$ Linux One Liners
Back to lessons

Cybersecurity Triage

Risk: safe

Find Warnings in Apt Terminal Logs

A patch run completed and you need to spot warnings, errors, failed maintainer scripts, or restart clues.

Command

grep -Ei 'warning|error|failed|dpkg' /var/log/apt/term.log

Before you run this

Risk: safe. Do not treat a quiet grep as a complete health check; also verify services and package state.

Expected output

Matching warning, error, failed, or dpkg-related lines from apt terminal logs.

System impact

Nothing changes. grep filters the terminal log for warning and failure terms.

Recovery / rollback: no state is changed.

When to use it

Use after unattended-upgrades, manual patching, or package repair to catch non-fatal but important output.

When not to use it

Do not treat a quiet grep as a complete health check; also verify services and package state.

Watch this command run

Example output from a temporary Linux lab

This example uses disposable sample files and sanitized output so you can inspect the shape of the result before touching a real system.

demo@lab:~$

$ cat /var/log/apt/term.log

Log started: 2026-06-25  02:10:01
Preparing to unpack .../openssl_3.0.13-0ubuntu3.6_amd64.deb ...
Unpacking openssl (3.0.13-0ubuntu3.6) over (3.0.13-0ubuntu3.5) ...
Setting up openssl (3.0.13-0ubuntu3.6) ...
Warning: service nginx needs restart after library update
Processing triggers for man-db (2.12.0-4build2) ...
Log ended: 2026-06-25  02:10:18

$ grep -Ei 'warning|error|failed|dpkg' /var/log/apt/term.log

Warning: service nginx needs restart after library update
View reproducible demo details

This page shows the sanitized shell transcript and the setup steps needed to reproduce the example.

Lab setup steps

  1. cat /var/log/apt/term.log
  2. grep -Ei 'warning|error|failed|dpkg' /var/log/apt/term.log

next steps

Related commands

Cybersecurity Triage Risk: safe

Build a Recent Apt Patch Timeline

Apt history turns patch claims into timestamps and package names.

awk '/^(Start-Date|Commandline|Upgrade|End-Date)/ {print}' /var/log/apt/history.log
Linux Survival Basics Risk: safe

Find Errors Before Reading Every Log Line

The error was in the log. The problem was finding it without reading noise.

grep -iE 'error|failed|denied|timeout' /var/log/nginx/error.log | tail -40
Linux Survival Basics Risk: safe

Find the Exact Log Line Before You Scroll

The error was there. The useful part was knowing exactly where it was.

grep -inE 'error|failed|denied|timeout' /var/log/nginx/error.log
Linux Survival Basics Risk: safe

Show Only Recent Errors

The log had old failures too. I only cared about the newest ones.

grep -iE 'error|failed|denied|timeout' /var/log/nginx/error.log | tail -10
Cybersecurity Triage Risk: safe

Redact Secret-Looking Log Lines

Incident notes should not copy secrets forward.

grep -RInE '(password=|token=|secret=|Authorization: Bearer)' fixtures/incidents | awk '{gsub(/password=[^ ]+/, "password=REDACTED"); gsub(/token=[^ ]+/, "token=REDACTED"); gsub(/secret=[^ ]+/, "secret=REDACTED"); gsub(/Authorization: Bearer [A-Za-z0-9._-]+/, "Authorization: Bearer REDACTED"); print}'
Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • lpic1:102-package-management
  • lpic1:103-gnu-unix-commands
  • lpic1:110-security
  • lfcs:essential-commands
  • lfcs:operations-deployment
  • lfcs:security-hygiene
  • linuxplus:automation-scripting
  • linuxplus:provisional
  • linuxplus:system-management
  • risk:read-only

Useful for

  • LPIC-1 style command-line practice
  • LFCS style performance tasks
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.