called extended -regexp that is used to set pattern and last you need to provide log file or log directory.

To get data between a range of date examples from 01 Dec to 10 Dec, use the below command.

Syntax

$ sudo grep -E "pattern1 | pattern 2" logfile

$ sudo grep -E "Dec 1|Dec 10" syslog

Output

Dec 11 19:48:04 LINUX systemd[1]: Starting Hostname Service...
Dec 11 19:48:04 LINUX dbus-daemon[856]: [system] Successfully activated service 'org.freedesktop.hostname1'
Dec 11 19:48:04 LINUX systemd[1]: Started Hostname Service.
Dec 11 19:48:34 LINUX systemd[1]: systemd-hostnamed.service: Succeeded.
Dec 11 19:50:01 LINUX CRON[39178]: (shen) CMD (~/duckdns/duck.sh >/dev/null 2>&1)
Dec 11 19:51:58 LINUX dbus-daemon[856]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.320' (uid=1000 pid=38994 comm="/usr/bin/gnome-screenshot --gapplication-service " label="unconfined")
Dec 11 19:51:58 LINUX systemd[1]: Starting Hostname Service...
Dec 11 19:51:58 LINUX dbus-daemon[856]: [system] Successfully activated service 'org.freedesktop.hostname1'
Dec 11 19:51:58 LINUX systemd[1]: Started Hostname Service.

Filter Logs on Basis of Date using sed Command

The above you learned how to filter log using awk and grep command, now lets take hand on sed command to filter the log with a specific date pattern.

Here the command the syntax is pretty simple you just need to have date from where you want to filter log and the end date.

Syntax

$ sudo sed -n '/START-DATE/,/END-DATE/p' logfile

• -n
• /pa

To get data between a range of dates with certain time examples from 11 Dec 18:45:06 to 11 Dec 19:00:01, use the below command.

$ sudo sed -n '/Dec 11 18:45:06 /,/Dec 11 19:00:01/p' /var/log/syslog

Output

Dec 11 18:45:06 LINUX dbus-daemon[856]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.301' (uid=1000 pid=35830 comm="/usr/bin/gnome-screenshot --gapplication-service " label="unconfined")
Dec 11 18:45:06 LINUX systemd[1]: Starting Hostname Service...
Dec 11 18:45:06 LINUX dbus-daemon[856]: [system] Successfully activated service 'org.freedesktop.hostname1'
Dec 11 18:45:06 LINUX systemd[1]: Started Hostname Service.
Dec 11 18:45:36 LINUX systemd[1]: systemd-hostnamed.service: Succeeded.
Dec 11 18:47:22 LINUX dbus-daemon[856]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.303' (uid=1000 pid=35830 comm="/usr/bin/gnome-screenshot --gapplication-service " label="unconfined")
Dec 11 18:47:22 LINUX systemd[1]: Starting Hostname Service...
Dec 11 18:47:22 LINUX dbus-daemon[856]: [system] Successfully activated service 'org.freedesktop.hostname1'
Dec 11 18:47:22 LINUX systemd[1]: Started Hostname Service.
Dec 11 18:47:52 LINUX systemd[1]: systemd-hostnamed.service: Succeeded.
Dec 11 18:50:01 LINUX CRON[36057]: (shen) CMD (~/duckdns/duck.sh >/dev/null 2>&1)
Dec 11 18:55:01 LINUX CRON[36206]: (shen) CMD (~/duckdns/duck.sh >/dev/null 2>&1)
Dec 11 19:00:01 LINUX CRON[36473]: (shen) CMD (~/duckdns/duck.sh >/dev/null 2>&1)

We will explain how this command work “sed” is a stream editor used to search, remove, replace, insert, and other functions.

The -n parameter with sed will not print the output of each line. Now the /pattern1/,/pattern2/ will be the expression

In the last -p parameters suggest sed verify the next expression according to a given pattern

After all this you need to provide the log file or log file location.

[Bonus] Filter System Log on Basis of Date and Other Factors using journalctl

Above you learn how to use grep, awk and sed to filter log, but now I’ll introduce you a new tool which is a part of systemd service manager.

A journactl command which allow you to filter log with various different parameters without memorizing long and complex command .

Some of the command syntax which I found on StackOverflow related to journactl command are here.

$ journalctl --since "2 days ago"  
$ journalctl --since "today"
$ journalctl --since "yesterday" --until "today" 
$ journalctl --since "2019-03-10" --until "2019-03-11 03:00"

Even you can shortlist warning, error and info message with the below command just replace the “err” with any one of the following emerg, alert, crit, warning, info, and debug priority

$ journalctl -p err --since=today

This command is only useful if you want to explore and filter system log, but for other logs you cannot use this.

If you have any query and issue related to the Date filter. Feel free to ask your query in the comment section