Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] How to narrow down log files by using a keyword or string pattern

0

0

Article ID: KB34406 KB Last Updated: 02 Jun 2019Version: 1.0
Summary:

This article provides some simple tips to scan a set of log files in the /var/log folder by using a keyword and print them in chronological order.

 

Symptoms:

When trying to analyze customer logs, you will find several log files and lines that may take a while to scan through and assess. Some simple commands can be run in the router's shell or on a Linux server to filter all logs and get only the ones that we want to troubleshoot.

 

Solution:

From the shell, use the following commands with a matching keyword or a set of keywords to display files in chronological order. These commands can be run directly from the shell or on a Unix system for offline processing of /var/log files.

  • Scan the message logs to check for a Major alarm:

% ls -tr messages.* | xargs zcat | grep -E 'Major alarm' ; cat messages | grep -E  'Major alarm'
 
  • Scan the message logs to check for lines that match the keyword FPC9 or FPC 9 and filter lines that match the keywords "not powering up."

% ls -tr messages.* | xargs zcat | grep -E 'FPC9|FPC 9' | grep -v 'not powering up' ; cat messages | grep -E 'FPC9|FPC 9' | grep -v 'not powering up'
 
  • Scan the command logs to check for lines that match the keywords offline, online, restart, or halt.

ls -tr commands.* | xargs zcat | grep -E 'offline|online|restart|halt' ; cat commands | grep -E  'offline|online|restart|halt''
 
  • Scan the command logs to check for lines that match "12740014" and filter lines that match the keyword "show."

ls -tr commands.* | xargs zcat | grep -E '12740014' | grep -vE 'show'; cat commands | grep -E  '12740014' | grep -vE 'show'
 
  • Scan the DHCP trace files and check for lines that match the keywords error, failure, bad, missing, or unconfigured.

ls -tr dhcpd.trace.* | xargs zcat | grep -E 'error|failure|bad|missing|unconfigured' ; cat dhcpd.trace | grep -E  'error|failure|bad|missing|unconfigured'
 
  • Scan the authd trace files and check for lines that match "ADDRALLOC FAIL."

ls -tr authd.* | xargs zcat | grep -E 'ADDRALLOC FAIL' ; cat authd | grep -E  'ADDRALLOC FAIL'

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search