KB Article #175687

Search for a text string in a very large number of history log files

Problem

The $FILEDRIVEHOME/var/db/hist/log-entry can become very large over time and simply using grep to search in it is not possible.


Resolution

You can use the following command to search for a given string:


find ./ -name "*2018*" -print0 | xargs -0 -n1 -P8 grep -H "Failed login attempt on" >> /tmp/outputlogfile

NOTE: The command above is executed from $FILEDRIVEHOME/var/db/hist/log-entry.


This command will search for Failed login attempt on in all files from the year 2018 and direct the output to /tmp/outputlogfile


To further fine-grain the search you can change the name parameter:


-name "*201801*" -> January 2018

-name "*20180120*" -> the 20th of January 2018

-name "*2018012014*" -> 2 pm on the 20th of January 2018

-name "*201801201450*" -> 2:50 pm on the 20th of January 2018


Additional notes:


To search in compresses files (.gz) substitute grep with zgrep

Still need help?

If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible.