$ Linux One Liners
Back to commands

Cybersecurity Triage

Read-only, can be slow

Find Warnings in Apt Terminal Logs

A patch run completed and you need to spot warnings, errors, failed maintainer scripts, or restart clues.

Command

grep -Ei 'warning|error|failed|dpkg' /var/log/apt/term.log

Before you run this

System impact: Read-only. Can create load on large logs, directories, filesystems, or process tables.

When not to use it: Do not treat a quiet grep as a complete health check; also verify services and package state.

Expected output

Matching warning, error, failed, or dpkg-related lines from apt terminal logs.

System impact

Read-only, can be slow. Nothing changes. grep filters the terminal log for warning and failure terms.

May require elevated permissions on protected paths or service-owned files.

Scope this to the smallest useful path or service on busy systems.

Recovery / rollback: no state is changed.

When to use it

Use after unattended-upgrades, manual patching, or package repair to catch non-fatal but important output.

When not to use it

Do not treat a quiet grep as a complete health check; also verify services and package state.

Watch this command run

Command transcript

This sanitized transcript shows the commands and output shape without exposing host details.

demo@lab:~$

$ cat /var/log/apt/term.log

Log started: 2026-06-25  02:10:01
Preparing to unpack .../openssl_3.0.13-0ubuntu3.6_amd64.deb ...
Unpacking openssl (3.0.13-0ubuntu3.6) over (3.0.13-0ubuntu3.5) ...
Setting up openssl (3.0.13-0ubuntu3.6) ...
Warning: service nginx needs restart after library update
Processing triggers for man-db (2.12.0-4build2) ...
Log ended: 2026-06-25  02:10:18

$ grep -Ei 'warning|error|failed|dpkg' /var/log/apt/term.log

Warning: service nginx needs restart after library update
View commands shown

These are the commands shown in the sanitized transcript.

Commands shown

  1. cat /var/log/apt/term.log
  2. grep -Ei 'warning|error|failed|dpkg' /var/log/apt/term.log

next steps

Related commands

Cybersecurity Triage Read-only

Build a Recent Apt Patch Timeline

Apt history turns patch claims into timestamps and package names.

awk '/^(Start-Date|Commandline|Upgrade|End-Date)/ {print}' /var/log/apt/history.log
Linux Survival Basics Can be slow

Find Errors Before Reading Every Log Line

The error was in the log. The problem was finding it without reading noise.

grep -iE 'error|failed|denied|timeout' /var/log/nginx/error.log | tail -40
Linux Survival Basics Can be slow

Find the Exact Log Line Before You Scroll

The error was there. The useful part was knowing exactly where it was.

grep -inE 'error|failed|denied|timeout' /var/log/nginx/error.log
Linux Survival Basics Can be slow

Show Only Recent Errors

The log had old failures too. I only cared about the newest ones.

grep -iE 'error|failed|denied|timeout' /var/log/nginx/error.log | tail -10
Cybersecurity Triage Sensitive output

Redact Secret-Looking Log Lines

Incident notes should not copy secrets forward.

grep -RInEi '(password|token|secret|authorization)' fixtures/incidents | sed -E 's/((password|token|secret)[[:space:]]*[:=])[[:alnum:]_.-]+/\1REDACTED/Ig; s/([Aa]uthorization[[:space:]]*:[[:space:]]*[Bb]earer[[:space:]]+)[[:alnum:]_.-]+/\1REDACTED/g'
Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • lpic1:102-package-management
  • lpic1:103-gnu-unix-commands
  • lpic1:110-security
  • lfcs:essential-commands
  • lfcs:operations-deployment
  • lfcs:security-hygiene
  • linuxplus:automation-scripting
  • linuxplus:provisional
  • linuxplus:system-management
  • risk:read-only

Useful for

  • LPIC-1 style command-line practice
  • LFCS style performance tasks
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.