Linux Survival Basics
Read-only, can be slowShow Only Recent Errors
A noisy log contains old and new errors, and you need the most recent likely failures.
Command
grep -iE 'error|failed|denied|timeout' /var/log/nginx/error.log | tail -10Before you run this
System impact: Read-only. Can create load on large logs, directories, filesystems, or process tables.
When not to use it: Do not use it as a complete incident report; it intentionally drops older context.
Expected output
The newest matching failure lines.
System impact
Read-only, can be slow. Nothing changes. The command filters likely failures and keeps the latest matches.
May require elevated permissions on protected paths or service-owned files.
Scope this to the smallest useful path or service on busy systems.
Recovery / rollback: no state is changed.
When to use it
Use this during incident triage when recent failures matter more than old history.
When not to use it
Do not use it as a complete incident report; it intentionally drops older context.
Watch this command run
Command transcript
This sanitized transcript shows the commands and output shape without exposing host details.
$ tail -n 5 /var/log/nginx/error.log
2026/06/25 10:00:01 [notice] 11#11: start worker process
2026/06/25 10:01:42 [error] 11#11: *7 connect() failed (111: Connection refused) while connecting to upstream
2026/06/25 10:02:05 [warn] 11#11: upstream server temporarily disabled
2026/06/25 10:03:16 [error] 11#11: *9 access forbidden by rule, client: 203.0.113.44
2026/06/25 10:04:33 [error] 11#11: *10 upstream timed out while reading response header$ grep -iE 'error|failed|denied|timeout' /var/log/nginx/error.log | tail -10
2026/06/25 10:01:42 [error] 11#11: *7 connect() failed (111: Connection refused) while connecting to upstream
2026/06/25 10:03:16 [error] 11#11: *9 access forbidden by rule, client: 203.0.113.44
2026/06/25 10:04:33 [error] 11#11: *10 upstream timed out while reading response header$ grep -inE 'error|failed|denied|timeout' /var/log/nginx/error.log | tail -10
2:2026/06/25 10:01:42 [error] 11#11: *7 connect() failed (111: Connection refused) while connecting to upstream
4:2026/06/25 10:03:16 [error] 11#11: *9 access forbidden by rule, client: 203.0.113.44
5:2026/06/25 10:04:33 [error] 11#11: *10 upstream timed out while reading response headerView commands shown
These are the commands shown in the sanitized transcript.
Commands shown
tail -n 5 /var/log/nginx/error.loggrep -iE 'error|failed|denied|timeout' /var/log/nginx/error.log | tail -10grep -inE 'error|failed|denied|timeout' /var/log/nginx/error.log | tail -10
next steps
Related commands
Find Errors Before Reading Every Log Line
The error was in the log. The problem was finding it without reading noise.
grep -iE 'error|failed|denied|timeout' /var/log/nginx/error.log | tail -40
Find the Exact Log Line Before You Scroll
The error was there. The useful part was knowing exactly where it was.
grep -inE 'error|failed|denied|timeout' /var/log/nginx/error.log
Watch Logs Without Opening the Whole File
The app was failing now. Opening a giant log file was the wrong move.
tail -n 80 -f /var/log/nginx/error.log
Read Current-Boot Logs for One Service
Ignore stale logs and inspect only what happened since this boot.
journalctl -u nginx -b --no-pager -n 80
Show Context Around the First App Error
The first error often explains more than the last one.
awk '{buf[NR%5]=$0} tolower($0) ~ /(error|exception|fatal)/ {for (i=NR-4;i<=NR;i++) if (i>0) print buf[i%5]; exit}' fixtures/incidents/app.log
Study mapping
Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.
Useful for
- LPIC-1 style command-line practice
- LFCS style performance tasks
- Linux+ style troubleshooting review
Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.