Question Filtering domain logs between dates

[JuanCar]

Server operating system version

Almalinux 9.4

Plesk version and microupdate number

Plesk Obsidian 18.0.62 #1

I wonder if there is any way to filter domain logs between two dates. If I need to see logs from two days ago, I need to go through all the data from today.
Is there any way to go straight to the interval I want to see?
Thanks

 

[La Linea]

Provided you have shell access, the easiest and fastest and most flexible way for this is probably using grep or cat and grep on the command line.

You can pipe the result to less to be able to easily search for whatever might be interesting to you within the output or even write it to a file for further use.


Depending on the logfile(s) you want to go through, you might have to use different date/time formats, but it's basically something like this:

cat </path/to/the/log.file> | grep <string-of-interest> | less -S
... or ...
cat </path/to/the/log.file> | grep <string-of-interest> > ~/a_result_file.log


For apache/nginx access logfiles for example you would have something like this:

when you want to look at a whole day ...
cat /var/www/vhosts/<domain>/logs/access*log | grep "29/Jul/2024" | less -S
... or ...
cat /var/www/vhosts/<domain>/logs/access*log.processed | grep "29/Jul/2024" | less -S

or at a certain hour of that date only ...
cat /var/www/vhosts/<domain>/logs/access*log | grep "29/Jul/2024:15" | less -S
... or ...
cat /var/www/vhosts/<domain>/logs/access*log.processed | grep "29/Jul/2024:15" | less -S


you can also limit the result to only contain a certain IP (or anything else that might be of special interest) ...
cat /var/www/vhosts/<domain>/logs/access*log.processed | grep "29/Jul/2024" | grep "8.8.8.8" | less -S
... or exclude it ...
cat /var/www/vhosts/<domain>/logs/access*log.processed | grep "29/Jul/2024" | grep -v "8.8.8.8" | less -S


With other logfiles, or if your logfiles are configured differently, you might have to adjust the searchstring according to their used date/time format.


apache error logs use a date/time format like "[Sat Jul 06 11:34:42.305846 2024]" so your grep string would have to be adjusted to

cat /var/www/vhosts/<domain>/logs/error_log | grep "Jul 29" | less -S
... or depending on how long the logfiles goes back maybe even ...
cat /var/www/vhosts/<domain>/logs/error_log | grep "Jul 29" | grep " 2024]" | less -S


the nginx error log uses a date/time format like "2024/07/31 07:14:23" which would require your grep string to be something like this

cat /var/log/nginx/access.log | grep "2024/07/29" | less -S
... or ...
cat /var/log/nginx/access.log | grep "2024/07/29 15" | less -S


If you need to do this frequently, you might want to consider writing some functions (for example in ~/.bashrc for /bin/bash) that you can call with a parameter for the searchstring and the domain to look at.


Of course you can use the Plesk GUI and set a date/time in the "From" pulldown to walk through logfiles, but that is as efficient as eating soup with chopsticks ...

Hope this helps!

 

[JuanCar]

Of course, you're right. But gui is easier than command and very confortable to use. So I wonder if I could made logs explorer using a gui.
And I see that it's no posible.
Thanks.