Search Logs with grep, find, and tail
Learn how to search project logs by scope, time, and symptom so debugging starts from evidence.
Ladder steps
Each step should prove one idea before the project asks for the next one.
Examples to inspect
Use examples to read signals, not as blind recipes.
Read recent Nginx errors
tail -80 /var/log/nginx/error.log
Expected signal: Recent timestamped error lines
Search for a symptom
grep -RIn "permission denied" /var/log 2>/dev/null | head
Expected signal: File names and line numbers with matches
Caution: Broad searches can be expensive on large log trees.
Find recently changed log files
find /var/log -type f -mtime -1 | head
Expected signal: Log file paths modified recently
Common traps
- Searching the whole filesystem first.
- Ignoring timestamps.
- Copying private tokens or credentials from logs into public chats.
Practice task
Given a failing service name, list three bounded commands you would run before opening a huge log.
Next steps
- Learn systemd service logs.
- Learn Nginx error log checks.
- Learn disk usage and journal size.
Practice ladder
- Near-Copy Rebuild: Recreate one example, decision path, or worked explanation from Search Logs with grep, find, and tail. Keep most givens the same, then apply, explain, and check while naming each cue you used. Use the lesson's table, example block when it helps.
- One-Change Transfer: Change exactly one condition, number, input, symptom, material, or constraint from the near-copy case. Then apply, explain, and check again and explain what changed.
- Mixed Review Set: Interleave this topic with one prerequisite or adjacent idea. Write three short prompts: one recall, one application, and one comparison.
- Find And Fix The Error: Invent a plausible wrong answer, unsafe step, invalid assumption, or bad classification. Mark the first point where it goes wrong, then correct it using the lesson's check.
Flashcard preview
Why start with tail?
It bounds the read and shows recent evidence before broad searches.
What does the 'Bound the read' step prove?
Start with a small recent window. Check: tail shows recent lines without flooding the terminal.
What does the 'Filter by symptom' step prove?
Use grep for exact errors, service names, or status codes. Check: The match should answer a specific question.
What does the 'Find candidate files' step prove?
Use find to locate logs by name or modified time. Check: The result narrows which logs matter.
What does the 'Preserve context' step prove?
Use context flags when one line alone is not enough. Check: grep -C shows surrounding lines.
When would you use `tail -80 /var/log/nginx/error.log`?
Use it to read recent nginx errors. Expected signal: Recent timestamped error lines
Downloadable study pack
Export the same ladder as a plain Markdown note or Anki-compatible TSV. Commands and code blocks stay plain so they work in local notes.
Related paths
Study pack check passed. Notes, cards, examples, and practice tasks are meant to keep the ladder useful outside the page.
Continue learning this topic
Use this page as part of a project path, not as a one-off article. Save the note, review the cards, try the practice task, then choose the next ladder based on what your project exposes.
Study assets
Project context
- Deploy a Static Site on a VPS
- Browse Software and Linux
- Next ladder clue: Learn systemd service logs.
Related references
Buy me a coffee for more maker ladders
TopicLadder is free to read. Support helps turn rough project paths into useful notes, cards, videos, and practice tasks.