Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Collecting logs between two time stamps
Top Forums Shell Programming and Scripting Collecting logs between two time stamps Post 302939822 by Don Cragun on Sunday 29th of March 2015 07:04:16 PM
Old 03-29-2015
Most log files have dates and times in monotonically non-decreasing order. Yours does not.
Code:
15:59:07
15:59:08
15:59:0
15:59:08
15:59:07
16:05:07
16:06:010
16:15:07

Most log files have timestamps in a consistent format. Yours does not.
Code:
15:59:0
15:59:08
16:06:010

Assuming that comma and space are field delimiters, is the date field on lines that contain dates always field 9?

Since timestamps aren't in order, how are we supposed to guess what date should apply to a line that does not have a date?

What is supposed to happen to log file lines that do not have a date or timestamp?

What output are you hoping to produce for the sample input you provided?
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

comparing time stamps

Hello All, I'm generating timestamps (file creation timestamps) for all the files in a directory. I need to compare all the timestamps. for example if i have 4 files and their timestamps are 20091125114556, 20091125114556,20091125114556,20091125114556 respectively. I need to differentiate... (1 Reply)
Discussion started by: RSC1985
1 Replies

2. Shell Programming and Scripting

comparing time stamps

Hello All, I'm generating timestamps (file creation timestamps) for all the files in a directory. I need to compare all the timestamps. for example if i have 4 files and their timestamps are 20091125114556, 20091125114556,20091125114556,20091125114556 respectively. I need to differentiate... (9 Replies)
Discussion started by: RSC1985
9 Replies

3. Red Hat

Collecting logs by running command

Hi, i am a general user of linux but we work mostly on windows next i am moving full time on linux. here is my question: We have product which consist or several subsystem each subsystem has one module to create logs file dump. and i am going to write that support dump tool. we need to... (3 Replies)
Discussion started by: ajayyadavmca
3 Replies

4. Shell Programming and Scripting

Time difference between two time stamps

Hi Friends, I have 2 varaibles which contain START=`date '+ %m/%d/%y %H:%M:%S'` END=`date '+ %m/%d/%y %H:%M:%S'` i want the time difference between the two variables in Seconds. Plz help. (2 Replies)
Discussion started by: i150371485
2 Replies

5. Shell Programming and Scripting

date time stamps in bash

I'm looking for a way to have the "date" command output the date in a specific format. I'm not familiar with the different ways to use the date command at all. i read up on it, but i dont get how to manipulate it. i know that i can get the date format to give me a format like: 2012-10-13... (6 Replies)
Discussion started by: SkySmart
6 Replies

6. Shell Programming and Scripting

Increment time stamps.

Hi Gents. Please can you help me to solve a problem. I have a long list of files, which I need to change the time stamp. -r--r--r-- 1 geo2 geovect 47096216 Feb 8 10:40 00000009.segd -r--r--r-- 1 geo2 geovect 47096216 Feb 8 10:40 00000010.segd -r--r--r-- 1 geo2 geovect 47096216 Feb ... (11 Replies)
Discussion started by: jiam912
11 Replies

7. Shell Programming and Scripting

How to get the Logs between two Time Stamps?

Hi, I have been working on the error Log script, where errors are pulled from server. I need to pull the data of the error logs between two dates & time, for example : 22/12/2014 20:00:00 22/12/2014 22:00:00 Whatever error have came during this duration. Now the question is the record... (6 Replies)
Discussion started by: amitgpta90
6 Replies

8. Windows & DOS: Issues & Discussions

Cygwin_openssh time stamps

I've installed cygwin_openssh on Windows 2012 R2 and it's working great. My issue is when a file is uploaded say from a different timezone, when it is uploaded, it doesnt pick up the sftp servers time.. Is there a way to fix that? i.e. When someone in PST uploads a file to this server in EST,... (0 Replies)
Discussion started by: MikeAdkins
0 Replies

9. UNIX for Advanced & Expert Users

Syslog-ng not working not collecting logs on rhel

Hi, I need help on syslog-ng on RHEL 7.2. It is working as expected. As per configuration, it is supposed to create authlog, messages and xymessages daily in respective folder of date. But I can see only messages file and that is also not updating well. # ps -ef | grep -i syslog root 22954... (1 Reply)
Discussion started by: solaris_1977
1 Replies

LEARN ABOUT MOJAVE

pcap-tstamp

PCAP-TSTAMP(7)						 Miscellaneous Information Manual					    PCAP-TSTAMP(7)

NAME

       pcap-tstamp - packet time stamps in libpcap

DESCRIPTION

       When  capturing traffic, each packet is given a time stamp representing, for incoming packets, the arrival time of the packet and, for out-
       going packets, the transmission time of the packet.  This time is an approximation of the arrival or transmission time.	If it is  supplied
       by the operating system running on the host on which the capture is being done, there are several reasons why it might not precisely repre-
       sent the arrival or transmission time:

	      if the time stamp is applied to the packet when the networking stack receives the packet, the networking stack  might  not  see  the
	      packet  until an interrupt is delivered for the packet or a timer event causes the networking device driver to poll for packets, and
	      the time stamp might not be applied until the packet has had some processing done by other code in the networking  stack,  so  there
	      might  be  a  significant delay between the time when the last bit of the packet is received by the capture device and when the net-
	      working stack time-stamps the packet;

	      the timer used to generate the time stamps might have low resolution, for example, it might be a timer updated once per host operat-
	      ing system timer tick, with the host operating system timer ticking once every few milliseconds;

	      a  high-resolution  timer might use a counter that runs at a rate dependent on the processor clock speed, and that clock speed might
	      be adjusted upwards or downwards over time and the timer might not be able to compensate for all those adjustments;

	      the host operating system's clock might be adjusted over time to match a time standard to which  the  host  is  being  synchronized,
	      which might be done by temporarily slowing down or speeding up the clock or by making a single adjustment;

	      different  CPU cores on a multi-core or multi-processor system might be running at different speeds, or might not have time counters
	      all synchronized, so packets time-stamped by different cores might not have consistent time stamps.

       In addition, packets time-stamped by different cores might be time-stamped in one order and added to the queue of packets  for  libpcap	to
       read in another order, so time stamps might not be monotonically increasing.

       Some  capture devices on some platforms can provide time stamps for packets; those time stamps are usually high-resolution time stamps, and
       are usually applied to the packet when the first or last bit of the packet arrives, and are thus more accurate than time stamps provided by
       the  host  operating  system.   Those  time stamps might not, however, be synchronized with the host operating system's clock, so that, for
       example, the time stamp of a packet might not correspond to the time stamp of an event on the host triggered by the arrival of that packet.

       Depending on the capture device and the software on the host, libpcap  might  allow  different  types  of  time	stamp  to  be  used.   The
       pcap_list_tstamp_types(3PCAP)  routine  provides,  for  a  packet  capture  handle  created  by pcap_create(3PCAP) but not yet activated by
       pcap_activate(3PCAP), a list of time stamp types supported by the capture device for that handle.  The list might be empty, in  which  case
       no  choice of time stamp type is offered for that capture device.  If the list is not empty, the pcap_set_tstamp_type(3PCAP) routine can be
       used after a pcap_create() call and before a pcap_activate() call to specify the type of time stamp to be used on  the  device.	 The  time
       stamp  types  are  listed  here;  the  first  value  is	the  #define  to  use  in  code,  the  second  value  is  the  value  returned	by
       pcap_tstamp_type_val_to_name() and accepted by pcap_tstamp_type_name_to_val().

	    PCAP_TSTAMP_HOST - host
		 Time stamp provided by the host on which the capture is being done.  The precision of this time stamp is unspecified; it might or
		 might not be synchronized with the host operating system's clock.

	    PCAP_TSTAMP_HOST_LOWPREC - host_lowprec
		 Time  stamp  provided	by the host on which the capture is being done.  This is a low-precision time stamp, synchronized with the
		 host operating system's clock.

	    PCAP_TSTAMP_HOST_HIPREC - host_hiprec
		 Time stamp provided by the host on which the capture is being done.  This is a high-precision time stamp; it might or	might  not
		 be synchronized with the host operating system's clock.  It might be more expensive to fetch than PCAP_TSTAMP_HOST_LOWPREC.

	    PCAP_TSTAMP_ADAPTER - adapter
		 Time stamp provided by the network adapter on which the capture is being done.  This is a high-precision time stamp, synchronized
		 with the host operating system's clock.

	    PCAP_TSTAMP_ADAPTER_UNSYNCED - adapter_unsynced
		 Time stamp provided by the network adapter on which the capture is being done.  This is a high-precision time stamp;  it  is  not
		 synchronized with the host operating system's clock.

       By  default, when performing a live capture or reading from a savefile, time stamps are supplied as seconds since January 1, 1970, 00:00:00
       UTC, and microseconds since that seconds value, even if higher-resolution time stamps are available from the capture device or in the save-
       file.   If,  when  reading  a savefile, the time stamps in the file have a higher resolution than one microsecond, the additional digits of
       resolution are discarded.

       The pcap_set_tstamp_precision(3PCAP) routine can be used after a pcap_create() call and after a pcap_activate() call to specify the resolu-
       tion  of  the  time  stamps  to	get  for  the  device.	 If  the  hardware  or	software cannot supply a higher-resolution time stamp, the
       pcap_set_tstamp_precision() call will fail, and the time stamps supplied after the pcap_activate() call will have microsecond resolution.

       When opening a savefile, the pcap_open_offline_with_tstamp_precision(3PCAP)  and  pcap_fopen_offline_with_tstamp_precision(3PCAP)  routines
       can  be used to specify the resolution of time stamps to be read from the file; if the time stamps in the file have a lower resolution, the
       fraction-of-a-second portion of the time stamps will be scaled to the specified resolution.

       The pcap_get_tstamp_precision(3PCAP) routine returns the resolution of time stamps that will be supplied; when capturing packets, this does
       not reflect the actual precision of the time stamp supplied by the hardware or operating system and, when reading a savefile, this does not
       indicate the actual precision of time stamps in the file.

SEE ALSO

       pcap_set_tstamp_type(3PCAP),   pcap_list_tstamp_types(3PCAP),   pcap_tstamp_type_val_to_name(3PCAP),   pcap_tstamp_type_name_to_val(3PCAP),
       pcap_set_tstamp_precision(3PCAP),      pcap_open_offline_with_tstamp_precision(3PCAP),	  pcap_fopen_offline_with_tstamp_precision(3PCAP),
       pcap_get_tstamp_precision(3PCAP)

								   8 March 2015 						    PCAP-TSTAMP(7)
All times are GMT -4. The time now is 05:26 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy