Search the entire maillog archive

[ofcalcul]

How can I search through the entire maillog archive for a line containing a specific word?
I use "cat /var/log/maillog |grep myword" for searching in the current log but I don't know how to search through the archived logs as well.

Thanks,
Cristian

 

[KenCunningham]

What are the archived logs called? Incidentally:

grep myword /var/log/maillog

is the same as your command above, dispensing with the need to cat the file.

 

[motoslide]

It could be as simple as this:
for i in `ls /var/log/maillog*`
do
echo $i >>outfile
grep myword $i >>outfile
done

You may need to quote "myword" if it contains characters the shell might try to interpret.

 

[zeland]

Your archived logs would be suffixed with .1 .2 .3 & .4. You just need to put an extra * to your command. i.e:

cat /var/log/maillog* | grep myword



--== Anything can go wrong. It's just a matter of how far wrong it will go till people think its right. ==--

 

[mrballcb]

Many distros compress the rotated logfiles, normally with gzip. In that case, use gzip to decompress it (-d) but tell it not to write the uncompressed file, instead send it to stdout (-c):

for LOG in `ls /var/log/maillog*.gz`
do
  echo ${LOG} 
  gzip -dc ${LOG} | grep myword
done

The gzip package also comes with a nifty little utility called zcat which does the same thing as gzip -dc. You could use zcat in place of gzip -dc in the code snippet above if you preferred.