opened image

How to view and filter Ubuntu server logs


Server logs are a key element for a system administrator to monitor activity on a server. Ubuntu 20.04 uses the built-in systemd journal tool to keep track of what's going on in the system. In this article, we will look at how to view Ubuntu 20.04 server logs and how to filter them by time, IP address, and other criteria.

Step 1: Accessing the logs

The initial step will be access to the logs, which contain data on server activity. Ubuntu 20.04 uses the journalctl tool to work with logs. To access the logs, run the following command:

 

journalctl

 

This command will open the logs and display the latest entries. To view more entries, you can use the -n option to specify the number of entries to display. For example, to show the last 100 entries, run the command:

 

journalctl -n 10

 

Step 2: Filtering Logs

To filter the logs by a specific IP address or time interval, various options can be used.

Filtering by IP address:

To filter logs by IP address, you must use the -a option to specify the IP address to filter. For example, to filter logs by IP address 192.168.1.1, you should run the command:

journalctl -a _SYSTEMD_UNIT=httpd.service _COMM=httpd | grep '192.168.1.1'

This command will filter the logs based on the IP address 192.168.1.1, showing only entries containing that IP address.

Filtering by time:

To filter the logs by time period, you can use the -S (indicating the start time) and -U (indicating the end time) options. For example, to filter logs for the last 24 hours, run the command:

 

journalctl --since "yesterday" --until "now"

 

Step 3: Monitor logs in real time

To monitor the logs in real time, you can use the -f option, which displays new entries in the logs as they appear. For example, to monitor server logs in real time, you should run the command:

 

journalctl -f

This command displays new entries in the logs as they appear, allowing you to quickly respond to emerging problems in the system.

 

Step 4: Export logs

To export logs to a file, you can use the -o option, which specifies the export format and the path to the file. For example, to export logs in CSV format to the /var/log/access_log.csv file, run the command:

journalctl -o json | jq -r '[.PRIORITY, .MESSAGE, ._PID] | @csv' > /var/log/access_log.csv

 

This command exports the logs in CSV format and saves them to the /var/log/access_log.csv file.

 

Step 5: Clean Up Old Entries

Server logs can take up a significant amount of disk space over time. To clean up the logs and remove old entries, you can use the --vacuum-size option, which removes entries so that the total size of the logs does not exceed the specified size. For example, to delete entries in the logs so that their size does not exceed 1 GB, you should run the command:

journalctl --vacuum-size=1G

 

This command will delete old log entries so that their size does not exceed 1 GB.

 

In conclusion, Ubuntu 20.04's built-in systemd journal tool is a powerful tool for monitoring server logs. It offers convenient features for viewing, filtering, real-time monitoring, exporting and cleaning logs. Proper use of this tool can greatly facilitate the work of the system administrator, allowing him to quickly respond to problems and ensure reliable and stable server operation. Keep in mind that regular log checking and analysis are key aspects of effective server management.