Basically this guide is intended to be a quick reference to the relatively new users who are not easy with using find, locate, du combined with sed, awk, head, tail, unix pipes to find and locate files with some conditions. We can use other GNU tools. We can really extract huge information from log files like we have shown on our guides to check Fail2Ban log (we have a bash script for Fail2Ban log checking derived from it), Apache2 log checking etc. Here is a guide with examples on how to find file on SSH as not always checking log is the thing we need to search.
How To Find File On SSH : Examples With locate
locate is possibly most easy to use tool readily available on Ubuntu. The package is not locate but mlocate on other Linux distro like CentOS :
1 2 3 | yum install mlocate ## deb linux apt install locate |
That locate is originally developed by Miloslav Trmac of Redhat. Here is manual page of locate :
---
1 | https://www.linux.org/docs/man1/locate.html |
locate can not search realtime, but the user needs to run :
1 | sudo updatedb |
to make sure that newest files are in the database. We can run command like to find the file readme :
1 | locate readme |
To get the number of files named readme, we can run :
1 | locate -c readme |
So, if we need to search the Apache log related all files, we can run :
1 | locate apache | grep log |
How To Find File On SSH : Examples With find
We use find to locate a specific file by name or extension. The basic syntax is find . The following example searches for *.log files in the /var/log and all sub-directories :
1 | find /var/log/ -name "*.log" |
The utility find is powerful if you know how to use it, you can do many works. We can change permissions with find as example ( -type d is directory, -type f is files ) :
1 | find /var/log/ -type d -exec chmod +x {} \; |
We can make a list of the :
1 | find /var/log/ -type f \( -iname '*.log' \) > loglist.txt |
You cat later to check that file :
1 | cat loglist.txt |
That function actually locate tool serves – locate has a database. We can find empty file :
1 | find /var/log/ -type f -empty |
We can find conf file which is modified within last 3 days :
1 | find /var/log/ -name "*conf" -mtime 3 |
We can find file which has content 403 inside it :
1 | find /var/log/ -type f -exec grep "403" '{}' \; -print |
We can more filter the above command more to catch the definite bad tries :
1 | find /var/log/ -type f -exec grep "403" '{}' \; -print | grep preauth |
We can find files which are greater than 10MB in size at /var/log/ :
1 | find /var/log/ -size +10M |
To make the above command better, we can list with sizes :
1 | find /var/log/ -type f -size +10M -exec ls -lh {} \; | awk '{ print $NF ": " $5 }' |
The following command finds the top 50 largest files which are sized over 10M, sort by the biggest first :
1 | find / -xdev -type f -size +10M -exec du -sh {} ';' | sort -rh | head -n50 |
How To Find File On SSH : Examples With ls
ls can find files by name! Run this :
1 | ls /var/log | grep sql |
ls can find files by size too! Run this :
1 | ls /var/log -1Rs | sed -e "s/^ *//" | grep "^[0-9]" | sort -nr | head -n20 |
UNIX, Linux systems are matter of how you can use the tools.
How To Find File On SSH : Examples With du
du itself searches for size. Simply list by size :
1 | du -ax /var/log | sort -rn | head -20 |
We can find 10 largest files in /var/log directory with their sizes in GB, MB :
1 | du -ahx /var/log | sort -rh | head -20 |
