红帽全球峰会此内容没有您所选择的语言版本。
Chapter 3. Reviewing and filtering logs in the web console
The Red Hat Enterprise Linux web console provides a graphical interface for accessing, reviewing, and filtering logs. You can use the most common functions without memorizing the corresponding commands and options.
3.1. Reviewing logs in the web console
You can quickly access and examine system logs by using the RHEL web console’s dedicated Logs section. This graphical interface helps centralize log monitoring for various system functions across the host and provides a UI for the journalctl utility.
Prerequisites
You have installed the RHEL 10 web console.
For instructions, see Installing and enabling the web console.
Procedure
- Log in to the RHEL 10 web console.
- Click Logs.
- Open log entry details by clicking on your selected log entry in the list.
Next steps
- After clicking to expand the menu, you can use the button to pause new log entries from appearing. Once you resume new log entries, the web console loads all log entries that are reported after you use the button.
- You can filter the logs by time, priority, or identifier. For more information, see Reviewing and filtering logs in the web console.
3.2. Filtering logs in the web console
You can filter system logs directly in the RHEL web console based on time range, priority, or specific identifiers. This capability helps administrators focus only on critical messages for targeted troubleshooting.
Prerequisites
You have installed the RHEL 10 web console.
For instructions, see Installing and enabling the web console.
Procedure
- Log in to the RHEL 10 web console.
- Click Logs.
- Click .
- To change the default log filtering, use the Time, Priority, and Identifier drop-down menus.
Optional: By default, the web console shows the latest log entries. To filter by a specific time range, click the button.
- Click the button (right pointing arrow) to apply your filters.
- To open a log entry, click the selected log entry.
With the text search syntax and options available in the RHEL web console, you can filter logs effectively. This enables high precision when searching for specific errors or keywords across extensive system logs.
The text search option functionality provides a wide variety of options for filtering logs. If you decide to filter logs by using the text search, you can use the predefined options that are defined in the three drop-down menus, or you can type the whole search yourself.
- Drop-down menus
You can use three drop-down menus to specify the main parameters of your search:
- Time: This drop-down menu contains predefined searches for different time ranges of your search.
-
Priority: This drop-down menu provides options for different priority levels. It corresponds to the
journalctl --priorityoption. The default priority value is Error and above. It is set every time you do not specify any other priority. -
Identifier: In this drop-down menu, you can select an identifier that you want to filter. Corresponds to the
journalctl --identifieroption.
- Quantifiers
- You can use six quantifiers to specify your search. They are covered in the Options for filtering logs table.
- Log fields
- To search for a specific log field, you can specify the field together with its content.
- Free-form text search in log messages
- You can filter any text string of your choice in the log messages. The string can also be in the form of a regular expression.
Example 3.1. Logs filtering based on time
Filter all log messages identified by 'systemd' that happened since October 22, 2020 midnight and journal field 'JOB_TYPE' is either 'start' or 'restart.
-
Type
identifier:systemd since:2020-10-22 JOB_TYPE=start,restartto search field. Check the results.
Example 3.2. Logs containing error and fail messages
Filter all log messages that come from 'cockpit.service' systemd unit that happened in the boot before last and the message body contains either "error" or "fail".
-
Type
service:cockpit boot:-1 error|failto the search field. Check the results.
You can filter logs according to different parameters by using the text search box in the web console. The search combines the usage of the filtering drop-down menus, quantifiers, log fields, and free-form string search.
Prerequisites
You have installed the RHEL 10 web console.
For instructions, see Installing and enabling the web console.
Procedure
- Log in to the RHEL 10 web console.
- Click Logs.
Use the drop-down menus to specify the three main quantifiers - time range, priority, and identifier(s) - you want to filter.
The Priority quantifier must have a value. If you do not specify a value, it automatically filters the Error and above priority. The options you set reflect in the text search box.
Specify the log field you want to filter.
You can add several log fields.
- You can use a free-form string to search for anything else. The search box also accepts regular expressions.
3.5. Options for filtering logs
Review the various options available for filtering system logs in the RHEL web console. Options include time range, priority, identifier, and customized text search fields.
You can use journalctl options for filtering logs in the web console. Some of these options are provided as parts of the drop-down menus in the web console interface.
| Option name | Usage | Notes |
|---|---|---|
|
| Filters output by message priorities. Takes a single numeric or textual log level. The log levels are the usual syslog log levels. If a single log level is specified, all messages with this log level or a lower and more important log level are shown. | Covered in the Priority drop-down menu. |
|
| Shows messages for the specified syslog identifier SYSLOG_IDENTIFIER. Can be specified multiple times. | Covered in the Identifier drop-down menu. |
|
| Shows only the most recent journal entries, and continuously prints new entries as they are appended to the journal. | Not covered in a drop-down. |
|
|
Shows messages for the specified |
Is not covered in a drop-down. Corresponds to the |
|
| Shows messages from a specific boot. A positive integer looks up the boots starting from the beginning of the journal, and an equal-or-less-than-zero integer looks up boots starting from the end of the journal. Therefore, 1 means the first boot found in the journal in chronological order, 2 the second, and so on; while -0 is the last boot, -1 the boot before last, and so on. | Covered only as Current boot or Previous boot in the Time drop-down menu. You must specify other options manually. |
|
| Starts showing entries on or newer than the specified date, or on or older than the selected date. Date specifications should be of the format "2012-10-30 18:17:16". If the time part is omitted, "00:00:00" is considered. If only the seconds component is omitted, ":00" is assumed. If the date component is omitted, the current day is assumed. Alternatively, the strings "yesterday", "today", "tomorrow" are understood, which refer to 00:00:00 of the day before the current day, the current day, or the day after the current day. "now" refers to the current time. Finally, relative times might be specified, prefixed with "-" or "+", referring to times before or after the current time. | Not covered in a drop-down. |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}