Is there a list of /var/log/messages event level keywords stored in a system file somewhere in CentOS 7 that would show all the possible “strings” to search for when grep’ing through /var/log/messages, or dmesg, etc?
I want to use a script for searching the most common or ALL possible events like err, error, failed, warning, kernel, etc.
Also, are the possible events different for logfiles messages, dmesg, cron, etc, or are the event keyswords all alike through the different log files?
The log priority is not stored in
/var/log/messages at all.
Like its predecessors,
rsyslog uses the priority as a hint to determine where to route any given log message. By default, it does not log the priority itself.
However, the systemd journal does log the priority (and keeps a lot of other interesting metadata). You can use the
-p option to
journalctl to narrow down log messages by priority.
-p, --priority= Filter output by message priorities or priority ranges. Takes either a single numeric or textual log level (i.e. between 0/"emerg" and 7/"debug"), or a range of numeric/text log levels in the form FROM..TO. The log levels are the usual syslog log levels as documented in syslog(3), i.e. "emerg" (0), "alert" (1), "crit" (2), "err" (3), "warning" (4), "notice" (5), "info" (6), "debug" (7). If a single log level is specified, all messages with this log level or a lower (hence more important) log level are shown. If a range is specified, all messages within the range are shown, including both the start and the end value of the range. This will add "PRIORITY=" matches for the specified priorities.
journalctl man page for all of the ways in which you can search the journal.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.