Hello,

I'm trying to update some scripts here that parse our system logs daily. They report information just fine... but they just report too much info.

Specifically, if there's been some failed login attempts on several different days (say Monday and Tuesday), when I get the report from Wendsday, I don't want to see Wednesday's info *in addition* to Monday & Tuesday (and so on throughout the week).

This is happening because of this syntax that I've found isn't working:

grep -i fail $LOGDIR/$LOG2 |grep `date |awk '{print $2}' ` | grep `date |awk '{print $3}'

This is giving me information for every day in my logfile... not just on the day the script is running - which is what I prefer.

It seems like if I could make use of this aspect of the date command I'd be ok:

% date '+%C'
Wed May 9 08:23:20 EDT 2007

since the 'May 9' (May, with two spaces and then the 9) is exactly how the syntax of the month/day shows up:

May 9 08:27:10 mysystem sshd2[15562]: [ID 702911 auth.error] auths-pam: PAM subprocess returned packet SSH_PAM_OP_ERROR. (err_num: 9, err_msg: Authentication failed)
May 9 08:27:10 mysystem sshd2[15562]: [ID 702911 auth.notice] Password authentication for user cjones failed (from xxx.xxx.xxx.xxx port 53341).

So... my thinking is that if I could find the right use of the 'date' command then I could use that with a grep to pull out *exactly* what I want out of my logfiles. But it's also possible there's a different way to get the same results.

I'd prefer to do this in a sh/csh script also.

Thanks in advance!

-chris

Thanks for the help... but when I cut/paste just those lines into a bourne shell script I get a 'bad substitution' error message. Here's my simple little script:

#!/bin/sh

day=`date +%d`
dt=`date +%b`" "${day#0}
grep "$dt.*fail" /var/adm/SYSLOG

I figure I'm missing something simple.

-chris

Seems that your shell doesn't support pattern syntax ${day#0}
Try:

Jean-Pierre.

Thanks to all ... I was able to get what I needed with all of your help.

-chris