These are useful search parameters you can specify for viewing log data:
A time period. You can specify the beginning and end of a specific time period to retrieve events from, or you can specify a number of days (before the present) to search. You might typically specify a range to look at logged events leading up to a server crash or other occurrence whose time you know of. Alternatively, you might specify a day range to look at only today’s events in the current log file.
A level of logging. You can specify the logging level (see 184.108.40.206 Logging Levels example, Critical to see why the server went down, or Error to locate failed protocol calls.
A facility. You can specify the facility (see 220.127.116.11 Categories of Logged Events that contains the problem; for example, Store if you believe a server crash involved a disk error, or Protocol if the problem lies in an IMAP protocol command error.
A text search pattern. You can provide a text search pattern to further narrow the search. You can include any component of the event (see 25.4.2 Understanding Service Log File Format search, such as event time, process name, process ID, and any part of the event message (such as remote host name, function name, error number, and so on) that you know defines the event or events you want to retrieve.
Your search pattern can include the following special and wildcard characters:
* Any set of characters (example: *.com)
? Any single character (example: 199?)
[nnn] Any character in the set nnn (example: [aeiou])
[^nnn] Any character not in the set nnn (example: [^aeiou])
[n-m] Any character in the range n-m (example: [A-Z])
[^n-m] Any character not in the range n-m (example: [^0-9])
\ Escape character: place before *, ?, [, or ] to use them as literals
Note: Searches are case-sensitive.
Examples of combining logging level and facility in viewing logs might include the following:
Specifying Account facility (and Notice level) to display failed logins, which may be useful when investigating potential security breaches
Specifying Network facility (and all logging levels) to investigate connection problems
Specifying all facilities (and Critical logging level) to look for basic problems in the functioning of the server