How to filter log files with grep

Search and filter Apache, Nginx, and syslog log files for specific errors, IPs, and time ranges using grep.

Step-by-Step: Filter Log Files with grep
1. Find All 500 Errors in Nginx Access Logs
2. Find Requests from a Specific IP Address
3. Filter Syslog for a Specific Service
4. Search Rotated (Compressed) Log Files
Common Issues

Search Nginxaccess logs, Apacheerror logs, and syslog for specific error codes, IP addresses, and time ranges using grep.

Step-by-Step: Filter Log Files with grep

1. Find All 500 Errors in Nginx Access Logs

grep '" 500 ' /var/log/nginx/access.log

The pattern " 500 " matches the HTTP status code field in Nginx's combined log format, surrounded by spaces to avoid matching port numbers.

2. Find Requests from a Specific IP Address

grep "203.0.113.50" /var/log/nginx/access.log

3. Filter Syslog for a Specific Service

grep "sshd" /var/log/auth.log | grep "Failed password"

This pipeline filters the SSH authentication log for failed password attempts. Each matching line includes the source IP, username, and timestamp.

4. Search Rotated (Compressed) Log Files

zgrep "error" /var/log/syslog.*.gz

The zgrep command searches gzip-compressed files without decompressing them first. Use zgrep for logs rotated by Logrotate.

Common Issues

grep is slow on very large log files— Use grep -F (fixed string mode) instead of regex for literal patterns. Fixed string matching is significantly faster than regex matching on multi-gigabyte files.